84bca883d1e9a9f3c8541ef5349b36d9e862543c2e80a87c16caead3fc8e3384

Sharing

Copy URL Twitter E-mail

General

Target

84bca883d1e9a9f3c8541ef5349b36d9e862543c2e80a87c16caead3fc8e3384
Size

892KB
MD5

760e4231e7057418fec58b01abc2e02c
SHA1

c7654cd232274655e710ad056db4a9a273e804e6
SHA256

84bca883d1e9a9f3c8541ef5349b36d9e862543c2e80a87c16caead3fc8e3384
SHA512

980ee329eecc30c46db2a268bde763b7a11daa5f29c8d4c729b8cdeb308a7ec40084d8797eef3f80a1090e8a98f1051caa39f72dace648446bf287ee930d2634
SSDEEP

12288:uPKj3IkUufJOlHFHK0bikFKqu46PBcyMUsSKfCZFP2F3D9ap3t2Zf9AiUszB:uP83bahtWkQquLMvSKqZmD8Yf7U6B

Score

1^/10

Malware Config

Signatures

Files

84bca883d1e9a9f3c8541ef5349b36d9e862543c2e80a87c16caead3fc8e3384
.exe windows x86

bb9e5a039ad6f7cc7bbc7aee41f446b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

uactmon

ord101
ord8
ord7
ord4
ord52
ord30
ord50
ord21
ord20
ord2
ord1
ord112
ord111
ord110
ord3
ord84
ord42
ord40
ord71
ord70
ord83
ord82
ord81
ord5

usysdiag

vif_assist_get
vif_get
vif_iokit_get
vif_sysutils_get

behavior

ord2
ord5
ord6
ord1

jansson

json_pack
json_array
json_unpack
json_object_set_new
json_integer
json_array_append_new
json_delete
json_object_iter_value
json_object_key_to_iter
json_object_iter_next
json_object_iter
json_object_iter_key
json_object_size
json_false
json_true
json_pack_ex
json_string_value
json_integer_value
json_object
json_deep_copy
json_string
json_object_get
json_array_get
json_array_size

libxsse

ord30
ord10

scenter

ord5
ord11
ord1
ord10
ord2
ord6

kernel32

ExitProcess
LoadLibraryW
GetCurrentThreadId
WriteProcessMemory
GetCurrentProcessId
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
CreateDirectoryW
GetLastError
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
GetLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileW
ReadFile
CloseHandle
LocalAlloc
OpenMutexW
CreateMutexW
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
OutputDebugStringW
UnmapViewOfFile
WaitForSingleObject
ReleaseMutex
GetTickCount
CreateEventW
SetEvent
GetFileAttributesA
InterlockedExchange
GetLongPathNameW
GetCurrentProcess
InterlockedDecrement
OpenProcess
Sleep
GetWindowsDirectoryW
InterlockedIncrement
GetModuleHandleA
GetProcAddress
VirtualProtect
GetNativeSystemInfo
GetPrivateProfileStringW
LoadLibraryA
GetVersionExW
DeviceIoControl
GetDriveTypeW
QueryDosDeviceW
CreateThread
TerminateThread
GetLogicalDrives
SetErrorMode
GetVolumeInformationW
GetDiskFreeSpaceExW
GetEnvironmentVariableW
CreateMutexA
SetCurrentDirectoryW
ProcessIdToSessionId
CreateProcessW
ResetEvent
GetModuleFileNameA
SetThreadExecutionState
SetFileAttributesW
SetProcessWorkingSetSize
GetSystemDirectoryA
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
ResumeThread
GetSystemDirectoryW
GetDriveTypeA
SetFileAttributesA
DeleteFileA
WaitForMultipleObjects
SetEnvironmentVariableW
WriteFile
RemoveDirectoryW
ReadConsoleW
WaitForSingleObjectEx
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetLastError
RtlUnwind
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
SetFilePointerEx
WriteConsoleW
SetEndOfFile
LocalFree

user32

CloseDesktop
OpenWindowStationA
GetWindowRect
EnumDesktopWindows
GetParent
EnumWindowStationsA
GetWindowThreadProcessId
UnregisterDeviceNotification
IsWindowVisible
CloseWindowStation
OpenDesktopA
EnumDesktopsA

advapi32

ChangeServiceConfigW
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegDeleteValueW
StartServiceCtrlDispatcherW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegQueryValueExA
RegCreateKeyExA
RegSetKeySecurity
RegSetValueExW
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
OpenProcessToken
ConvertSidToStringSidW
GetTokenInformation
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
QueryServiceStatusEx
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegNotifyChangeKeyValue
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
RegEnumKeyW

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitializeEx

hipsdb

ord3
ord8
ord13
ord1
ord11
ord10
ord9

hrcomm

CreateLPCServer

shlwapi

PathFileExistsW
PathFileExistsA

iphlpapi

SetTcpEntry

ws2_32

htons

setupapi

SetupDiOpenDeviceInterfaceW
CM_Get_DevNode_Registry_PropertyW
CM_Get_Parent
CM_Get_DevNode_Status
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Request_Device_EjectW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

crypt32

CryptQueryObject
CertCloseStore
CryptMsgClose
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertFreeCertificateContext

Sections

.text
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 410KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb9e5a039ad6f7cc7bbc7aee41f446b6

Headers

DLL Characteristics

File Characteristics

Imports

uactmon

usysdiag

behavior

jansson

libxsse

scenter

kernel32

user32

advapi32

shell32

ole32

hipsdb

hrcomm

shlwapi

iphlpapi

ws2_32

setupapi

userenv

wtsapi32

crypt32

Sections

.text Size: 354KB - Virtual size: 354KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 10KB - Virtual size: 38KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 324B

.rsrc Size: 410KB - Virtual size: 412KB

.reloc Size: 27KB - Virtual size: 30KB

.text
Size: 354KB - Virtual size: 354KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 10KB - Virtual size: 38KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 324B

.rsrc
Size: 410KB - Virtual size: 412KB

.reloc
Size: 27KB - Virtual size: 30KB