c2de187aa19f1dc628b37dd0a5c4aa7dd127ca6137d680e68b3ed57c86b41b01

Sharing

Copy URL Twitter E-mail

General

Target

c2de187aa19f1dc628b37dd0a5c4aa7dd127ca6137d680e68b3ed57c86b41b01
Size

328KB
MD5

72236b180705c859a5e5d1f140ec1f48
SHA1

b699aab4202938aa56847d32d35c37cf8a0cec13
SHA256

c2de187aa19f1dc628b37dd0a5c4aa7dd127ca6137d680e68b3ed57c86b41b01
SHA512

83d2a00d27e96a07e3ceec934e8c7b83fadea2a7102a109ad2f2695901d85d7d3df0552add01de053ddc3f787cae391cc8c775f3df62a4ee57c855ae65e687f4
SSDEEP

6144:vW7YqkY64dFW5+OOJ9fBYTzTA3ZdgwSCM0kBCZ3z:+7HkY64LIsL5ITCdn9M0kaj

Score

N/A

Malware Config

Signatures

Files

c2de187aa19f1dc628b37dd0a5c4aa7dd127ca6137d680e68b3ed57c86b41b01
.exe windows x86

39001bbeaebff5fb856a387187e69140

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_memfreeW
ldap_addA
ldap_search_stW
ldap_create_sort_controlW
ldap_controls_freeA
ldap_encode_sort_controlW
ldap_open
ldap_openA
ldap_unbind_s
ldap_rename_extA
ldap_modrdn
ldap_parse_resultW
ldap_sslinit
ldap_modify_ext_s
ldap_parse_reference
ldap_delete_s
ldap_extended_operation_sW
LdapUnicodeToUTF8
ber_next_element
ldap_value_freeW
ldap_get_dn
ldap_sasl_bindW
ldap_rename_extW
ldap_modify_sA
ldap_delete_ext_sW
ldap_compare_s
ldap_control_freeW
ldap_parse_referenceW
ldap_first_reference

msvcirt

??_Eostrstream@@UAEPAXI@Z
??0strstreambuf@@QAE@XZ
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
?sgetc@streambuf@@QAEHXZ
?read@istream@@QAEAAV1@PADH@Z
?setlock@ios@@QAAXXZ
??0filebuf@@QAE@ABV0@@Z
?sh_none@filebuf@@2HB
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
?ends@@YAAAVostream@@AAV1@@Z
??1istream@@UAE@XZ
??1exception@@UAE@XZ
??4ofstream@@QAEAAV0@ABV0@@Z
??5istream@@QAEAAV0@AAE@Z
?tellp@ostream@@QAEJXZ
?allocate@streambuf@@IAEHXZ
??_Efilebuf@@UAEPAXI@Z
?attach@filebuf@@QAEPAV1@H@Z
??4stdiobuf@@QAEAAV0@ABV0@@Z
??0ofstream@@QAE@PBDHH@Z
?unlock@streambuf@@QAEXXZ
??_8stdiostream@@7Bistream@@@
??_Gstdiobuf@@UAEPAXI@Z
??_Elogic_error@@UAEPAXI@Z
??1ofstream@@UAE@XZ
??_Gostream@@UAEPAXI@Z
?fd@fstream@@QBEHXZ
??0filebuf@@QAE@H@Z
??_7streambuf@@6B@
??_Estrstream@@UAEPAXI@Z
?sbumpc@streambuf@@QAEHXZ
??4istrstream@@QAEAAV0@ABV0@@Z
??0istream_withassign@@QAE@ABV0@@Z
??0ios@@IAE@XZ
?underflow@filebuf@@UAEHXZ
??0strstreambuf@@QAE@ABV0@@Z
?tellg@istream@@QAEJXZ
??4iostream@@IAEAAV0@AAV0@@Z
?setb@streambuf@@IAEXPAD0H@Z
?getline@istream@@QAEAAV1@PAEHD@Z
?getint@istream@@AAEHPAD@Z
?cin@@3Vistream_withassign@@A
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
??_Estdiobuf@@UAEPAXI@Z
?clrlock@streambuf@@QAEXXZ
??0ios@@QAE@PAVstreambuf@@@Z
?put@ostream@@QAEAAV1@C@Z
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
??_7ios@@6B@
??0istream_withassign@@QAE@XZ
??_Eistream_withassign@@UAEPAXI@Z
?bad@ios@@QBEHXZ

wmi

GetTraceEnableFlags
RemoveTraceCallback
ControlTraceA
WmiEnumerateGuids
RegisterTraceGuidsW
RegisterTraceGuidsA
OpenTraceW
EnableTrace
WmiExecuteMethodA

kernel32

WriteProfileSectionA
GetNumaHighestNodeNumber
PeekConsoleInputA
FindFirstChangeNotificationW
GlobalAlloc
RemoveDirectoryA
WriteProcessMemory
CancelIo
TryEnterCriticalSection
InitAtomTable
SetLastError
ShowConsoleCursor
SetConsoleNlsMode
GetSystemInfo
DebugActiveProcess
SetCommTimeouts
WaitForMultipleObjectsEx
LoadLibraryW
WriteConsoleW
GenerateConsoleCtrlEvent
OutputDebugStringW
DebugBreakProcess
InterlockedPopEntrySList
SetConsoleNumberOfCommandsA
_lwrite
GetCPInfo

mpr

WNetAddConnection2W
WNetSetConnectionA
WNetGetSearchDialog
WNetAddConnectionA
WNetPasswordChangeNotify
WNetSetLastErrorW
WNetGetDirectoryTypeW
WNetOpenEnumW
WNetGetPropertyTextW
MultinetGetConnectionPerformanceA
WNetGetConnection2A
WNetPropertyDialogA

msvcrt

_findnext64
fputwc
_ismbcl2
_inpw
__badioinfo
exit
__set_app_type
_wgetdcwd
_fgetwchar
_except_handler2
_resetstkoflw
_filbuf
_strdate
_ctype
_hypot
printf
__p__commode
wcscspn
_abnormal_termination
difftime
_wfsopen
__getmainargs
_wfindnext64
_strtoui64
__argv
_chkesp
vsprintf
??1exception@@UAE@XZ
__crtGetLocaleInfoW
??0exception@@QAE@XZ
??1bad_cast@@UAE@XZ
_ismbbkana
gmtime

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

39001bbeaebff5fb856a387187e69140

Headers

File Characteristics

Imports

wldap32

msvcirt

wmi

kernel32

mpr

msvcrt

Sections

.text Size: 184KB - Virtual size: 184KB

.rdata Size: 9KB - Virtual size: 19KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 22KB - Virtual size: 146KB

.rsrc Size: 51KB - Virtual size: 50KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 28KB - Virtual size: 27KB

.text
Size: 184KB - Virtual size: 184KB

.rdata
Size: 9KB - Virtual size: 19KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 22KB - Virtual size: 146KB

.rsrc
Size: 51KB - Virtual size: 50KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 28KB - Virtual size: 27KB