4791e85efb12f44032e87781b4304c8f69d6dfeab28fcf4e48e5e6a31b1add59

General

Target

4791e85efb12f44032e87781b4304c8f69d6dfeab28fcf4e48e5e6a31b1add59
Size

839KB
MD5

4ef3ca820eabb204651e06690d2cf430
SHA1

87dbfe57f44f19d18bfd816e2f6d14aedbf59eeb
SHA256

4791e85efb12f44032e87781b4304c8f69d6dfeab28fcf4e48e5e6a31b1add59
SHA512

e4e817567c6f1c1e71dcf3eb1537bab6669645f00add283003b14f26765cc6bb0408a34027e710d9bf922b81f46ecd20953bfd2af9712e308457d3f50f46e9ad
SSDEEP

24576:f2fZLb0G9IckLVmxWfZ8+Ue00+OCdpRDvnEqE:f2RLtIfue00+RDET

Score

N/A

Malware Config

Signatures

Files

4791e85efb12f44032e87781b4304c8f69d6dfeab28fcf4e48e5e6a31b1add59
.exe windows x86

87c3e4e04a8224251fb191cdfcbca781

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetMailslotInfo
LCMapStringW
FillConsoleOutputAttribute
WriteConsoleOutputW
SetEvent
DuplicateHandle
Process32First
GetPrivateProfileIntA
HeapCompact
GetThreadContext
VirtualAlloc

advapi32

RegNotifyChangeKeyValue
RegOverridePredefKey
CopySid
RegEnumValueA
RegRestoreKeyW
GetSidSubAuthorityCount
SetKernelObjectSecurity
StartServiceCtrlDispatcherA
RegEnumKeyA
RegQueryValueExA
GetSidSubAuthority
GetKernelObjectSecurity

netapi32

NetValidateName
NetLocalGroupGetMembers
NetFileGetInfo
NetGetDCName
NetQueryDisplayInformation
NetShareDel
NetServerEnum
NetShareEnum
NetLocalGroupDel
NetUserDel

dnsapi

DnsNameCompareEx_W
DnsDhcpSrvRegisterInit
DnsQuery_W
DnsValidateName_W
DnsRecordListFree
DnsDhcpSrvRegisterTerm

wintrust

CryptCATAdminAcquireContext
CryptCATOpen
CryptCATClose
CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData
WintrustRemoveActionID
CryptCATGetCatAttrInfo

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xYqcuY
Size: 693KB - Virtual size: 1011KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87c3e4e04a8224251fb191cdfcbca781

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

netapi32

dnsapi

wintrust

Sections

.text Size: 42KB - Virtual size: 42KB

.xYqcuY Size: 693KB - Virtual size: 1011KB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 504B

.text
Size: 42KB - Virtual size: 42KB

.xYqcuY
Size: 693KB - Virtual size: 1011KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 504B