c71abe050153791ba9bb09c176aafc8ee90e64c5373e79a44e1b0e8c3167f66f

Sharing

Copy URL Twitter E-mail

General

Target

c71abe050153791ba9bb09c176aafc8ee90e64c5373e79a44e1b0e8c3167f66f
Size

372KB
MD5

d82238be5d024dc8366c86e47665c7f0
SHA1

f8a67bfe73d8411088a81585b59e3399d0e995e8
SHA256

c71abe050153791ba9bb09c176aafc8ee90e64c5373e79a44e1b0e8c3167f66f
SHA512

918de6ecaabb160fa60d8a3384234cee7b376232f3a0e00990e57f28e53cde2f0a0ad291a25dc7c4b22ef74375eb3c97d2de99cc964f125d0d7c53ffbdb9a2ef
SSDEEP

6144:isuL/pQ/pTdTrYGnv7h2CtyyId2bjGD1G3ZsH3aGN6/cRYDFgVIwqKnu:iDL2TqGv7sC4yId2bQH3U+YFlwTnu

Score

N/A

Malware Config

Signatures

Files

c71abe050153791ba9bb09c176aafc8ee90e64c5373e79a44e1b0e8c3167f66f
.dll windows x86

2076c8f1e83d839d939b41302b5e33dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

BuildSecurityDescriptorA
CloseServiceHandle
ConvertStringSidToSidA
CryptDestroyKey
GetCurrentHwProfileA
GetTrusteeTypeW
LsaDeleteTrustedDomain
LsaRemoveAccountRights
RegCloseKey
RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExW
RegRestoreKeyA
RegisterServiceCtrlHandlerW
AddAccessAllowedAceEx
ConvertSidToStringSidW
CreateProcessAsUserA
CryptContextAddRef
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
GetMultipleTrusteeW
IsValidSid
LsaClose
LsaFreeMemory
LsaGetRemoteUserName
LsaQuerySecurityObject
OpenServiceW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueW
RegSetValueExW
SetEntriesInAuditListW
SystemFunction002
SystemFunction014
AddAccessAllowedAce
AddAccessDeniedAce
AllocateAndInitializeSid
ChangeServiceConfig2W
CreateProcessAsUserW
CreateServiceW
CryptSetKeyParam
DeleteAce
ElfOpenBackupEventLogA
EnumServicesStatusW
EqualSid
FreeSid
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorDacl
GetSecurityInfo
GetTokenInformation
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken
OpenThreadToken
RevertToSelf
SetSecurityDescriptorDacl
SetTokenInformation
ElfReportEventW

kernel32

VirtualAlloc
CreateDirectoryExW
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageW
GetCommTimeouts
GetComputerNameW
GetCurrentDirectoryW
GetCurrentProcess
GetDateFormatW
GetEnvironmentStringsA
GetExitCodeThread
GetProcessHeap
GetProfileIntA
GetSystemTimeAsFileTime
GetTimeFormatW
InitAtomTable
LoadLibraryExW
LocalFree
MapViewOfFileEx
PeekConsoleInputW
SetCommState
SetConsoleCursor
SetConsoleDisplayMode
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualQueryEx
WinExec
lstrcatA
GetLocalTime
InterlockedExchange
LocalAlloc
lstrcatW
lstrcpyW
lstrlenW
CloseHandle
CreateDirectoryW
CreateFileMappingW
CreateFileW
CreateMutexW
FileTimeToDosDateTime
FindResourceW
FreeLibrary
GetFileAttributesW
GetFileSize
GetProcessPriorityBoost
InterlockedDecrement
InterlockedIncrement
LocalCompact
LocalHandle
LocalUnlock
MapViewOfFile
MultiByteToWideChar
ReleaseMutex
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetFilePointer
UnmapViewOfFile
WaitForSingleObject
WriteFile
lstrcmpiW
lstrcpyn
lstrcpynW
AddConsoleAliasW
AssignProcessToJobObject
CancelIo
ConnectNamedPipe
CreateEventW
CreateIoCompletionPort
CreateJobObjectW
CreateNamedPipeW
DisconnectNamedPipe
DuplicateHandle
GetCPInfoExW
GetCurrentThread
GetModuleHandleW
GetQueuedCompletionStatus
GetSystemTime
OpenProcess
PostQueuedCompletionStatus
QueryDosDeviceA
ReadConsoleOutputW
ReadFile
RegisterWaitForSingleObject
SetLocaleInfoA
SetThreadLocale
SwitchToThread
SystemTimeToFileTime
TerminateJobObject
VirtualProtect
WriteConsoleOutputW
OpenMutexW
OutputDebugStringA
IsBadReadPtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
RemoveDirectoryA
HeapFree
HeapAlloc
GetTimeZoneInformation
GetCommandLineA
GetVersion
VirtualFree
HeapReAlloc
IsBadWritePtr
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
Sleep
LockFile
UnlockFile
CreateThread
ExitThread
RtlUnwind
RaiseException
HeapSize
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetCurrentProcessId
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
CreateFileA
WriteConsoleA
CreatePipe
GetExitCodeProcess
GetProcAddress
GetFileAttributesA
CreateProcessA
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
LoadLibraryA
FlushFileBuffers
IsBadCodePtr
SetEnvironmentVariableA
CreateProcessW
GetLocaleInfoW
SetEnvironmentVariableW

Exports

Exports

NHQG

Sections

.text
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2076c8f1e83d839d939b41302b5e33dd

Headers

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 272KB - Virtual size: 270KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 32KB - Virtual size: 43KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 272KB - Virtual size: 270KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 32KB - Virtual size: 43KB

.reloc
Size: 16KB - Virtual size: 12KB