574f63774c406f8f7c5c1b7cd734575f68aababd2fc251e49e0314e099f114a7

Sharing

Copy URL Twitter E-mail

General

Target

574f63774c406f8f7c5c1b7cd734575f68aababd2fc251e49e0314e099f114a7
Size

913KB
MD5

a388193820b352adf206931db8558949
SHA1

30b012e70ff5b664a2c5a374f19c8dacb44709f0
SHA256

574f63774c406f8f7c5c1b7cd734575f68aababd2fc251e49e0314e099f114a7
SHA512

aa28d7372c16edb9b00406b169699837828fee7fff474afde87d9046d3d07a2307695c379aa8c596c06ba76edaa94f355ec620c8d44ea16cc216f60fe33814ca
SSDEEP

24576:zmYiVgfr41LI+I3ccXZFRsuImt6ePvHDCRwZ64:aRhI+/qZF63WPvHWRwZ3

Score

N/A

Malware Config

Signatures

Files

574f63774c406f8f7c5c1b7cd734575f68aababd2fc251e49e0314e099f114a7
.exe windows x86

e4ba49ce66c13c96190334803d02f66b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

netapi32

NetRegisterDomainNameChangeNotification
NetWkstaSetInfo
NetShareAdd
NetConnectionEnum
NetpIsRemote
NetGroupDel
NetShareSetInfo
NetStatisticsGet
NetShareEnum

advapi32

OpenBackupEventLogW
RegSetValueW
ImpersonateNamedPipeClient
BuildTrusteeWithObjectsAndSidW
IsTokenRestricted
QueryUsersOnEncryptedFile
AreAllAccessesGranted
InitializeAcl
RegDeleteValueA
TreeResetNamedSecurityInfoW
LookupAccountNameW
CreateRestrictedToken
RegCreateKeyExA
WmiOpenBlock
SetTokenInformation
RegQueryMultipleValuesA
SetKernelObjectSecurity
BuildTrusteeWithSidW
StartServiceCtrlDispatcherW
LsaQueryDomainInformationPolicy
AddAccessAllowedAce
AddAccessDeniedAceEx

dbghelp

SymRegisterCallback64
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
SymLoadModule64
ImageNtHeader
SymInitialize
ImageRvaToVa
SymCleanup
EnumerateLoadedModules
MakeSureDirectoryPathExists
SymUnloadModule64
SymSetOptions

kernel32

AllocConsole
GetFileAttributesW
GetPrivateProfileIntW
FindResourceExA
WaitForDebugEvent
GetLastError
GetModuleHandleA
GetModuleHandleW
SetFilePointerEx
CreateSemaphoreW
CreateTimerQueue
SetStdHandle
EndUpdateResourceA
OpenMutexA
CloseProfileUserMapping
WaitForMultipleObjectsEx
GetCurrencyFormatW
GetCurrentProcess
EnumResourceTypesA
MoveFileW
WriteProfileSectionW
VirtualAlloc
FindAtomA
ResetWriteWatch
Process32NextW
ReadProcessMemory

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 317KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 235KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 123KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 145KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4ba49ce66c13c96190334803d02f66b

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

advapi32

dbghelp

kernel32

Sections

.text Size: 90KB - Virtual size: 89KB

.itext Size: 317KB - Virtual size: 366KB

.data Size: 235KB - Virtual size: 292KB

.bss Size: 123KB - Virtual size: 259KB

.idata Size: 145KB - Virtual size: 265KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 90KB - Virtual size: 89KB

.itext
Size: 317KB - Virtual size: 366KB

.data
Size: 235KB - Virtual size: 292KB

.bss
Size: 123KB - Virtual size: 259KB

.idata
Size: 145KB - Virtual size: 265KB

.reloc
Size: 1KB - Virtual size: 1KB