d7aa89dfb933a06f79e9f34039e10daffe6abce43a9edb81c172a55203d24abf

Sharing

Copy URL Twitter E-mail

General

Target

d7aa89dfb933a06f79e9f34039e10daffe6abce43a9edb81c172a55203d24abf
Size

382KB
MD5

f3b70eb938fc5bc9339018ccf130f104
SHA1

83c7effa3795800682a47b71f668fda8b7c740bf
SHA256

d7aa89dfb933a06f79e9f34039e10daffe6abce43a9edb81c172a55203d24abf
SHA512

691e5637a98ae5d08aa92b1d712e017ff098cb057f62313243a6e9f365e9c6e927d238bfbd6dd25ed42e0eb82e1b6a0650024ceb6c8e6225306b7938a96c228e
SSDEEP

6144:zPJEr1CsmiJtkPY2Hs7zJNaN2Prh+Brz+4/+NjbyTWPIocbTyQjgkLtAu0C50:z2hCsmyeY2s7zJNaN2Pd+BrzAdCWPrcB

Score

N/A

Malware Config

Signatures

Files

d7aa89dfb933a06f79e9f34039e10daffe6abce43a9edb81c172a55203d24abf
.exe windows x86

67d2664d989154f323dc21bbaee06d53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

free
_initterm
malloc
_adjust_fdiv
_ultoa
_wcsicmp
qsort
wcscat
wcstoul
wcsspn
_wcsnicmp
_vsnprintf
strrchr
_strnicmp
strchr
_strcmpi
sscanf
wcslen
wcscpy
_stricmp
wcsrchr
sprintf
swprintf
wcscmp
_except_handler3

ntdll

RtlEqualSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQueryInformationToken
RtlDeleteTimerQueue
RtlCompareMemory
RtlInitializeResource
RtlDeleteResource
NtClose
RtlAcquireResourceExclusive
NtOpenThreadToken
RtlDeleteCriticalSection
RtlAcquireResourceShared
RtlReleaseResource
RtlFreeUnicodeString
RtlInitUnicodeString
RtlCopyLuid
RtlAnsiStringToUnicodeString
RtlEqualUnicodeString
RtlEnterCriticalSection
RtlLengthSid
NtOpenProcessToken
RtlConvertSharedToExclusive
RtlCreateTimer
RtlCreateTimerQueue
RtlRegisterWait
RtlIntegerToUnicodeString
RtlInitializeCriticalSection
RtlEraseUnicodeString
NtAllocateLocallyUniqueId
RtlRunDecodeUnicodeString
RtlUpcaseUnicodeString
NtWaitForSingleObject
NtOpenEvent
NtCreateEvent
RtlSystemTimeToLocalTime
RtlDowncaseUnicodeString
RtlVerifyVersionInfo
VerSetConditionMask
RtlSubAuthoritySid
RtlCopySid
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlInitializeSid
RtlCopyUnicodeString
NtQuerySystemInformation
RtlConvertSidToUnicodeString
RtlAppendUnicodeStringToString
RtlTimeFieldsToTime
RtlTimeToTimeFields
RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlNtStatusToDosError
RtlUniform
NtQuerySystemTime
RtlOemStringToUnicodeString
DbgPrint
RtlLeaveCriticalSection
RtlEqualDomainName
RtlPrefixUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlValidSid
RtlFreeSid
RtlAllocateAndInitializeSid
NtDuplicateObject
RtlCompareUnicodeString
RtlDeregisterWait

cryptdll

MD5Update
CDLocateCheckSum
CDGenerateRandomBits
CDFindCommonCSystemWithKey
CDBuildIntegrityVect
MD5Final
MD5Init
CDLocateCSystem

msasn1

ASN1BEREncOpenType
ASN1BEREncObjectIdentifier
ASN1BERDecOpenType2
ASN1BERDecObjectIdentifier
ASN1objectidentifier_free
ASN1BERDecBitString
ASN1bitstring_free
ASN1DecSetError
ASN1BEREncBool
ASN1BERDecBool
ASN1BEREncSX
ASN1BERDecSXVal
ASN1charstring_free
ASN1BERDecCharString
ASN1BERDecU32Val
ASN1BEREncU32
ASN1BERDecGeneralizedTime
ASN1ztcharstring_free
ASN1BERDecZeroCharString
ASN1octetstring_free
ASN1BERDecOctetString
ASN1Free
ASN1BERDecExplicitTag
ASN1BERDecNotEndOfContents
ASN1BERDecPeekTag
ASN1DecAlloc
ASN1BERDecS32Val
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BEREncS32
ASN1BEREncEndOfContents
ASN1_CreateModule
ASN1BEREncOctetString
ASN1BEREncBitString
ASN1BEREncCharString
ASN1CEREncGeneralizedTime
ASN1intx_setuint32
ASN1intx_free
ASN1_FreeDecoded
ASN1_Decode
ASN1_Encode
ASN1_FreeEncoded
ASN1_CloseEncoder
ASN1_CloseDecoder
ASN1_CreateEncoder
ASN1_CreateDecoder
ASN1intxisuint32
ASN1intx2uint32
ASN1intx2int32

kernel32

RaiseException
lstrlenW
FormatMessageW
lstrcmpiA
lstrlenA
GetModuleHandleA
OutputDebugStringA
GetLocalTime
WriteFile
DebugBreak
DeleteCriticalSection
LoadLibraryW
GetSystemInfo
OpenFileMappingW
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingW
InitializeCriticalSection
EnterCriticalSection
CreateFileW
LeaveCriticalSection
GetModuleFileNameA
GetProfileStringA
CreateFileA
VirtualAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
InterlockedExchangeAdd
GetACP
WideCharToMultiByte
UnregisterWait
RegisterWaitForSingleObjectEx
OpenEventW
SetEvent
LoadLibraryA
GetProcAddress
FreeLibrary
GetComputerNameW
GetComputerNameExW
Sleep
GetLastError
MultiByteToWideChar
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
FileTimeToSystemTime
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
CreateEventW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
GetCurrentProcessId
LocalAlloc
lstrcmpW
LocalFree
CloseHandle
GetSystemTimeAsFileTime

advapi32

AllocateAndInitializeSid
LookupAccountSidW
FreeSid
OpenThreadToken
SetThreadToken
RevertToSelf
RegQueryInfoKeyW
RegConnectRegistryW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
OpenProcessToken
GetTokenInformation
RegDeleteValueW
RegSetValueExW
CryptReleaseContext
CryptGetProvParam
CryptSetProvParam
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
CloseServiceHandle
RegisterTraceGuidsW
GetTraceLoggerHandle
SystemFunction006
RegOpenKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
TraceEvent
SystemFunction007

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
FreeContextBuffer

user32

wsprintfW
CharLowerBuffW

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 229KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67d2664d989154f323dc21bbaee06d53

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

cryptdll

msasn1

kernel32

advapi32

secur32

user32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 229KB - Virtual size: 235KB

.bss Size: - Virtual size: 49KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 229KB - Virtual size: 235KB

.bss
Size: - Virtual size: 49KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 6KB - Virtual size: 5KB