ea5b34b1868543d340e3d560765bdc93c9e52b9a19a13896c5df0f111a920baa

Sharing

Copy URL

Twitter E-mail

General

Target

ea5b34b1868543d340e3d560765bdc93c9e52b9a19a13896c5df0f111a920baa
Size

191KB
MD5

7f41abf9f347d45bd528679b82ec3cc8
SHA1

656fbbbac2d3dcf30f476b630c40b939378444ae
SHA256

ea5b34b1868543d340e3d560765bdc93c9e52b9a19a13896c5df0f111a920baa
SHA512

e32d275a0777a3096aada178b0fbb516b0332bdef30012bf309a7f858d21c7a9c4c2ba603deb1351bd195debca2d848cbf2ed05c4ed225d70bd73d6a4532a927

Score

N/A

Malware Config

Signatures

Files

ea5b34b1868543d340e3d560765bdc93c9e52b9a19a13896c5df0f111a920baa
.dll windows x86

cad2dcb0a225de0f2058f49537875a3d

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetFileSize
SetEndOfFile
Sleep
CreateSemaphoreA
ReadFile
GetSystemDirectoryA
GetLocalTime
GetModuleFileNameA
VirtualProtect
GetFileTime
DeleteCriticalSection
CloseHandle
GetCurrentProcessId
WriteConsoleW
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
FlushFileBuffers
OutputDebugStringW
GetStringTypeW
HeapReAlloc
LoadLibraryExW
GetModuleFileNameW
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetTimeZoneInformation
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
CreateFileW

mswsock

GetServiceA
SetServiceA
GetAddressByNameA

comsvcs

MTSCreateActivity

ntdsapi

DsQuoteRdnValueA
DsListDomainsInSiteA
DsListServersForDomainInSiteA
DsMakePasswordCredentialsA
DsGetDomainControllerInfoA
DsListRolesA
DsIsMangledRdnValueA
DsIsMangledDnA
DsFreeSchemaGuidMapA
DsListServersInSiteA
DsListSitesA
DsMakeSpnA
DsListInfoForServerA
DsInheritSecurityIdentityA
DsGetSpnA
DsFreeSpnArrayA
DsMapSchemaGuidsA

Exports

Exports

Spelltone

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cad2dcb0a225de0f2058f49537875a3d

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mswsock

comsvcs

ntdsapi

Exports

Exports

Sections

.text Size: 138KB - Virtual size: 138KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 5KB - Virtual size: 69KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 138KB - Virtual size: 138KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 5KB - Virtual size: 69KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB