735a6bc5ff6f82d778c667ebe7402d7a1ca51cf9c4a692b1bf344a2e408cb63d

Sharing

Copy URL Twitter E-mail

General

Target

735a6bc5ff6f82d778c667ebe7402d7a1ca51cf9c4a692b1bf344a2e408cb63d
Size

1011KB
MD5

fb6d9757259e62fb33163bb575875f44
SHA1

1c3202ead6afa1a1ae6272a3aca9f29f20710327
SHA256

735a6bc5ff6f82d778c667ebe7402d7a1ca51cf9c4a692b1bf344a2e408cb63d
SHA512

38a0f013122780c1104e65c0d616cc91bd89cc4100fd59b6b502c906ac5bcf5fa548c9118457a004aacabba82b06f45afd03b562c4af74221148a46be8de36c2
SSDEEP

24576:Hgwyir4VBWpj9D6zFeV1Fe178hOMt09zH:A26BWSeV1I178hw

Score

N/A

Malware Config

Signatures

Files

735a6bc5ff6f82d778c667ebe7402d7a1ca51cf9c4a692b1bf344a2e408cb63d
.exe windows x86

ec765363776f797a5fd60f12addcd8f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetEnvironmentVariableA
GetCommandLineW
CreateProcessInternalA
CancelIo
FileTimeToLocalFileTime
PulseEvent
LoadResource
VirtualAlloc
GlobalFlags
DuplicateHandle
GetLastError
CreateFileMappingW
SwitchToThread
WriteConsoleOutputA
SetErrorMode
ConnectNamedPipe
MapViewOfFile
GetProfileIntW
IsBadCodePtr
FlushFileBuffers
HeapSize
CommConfigDialogA
GlobalMemoryStatusEx
Thread32First
SetConsoleMaximumWindowSize
CreateJobObjectA
lstrcmpiW

advapi32

StartTraceW
BuildExplicitAccessWithNameA
InitializeSecurityDescriptor
ChangeServiceConfigW
SetEntriesInAclW
SetSecurityDescriptorOwner
CryptGetUserKey
AddAuditAccessAceEx
OpenServiceW
RegOpenUserClassesRoot
GetSecurityDescriptorOwner
RegCreateKeyExW
AddAccessDeniedAce
IsValidSecurityDescriptor
GetNamedSecurityInfoA

dnsapi

DnsQuery_W
DnsModifyRecordsInSet_UTF8
DnsNameCompare_W
DnsRecordListFree
DnsValidateName_W
DnsNotifyResolver
DnsQuery_UTF8
DnsDhcpSrvRegisterTerm
DnsStatusString
DnsValidateName_UTF8
DnsNameCompareEx_W
DnsDhcpSrvRegisterInit
DnsQueryConfig
DnsReplaceRecordSetUTF8

rtutils

TraceRegisterExW
RouterLogEventStringW
RouterLogRegisterA
TraceVprintfExA
RouterLogDeregisterA
MprSetupProtocolEnum
TraceDeregisterW
TracePrintfExW
TraceRegisterExA
TraceDeregisterA
MprSetupProtocolFree
TraceDumpExA
TracePrintfA
RouterLogRegisterW
LogEventW
LogEventA
TracePutsExA

msvcrt

raise
iswxdigit
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__pioinfo
memcpy
rand
_CIlog
iswalnum
_mbscspn
_ftime
_ismbblead
frexp
_wfindnext
_Gettnames
_chdir
__mb_cur_max
_getcwd
_exit
wcstol

ole32

CLSIDFromProgID
CoRevertToSelf
GetErrorInfo
CreateDataAdviseHolder
CoMarshalInterface
GetHGlobalFromILockBytes
HPALETTE_UserFree
CreateILockBytesOnHGlobal
IsEqualGUID
CreateStreamOnHGlobal
StringFromCLSID
WriteClassStm
GetClassFile
CoInitializeEx
SetErrorInfo
CoGetInterfaceAndReleaseStream
MkParseDisplayName
StgCreateDocfile
CreateItemMoniker
MonikerCommonPrefixWith
OleQueryCreateFromData
OleGetClipboard
StringFromGUID2
CLIPFORMAT_UserSize
CoGetObjectContext

winsta

ServerLicensingGetPolicy
WinStationDisconnect
WinStationOpenServerW
WinStationFreeMemory
WinStationNameFromLogonIdW
WinStationConnectW
WinStationReset
LogonIdFromWinStationNameW
ServerLicensingGetAvailablePolicyIds
ServerLicensingClose
ServerLicensingSetPolicy
WinStationEnumerateW
WinStationGetAllProcesses
WinStationCloseServer
WinStationFreeGAPMemory
ServerLicensingOpenW
WinStationQueryInformationW
WinStationEnumerateProcesses

crypt32

CryptDecodeMessage

Sections

.data
Size: 1024B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 314B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 429B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 51KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 411KB - Virtual size: 537KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 150KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec765363776f797a5fd60f12addcd8f9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

dnsapi

rtutils

msvcrt

ole32

winsta

crypt32

Sections

.data Size: 1024B - Virtual size: 337B

.rdata Size: 1024B - Virtual size: 314B

.idata Size: 1024B - Virtual size: 429B

.text Size: 51KB - Virtual size: 418KB

.rdata Size: 182KB - Virtual size: 262KB

.data Size: 411KB - Virtual size: 537KB

.idata Size: 150KB - Virtual size: 307KB

.rsrc Size: 212KB - Virtual size: 211KB

.reloc Size: 1024B - Virtual size: 368B

.data
Size: 1024B - Virtual size: 337B

.rdata
Size: 1024B - Virtual size: 314B

.idata
Size: 1024B - Virtual size: 429B

.text
Size: 51KB - Virtual size: 418KB

.rdata
Size: 182KB - Virtual size: 262KB

.data
Size: 411KB - Virtual size: 537KB

.idata
Size: 150KB - Virtual size: 307KB

.rsrc
Size: 212KB - Virtual size: 211KB

.reloc
Size: 1024B - Virtual size: 368B