243d628da704e15427f1743bac1e588ec8124097ff96f68d30033a0f9351b347

Sharing

Copy URL Twitter E-mail

General

Target

243d628da704e15427f1743bac1e588ec8124097ff96f68d30033a0f9351b347
Size

893KB
MD5

b2a67095c802997d39ece39934351669
SHA1

864d4da233d15380d21f79dc7eefdb43e71c8fbe
SHA256

243d628da704e15427f1743bac1e588ec8124097ff96f68d30033a0f9351b347
SHA512

d7fc647ac5329571e6d78af577e7b1d172fe24eb13ff3a40af6ccb86a4ea69acd057a67caed027beaf48e2dddecb7a6adf948a0daabb49cee94f404de194af9b
SSDEEP

24576:UCgFtBc4o52Ce66kZq62FgIAgfMk89sX0j1ClC:UPty4vCQA+hAgfMh9sX0j1B

Score

N/A

Malware Config

Signatures

Files

243d628da704e15427f1743bac1e588ec8124097ff96f68d30033a0f9351b347
.exe windows x86

cc470ccbf1f6b4cb16068abb500d2a17

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetSidIdentifierAuthority
LsaClose
AddAccessDeniedObjectAce
DeregisterEventSource
RegSetValueExA
WmiQuerySingleInstanceW
SystemFunction011
ControlService
GetLengthSid
AddUsersToEncryptedFile
GetAce
AreAnyAccessesGranted
GetSidSubAuthorityCount
RegSetValueA

winmm

midiOutCacheDrumPatches
midiStreamRestart
midiOutGetDevCapsW
waveOutGetDevCapsA
timeSetEvent
waveInOpen
mciSetDriverData
waveInGetPosition
timeGetDevCaps
waveOutOpen
waveOutMessage
waveOutGetID

dnsapi

DnsNameCompareEx_W
DnsReplaceRecordSetUTF8
DnsQuery_UTF8
DnsDhcpSrvRegisterInit
DnsQueryConfig
DnsStatusString
DnsDhcpSrvRegisterTerm
DnsValidateName_UTF8
DnsNameCompare_W

kernel32

GetModuleHandleW
WriteConsoleInputW
CommConfigDialogA
SetCommBreak
SetEnvironmentVariableW
GetProcessTimes
VirtualFree
GetComputerNameExW
VirtualAlloc
SetConsoleMode
LoadLibraryW
HeapSetInformation

netapi32

NetUserGetLocalGroups
NetUserSetInfo
NetpwNameValidate
DsRoleGetPrimaryDomainInformation
NetLocalGroupGetMembers
NetShareGetInfo
DsEnumerateDomainTrustsW
NetStatisticsGet
NetJoinDomain
NetGroupDelUser
NetGroupAddUser
NetDfsSetInfo
NetApiBufferAllocate
NetWkstaUserGetInfo
NetDfsSetClientInfo

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 384KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 123KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc470ccbf1f6b4cb16068abb500d2a17

Headers

File Characteristics

Imports

advapi32

winmm

dnsapi

kernel32

netapi32

Sections

.text Size: 18KB - Virtual size: 18KB

CONST Size: 384KB - Virtual size: 505KB

.rdata Size: 123KB - Virtual size: 228KB

.data Size: 224KB - Virtual size: 442KB

.rsrc Size: 140KB - Virtual size: 140KB

.reloc Size: 512B - Virtual size: 192B

.text
Size: 18KB - Virtual size: 18KB

CONST
Size: 384KB - Virtual size: 505KB

.rdata
Size: 123KB - Virtual size: 228KB

.data
Size: 224KB - Virtual size: 442KB

.rsrc
Size: 140KB - Virtual size: 140KB

.reloc
Size: 512B - Virtual size: 192B