633016bd8e5527e12b16f4bcfcfa02faa35c9037bea38be3c45f16662ac31d57

Sharing

Copy URL Twitter E-mail

General

Target

633016bd8e5527e12b16f4bcfcfa02faa35c9037bea38be3c45f16662ac31d57
Size

135KB
MD5

6ac56592883611ac3b806fdec96adce1
SHA1

b9ad7fdf18144ffbb9d883808c5478cedb19a302
SHA256

633016bd8e5527e12b16f4bcfcfa02faa35c9037bea38be3c45f16662ac31d57
SHA512

10705f41d726b0a0fe417b1065ca718b55e0b2b077f4f37f255a58ab17a5c85c537c46c602620453c0ea4c79f2e964ebcaf8e9ae558d16587da836f3b2855ece
SSDEEP

3072:O0N+1xfWYt/Gi40xz47oNCV65WZbf2s6IR8mBXQWstE7GxK2N:fN+je+/GuzIos6MZys5lNbysGQG

Score

N/A

Malware Config

Signatures

Files

633016bd8e5527e12b16f4bcfcfa02faa35c9037bea38be3c45f16662ac31d57
.exe windows x86

ecb48ec46b3593bf9e93ce59030649e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwSetInformationDebugObject
RtlComputeCrc32
RtlConvertLongToLargeInteger
ZwClose
qsort
ZwAddBootEntry
__iscsym
ZwGetWriteWatch
wcsncpy
ZwSaveKey
NtWaitForDebugEvent
ZwQueryInformationThread
RtlNewSecurityObjectWithMultipleInheritance
RtlIsActivationContextActive
RtlInsertElementGenericTable
RtlAddAccessDeniedAce
RtlFreeSid
PfxInsertPrefix
RtlIpv6AddressToStringA
RtlRandom
ZwSetVolumeInformationFile
LdrAddRefDll
RtlIsGenericTableEmpty
ZwSetSystemTime
NtCancelTimer
RtlCutoverTimeToSystemTime
RtlFindClearRuns
RtlOemStringToUnicodeString
NtSetLowEventPair
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
ZwWriteFile
NtAccessCheckByTypeAndAuditAlarm
RtlUnicodeStringToOemString
_snwprintf
RtlUpcaseUnicodeStringToAnsiString
RtlQueryEnvironmentVariable_U
ZwQueryVolumeInformationFile
RtlIpv6StringToAddressW
ZwReplyWaitReplyPort
NtSetSystemEnvironmentValueEx
ZwDebugActiveProcess
_i64toa
RtlAllocateHandle
NtMapUserPhysicalPagesScatter
RtlFindMostSignificantBit
wcschr
RtlFindLeastSignificantBit
ZwSetInformationFile
RtlActivateActivationContextUnsafeFast
RtlUnicodeStringToAnsiSize
RtlWriteRegistryValue
NtSetBootEntryOrder
ZwSetSystemInformation
ZwDeleteKey
ZwNotifyChangeDirectoryFile
RtlZombifyActivationContext
NtOpenProcessTokenEx
RtlGetLengthWithoutTrailingPathSeperators

netapi32

DsMergeForestTrustInformationW
NetServerDiskEnum
DsAddressToSiteNamesA
I_NetServerPasswordGet
NetpAssertFailed
NetErrorLogWrite
NetRemoteTOD
NetServerTransportDel
NetLocalGroupEnum
I_NetServerGetTrustInfo
DsValidateSubnetNameW
NetServerTransportEnum
NetLocalGroupGetInfo
NetUserGetLocalGroups
NetWkstaTransportDel
DsRoleDnsNameToFlatName
I_BrowserQueryOtherDomains
NetGroupEnum
NetServiceInstall
I_NetServerAuthenticate3
I_NetLogonControl2
DsAddressToSiteNamesW
DsGetDcSiteCoverageW
NetMessageNameAdd
NetUnjoinDomain
NetErrorLogRead
NetReplImportDirAdd
I_NetDatabaseRedo
NetReplExportDirDel
NetRemoveAlternateComputerName
NlBindingAddServerToCache
DsGetDcOpenW
NetReplImportDirDel
NetGetAnyDCName
NetUserSetGroups

wow32

WOWFreeMetafile
WOWDirectedYield16
WOWCallback16Ex
WOWGlobalUnlockFree16
W32Dispatch
CopyDropFilesFrom32
WOWGlobalAlloc16
GetCommHandle
WOWUseMciavi16
GetCommShadowMSR
WOWGlobalAllocLock16
WOWGetVDMPointer
WOWGetVDMPointerFix
WOWGlobalLock16
WOW32DriverCallback
WOWYield16
W32Init
WOW32ResolveMemory
W32HungAppNotifyThread
CopyDropFilesFrom16
WOWHandle32
WOWGetVDMPointerUnfix
WOWCallback16
WOWGlobalUnlock16
WOWGlobalLockSize16
WOWHandle16
WOWGlobalFree16
WOW32ResolveHandle

adsldpc

ADsGetNextRow
LdapSearch
LdapReadAttribute
LdapModDnS
AdsTypeFreeAdsObjects
ReadPagingSupportedAttr
BuildADsPathFromParent
ReallocADsMem
SchemaOpen
LdapAddExtS
ADSIOpenDSObject
ADsFreeColumn
LdapCacheAddRef
ReallocADsStr
ADSICloseDSObject
ADSIGetNextColumnName
LdapReadAttributeFast
BuildADsParentPathFromObjectInfo2
ADsCloseSearchHandle
LdapParseResult
LdapReadAttribute2
ADsDeleteDSObject
BuildADsPathFromLDAPPath2
ADSIGetPreviousRow
?SetExclaimnationDisabler@CLexer@@QAEXH@Z
PathName
ReadServerSupportsIsADControl
??1CLexer@@QAE@XZ
LdapValueFreeLen
LdapResult
GetDomainDNSNameForDomain
ADsAbandonSearch
LdapCompareExt
LdapGetSyntaxOfAttributeOnServer
ADSICloseSearchHandle
LdapControlsFree
AdsTypeToLdapTypeCopyGeneralizedTime
ReadSecurityDescriptorControlType
LdapSearchAbandonPage

kernel32

GetWindowsDirectoryW
GetPrivateProfileSectionNamesA
SetDefaultCommConfigA
GetProcessAffinityMask
SetFileApisToANSI
OutputDebugStringW
GetProcessTimes
GetACP
GetDriveTypeW
GetPrivateProfileIntW
EnumDateFormatsA
AreFileApisANSI
GetVolumeInformationA
TransactNamedPipe
ResetEvent
DisconnectNamedPipe
DeleteFileA
GetTickCount
AddConsoleAliasW
GlobalLock
SetThreadPriority
LocalAlloc
GlobalAlloc
GetCommandLineA
_hread
SetConsoleOS2OemFormat
DeleteAtom
FillConsoleOutputCharacterA
MoveFileWithProgressA
VirtualFree
IsProcessorFeaturePresent
DuplicateConsoleHandle
Heap32First
VirtualAllocEx
Thread32Next
GetCompressedFileSizeW
GetLongPathNameW
LZOpenFileW
HeapUnlock
SetConsoleCursor
VirtualAlloc
LoadLibraryA
GetStartupInfoW
LocalFileTimeToFileTime
TermsrvAppInstallMode
SetComputerNameExA
MapUserPhysicalPagesScatter
DnsHostnameToComputerNameW

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecb48ec46b3593bf9e93ce59030649e1

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

netapi32

wow32

adsldpc

kernel32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 15KB - Virtual size: 169KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 332B

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 15KB - Virtual size: 169KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 332B