b60dfbda96d907ed2aa6bda8571ae6a6f30b48f6eb662e296c600904869f2d58

Sharing

Copy URL Twitter E-mail

General

Target

b60dfbda96d907ed2aa6bda8571ae6a6f30b48f6eb662e296c600904869f2d58
Size

820KB
MD5

fad57c93737e608939325ddd89444d40
SHA1

58407067689d006b8482376fd0e99c1ce6668dcd
SHA256

b60dfbda96d907ed2aa6bda8571ae6a6f30b48f6eb662e296c600904869f2d58
SHA512

97b0a1fffd9d98a4f806776fe173b8bf58a9183fb7efab8af2f592ca92197810c7471cc67293b1f21767517ee6545d6567ffaadb6556180cf4dfcbd76b5f33be
SSDEEP

24576:8rxT+DwVXZCoxLvKxCNniy02+s95hvQq:8rxiDACSLvuCNnjThIq

Score

N/A

Malware Config

Signatures

Files

b60dfbda96d907ed2aa6bda8571ae6a6f30b48f6eb662e296c600904869f2d58
.dll windows x86

b0bff126af863f7ff3336f78ab414c5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
swprintf_s
time
memcpy_s
sprintf_s
_ultow_s
_vsnprintf
_vsnwprintf
bsearch
_XcptFilter
malloc
free
_initterm
_amsg_exit
_except_handler4_common
memset

ntdll

RtlTimeToTimeFields
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlIntegerToUnicodeString
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlExpandHashTable
RtlContractHashTable
RtlDeleteHashTable
RtlEndEnumerationHashTable
RtlEnumerateEntryHashTable
RtlInitEnumerationHashTable
RtlGetNextEntryHashTable
RtlLookupEntryHashTable
RtlRemoveEntryHashTable
RtlInsertEntryHashTable
RtlCreateHashTable
EtwEventActivityIdControl
EtwEventUnregister
EtwEventRegister
RtlAllocateHeap
RtlValidRelativeSecurityDescriptor
EtwEventWrite
WinSqmEndSession
WinSqmStartSession
WinSqmSetDWORD
EtwEventEnabled
RtlCompareMemory
NtQueryInformationToken
RtlInitString
RtlNtStatusToDosError
RtlExtendedLargeIntegerDivide
RtlLengthSecurityDescriptor
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
RtlAdjustPrivilege
RtlInterlockedPopEntrySList
RtlInterlockedPushEntrySList
RtlInitializeSListHead

api-ms-win-security-base-l1-1-0

DuplicateToken
CreatePrivateObjectSecurityEx
MapGenericMask
EqualSid
ImpersonateLoggedOnUser
GetTokenInformation
GetLengthSid
ImpersonateAnonymousToken
CopySid
DestroyPrivateObjectSecurity
SetPrivateObjectSecurityEx
GetPrivateObjectSecurity
RevertToSelf

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

pcwum

PerfSetCounterSetInfo
PerfSetCounterRefValue
PerfSetULongCounterValue
PerfStartProvider
PerfCreateInstance
PerfStopProvider

ws2_32

WSASocketA
ntohs
htonl
ntohl
WSCEnumProtocols
closesocket
bind
setsockopt
WSASocketW
WSAEventSelect
WSAIoctl
WSAStartup
WSACleanup
WSAGetLastError
htons

rpcrt4

RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcGetAuthorizationContextForClient
RpcFreeAuthorizationContext
RpcRevertToSelf
RpcImpersonateClient
UuidCreate
RpcRaiseException
I_RpcExceptionFilter
MesEncodeDynBufferHandleCreate
MesDecodeBufferHandleCreate
NdrMesTypeEncode2
RpcBindingVectorFree
NdrMesTypeFree2
RpcStringFreeW
UuidToStringW
RpcServerInqCallAttributesW
MesHandleFree
RpcEpUnregister
NdrMesTypeDecode2
NdrAsyncServerCall
NdrServerCall2
RpcAsyncCompleteCall
RpcServerUnregisterIfEx

sspicli

QueryContextAttributesW
LsaFreeReturnBuffer
LsaLogonUser
FreeCredentialsHandle
InitializeSecurityContextW
AcceptSecurityContext
DeleteSecurityContext
AcquireCredentialsHandleW
EncryptMessage
DecryptMessage
LsaUnregisterPolicyChangeNotification
LsaRegisterPolicyChangeNotification
QuerySecurityPackageInfoW
QueryCredentialsAttributesW
FreeContextBuffer
QuerySecurityContextToken
LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess
LsaCallAuthenticationPackage
LsaRegisterLogonProcess

authz

AuthzInitializeResourceManager
AuthzAccessCheck
AuthzFreeResourceManager
AuthziFreeAuditEventType
AuthzFreeAuditEvent
AuthziLogAuditEvent
AuthziInitializeAuditEvent
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditEventType

fwpuclnt

FwpsLayerReleaseInProcReplica0
FwpsClassifyUser0
IPsecKeyModuleUpdateAcquire0
IPsecSaContextExpire0
FwpsQueryIPsecOffloadDone0
FwpsQueryIPsecDosFWUsed0
FwpmFilterDestroyEnumHandle0
FwpmFilterEnum0
FwpmFilterCreateEnumHandle0
FwpsLayerCreateInProcReplica0
FwpsOpenToken0
IPsecSaContextCreate1
FwpmProviderContextGetByKey1
FwpmEventProviderFireNetEvent0
FwpmEventProviderIsNetEventTypeEnabled0
IPsecSaContextGetSpi1
IPsecSaContextAddInbound1
IPsecSaContextAddOutbound1
IPsecSaContextUpdate0
FwpmFreeMemory0
FwpsAleExplicitCredentialsQuery0
IkeextGetConfigParameters0
FwpmEventProviderDestroy0
FwpmEngineClose0
IPsecKeyModuleDelete0
FwpmFilterUnsubscribeChanges0
FwpmProviderContextUnsubscribeChanges0
FwpmEngineOpen0
FwpmEventProviderCreate0
FwpmFilterSubscribeChanges0
FwpmProviderContextSubscribeChanges0
IPsecKeyModuleAdd0
FwpmFilterAdd0

nsi

NsiGetParameter
NsiSetParameter

msasn1

ASN1_Decode
ASN1_FreeDecoded
ASN1_CloseDecoder
ASN1_CloseModule
ASN1_CreateModule
ASN1Free
ASN1DecRealloc
ASN1_CreateDecoder
ASN1BERDecEndOfContents
ASN1BERDecPeekTag
ASN1DecSetError
ASN1BERDecExplicitTag
ASN1BERDecOpenType2
ASN1BERDecNotEndOfContents

kernel32

SetEvent
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
TrySubmitThreadpoolCallback
GetSystemTimeAsFileTime
CompareFileTime
GetCurrentProcess
DuplicateHandle
LocalFree
GetComputerNameExW
FormatMessageW
GetSystemTime
SystemTimeToFileTime
CreateEventW
RegisterWaitForSingleObject
UnregisterWaitEx
InterlockedCompareExchange64
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetTickCount
OutputDebugStringA
TlsSetValue
TlsGetValue
EncodePointer
TlsAlloc
GetCurrentThread
CreateThreadpoolWait
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
GetSystemInfo
LoadLibraryW
CloseHandle
TlsFree
CloseThreadpool
CloseThreadpoolWait
Sleep
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetLastError
OpenEventW
SetThreadPriority
VirtualProtect
DecodePointer
UnregisterWait
HeapCreate
HeapDestroy
HeapReAlloc
HeapAlloc
HeapFree
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
VirtualAlloc
InterlockedExchangeAdd
CreateEventA
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreW
CreateTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetProcAddress
DelayLoadFailureHook
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
CompareStringW
GetProcessHeap

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 561KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0bff126af863f7ff3336f78ab414c5e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

pcwum

ws2_32

rpcrt4

sspicli

authz

fwpuclnt

nsi

msasn1

kernel32

Exports

Exports

Sections

.text Size: 561KB - Virtual size: 560KB

.data Size: 74KB - Virtual size: 79KB

.rsrc Size: 163KB - Virtual size: 162KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 561KB - Virtual size: 560KB

.data
Size: 74KB - Virtual size: 79KB

.rsrc
Size: 163KB - Virtual size: 162KB

.reloc
Size: 20KB - Virtual size: 19KB