38c610102129be21d8d99ac92f3369c6650767ed513e5744c0cda54e68b33812

Sharing

Copy URL Twitter E-mail

General

Target

38c610102129be21d8d99ac92f3369c6650767ed513e5744c0cda54e68b33812
Size

1.9MB
MD5

4b4fd546be8d9f32fb852c000fcc24f7
SHA1

fd3bf4fb6ca878bce3e31344d048697560735555
SHA256

38c610102129be21d8d99ac92f3369c6650767ed513e5744c0cda54e68b33812
SHA512

002c15f3ac126303f1e6706fbab23e005a220008dd300fa297651485dfe536f4ec11139f62ccca207a5047f99ef9050e409a6b839fa6090ca2baa7a08958cf27
SSDEEP

49152:DaDeDTB6Dxdjy1rlfBYMwP6iC/RbrEVeCW:DaSDTEDOllfBK7C/Rbro

Score

1^/10

Malware Config

Signatures

Files

38c610102129be21d8d99ac92f3369c6650767ed513e5744c0cda54e68b33812
.dll windows x64

5dc9a62ead954b7ff430a4c40bb7caff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

activeds

ADsGetObject
ADsEnumerateNext
ADsFreeEnumerator
ADsBuildEnumerator
ADsGetObject
ADsEnumerateNext
ADsFreeEnumerator
ADsBuildEnumerator

advapi32

EnumDependentServicesA
OpenSCManagerA
CloseServiceHandle
AllocateAndInitializeSid
CheckTokenMembership
QueryServiceStatusEx
OpenServiceA
CryptGenRandom
CryptAcquireContextW
ControlService
LookupPrivilegeValueW
FreeSid
AdjustTokenPrivileges
CryptReleaseContext
GetWindowsAccountDomainSid
LookupAccountSidW
CreateWellKnownSid
DuplicateToken
GetTokenInformation
OpenProcessToken
EnumDependentServicesA
OpenSCManagerA
CloseServiceHandle
AllocateAndInitializeSid
CheckTokenMembership
QueryServiceStatusEx
OpenServiceA
CryptGenRandom
CryptAcquireContextW
ControlService
LookupPrivilegeValueW
FreeSid
AdjustTokenPrivileges
CryptReleaseContext
GetWindowsAccountDomainSid
LookupAccountSidW
CreateWellKnownSid
DuplicateToken
GetTokenInformation
OpenProcessToken

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
SelectObject
CreateSolidBrush
Rectangle
CreateFontW
SetBkMode
SetTextColor
DeleteDC
GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
SelectObject
CreateSolidBrush
Rectangle
CreateFontW
SetBkMode
SetTextColor
DeleteDC
GetDIBits

gpedit

CreateGPOLink
CreateGPOLink

iphlpapi

GetAdaptersInfo
GetAdaptersInfo

kernel32

GetSystemInfo
CreateIoCompletionPort
CreateThread
SetThreadPriority
ResumeThread
GetTickCount
GetFileAttributesW
Sleep
WaitForMultipleObjects
TerminateThread
DeleteFileW
SetFileAttributesW
ReadFile
SetFilePointerEx
lstrlen
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
FindFirstFileW
FindNextFileW
FindClose
QueryDosDeviceW
GetVolumePathNamesForVolumeNameW
SetVolumeMountPointW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
CreateProcessW
GetTempPathW
MultiByteToWideChar
FatalExit
GetSystemTime
GetVersionExW
GetComputerNameW
GetComputerNameExW
CreateDirectoryW
LeaveCriticalSection
GetFileSize
GetLocalTime
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetCommandLineW
CreateMutexW
AddVectoredExceptionHandler
PostQueuedCompletionStatus
InterlockedFlushSList
GetCurrentProcessId
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetACP
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
EnterCriticalSection
GetDiskFreeSpaceExW
InitializeCriticalSection
VirtualFree
VirtualAlloc
CreateEventW
HeapFree
GetProcessHeap
HeapAlloc
SetLastError
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
GetLastError
GetWindowsDirectoryW
GetModuleHandleW
GetProcAddress
EncodePointer
GetQueuedCompletionStatus
WriteFile
SetFilePointer
SetProcessShutdownParameters
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetEnvironmentVariableA
GetModuleFileNameW
TlsAlloc
TlsGetValue
TlsSetValue
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleW
CopyFileW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
TlsFree
GetSystemInfo
CreateIoCompletionPort
CreateThread
SetThreadPriority
ResumeThread
GetTickCount
GetFileAttributesW
Sleep
WaitForMultipleObjects
TerminateThread
DeleteFileW
SetFileAttributesW
ReadFile
SetFilePointerEx
lstrlen
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
FindFirstFileW
FindNextFileW
FindClose
QueryDosDeviceW
GetVolumePathNamesForVolumeNameW
SetVolumeMountPointW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
CreateProcessW
GetTempPathW
MultiByteToWideChar
FatalExit
GetSystemTime
GetVersionExW
GetComputerNameW
GetComputerNameExW
CreateDirectoryW
LeaveCriticalSection
GetFileSize
GetLocalTime
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetCommandLineW
CreateMutexW
AddVectoredExceptionHandler
PostQueuedCompletionStatus
InterlockedFlushSList
GetCurrentProcessId
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetACP
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
EnterCriticalSection
GetDiskFreeSpaceExW
InitializeCriticalSection
VirtualFree
VirtualAlloc
CreateEventW
HeapFree
GetProcessHeap
HeapAlloc
SetLastError
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
GetLastError
GetWindowsDirectoryW
GetModuleHandleW
GetProcAddress
EncodePointer
GetQueuedCompletionStatus
WriteFile
SetFilePointer
SetProcessShutdownParameters
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetEnvironmentVariableA
GetModuleFileNameW
TlsAlloc
TlsGetValue
TlsSetValue
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleW
CopyFileW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
TlsFree
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
FatalExit

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

netapi32

NetApiBufferFree
NetGetDCName
NetShareEnum
NetApiBufferFree
NetGetDCName
NetShareEnum

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString
SysFreeString
VariantClear
VariantInit
SysAllocString

shell32

SHEmptyRecycleBinA
ShellExecuteW
SHEmptyRecycleBinA
ShellExecuteW

shlwapi

PathFileExistsW
PathFileExistsW

user32

GetDesktopWindow
GetWindowRect
GetWindowDC
ReleaseDC
DrawTextW
SystemParametersInfoW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
RegisterHotKey
CreateDialogParamW
ShowWindow
GetDlgItem
GetDesktopWindow
GetWindowRect
GetWindowDC
ReleaseDC
DrawTextW
SystemParametersInfoW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
RegisterHotKey
CreateDialogParamW
ShowWindow
GetDlgItem

ws2_32

inet_addr
htons
socket
ioctlsocket
connect
select
__WSAFDIsSet
inet_ntoa
gethostbyname
closesocket
shutdown
WSAStartup
inet_addr
htons
socket
ioctlsocket
connect
select
__WSAFDIsSet
inet_ntoa
gethostbyname
closesocket
shutdown
WSAStartup

combase

StringFromGUID2
CoCreateGuid
CoUninitialize
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoUninitialize
CoCreateInstance

ole32

CoInitialize
CoInitialize

Sections

.text
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.v10
Size: 560KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.v11
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dc9a62ead954b7ff430a4c40bb7caff

Headers

DLL Characteristics

File Characteristics

Imports

activeds

advapi32

gdi32

gpedit

iphlpapi

kernel32

mpr

netapi32

oleaut32

shell32

shlwapi

user32

ws2_32

combase

ole32

Sections

.text Size: 376KB - Virtual size: 376KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 24KB - Virtual size: 24KB

.pdata Size: 12KB - Virtual size: 12KB

.v10 Size: 560KB - Virtual size: 560KB

.v11 Size: 824KB - Virtual size: 824KB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 22KB - Virtual size: 22KB

.text
Size: 376KB - Virtual size: 376KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 24KB - Virtual size: 24KB

.pdata
Size: 12KB - Virtual size: 12KB

.v10
Size: 560KB - Virtual size: 560KB

.v11
Size: 824KB - Virtual size: 824KB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 22KB - Virtual size: 22KB