9820d92435e358779355e991ef2ca8634addcff76eed29454529e69832c807ea

Sharing

Copy URL Twitter E-mail

General

Target

9820d92435e358779355e991ef2ca8634addcff76eed29454529e69832c807ea
Size

255KB
MD5

702d4cf4ee7f8400926acdf080c15120
SHA1

3ddf3eb9519143addf973660f61f0f160bf48dfc
SHA256

9820d92435e358779355e991ef2ca8634addcff76eed29454529e69832c807ea
SHA512

800649f5ba9c9de87b2cb2cd3b44b990bb1fbe702c190b0d3d85cbd709167d56a637bb48bae372a59717dc8561879e01bd418de392da1ca5b035e7f253b6f117
SSDEEP

6144:Gkiyb05FxBEvT1Hsw8MWJIAaDIqEWZeO/S3UgAi/:3YXxWZsw8RJyDv4eSEgT

Score

N/A

Malware Config

Signatures

Files

9820d92435e358779355e991ef2ca8634addcff76eed29454529e69832c807ea
.exe windows x86

59f94bc6d41775e1d2c4d8ae129a5e5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_get_dnA
ber_scanf
ldap_parse_page_control
ldap_set_dbg_flags
ldap_compareW
ldap_delete
ldap_search_ext_sA
ldap_compareA
ldap_simple_bind_sA
ldap_parse_referenceA
ldap_modrdn
ldap_addA

crypt32

CryptCloseAsyncHandle
CryptSIPCreateIndirectData
CertSetCertificateContextProperty
CryptEncodeObjectEx
RegCreateHKCUKeyExU
I_CryptGetFileVersion
CertRemoveEnhancedKeyUsageIdentifier
PFXImportCertStore
RegOpenKeyExU
CertDuplicateCRLContext
CertEnumCertificatesInStore
CryptAcquireContextU
CertAddEncodedCertificateToStore
CertCompareIntegerBlob
CertCreateCRLContext
CryptMemAlloc
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CertSetCertificateContextPropertiesFromCTLEntry
I_CryptFindLruEntryData
CryptFindLocalizedName
CertUnregisterPhysicalStore
CryptSIPRemoveProvider
CertStrToNameW
CryptDecryptAndVerifyMessageSignature

msoert2

CreateTempFileStream
HrGetCertKeyUsage
CenterDialog
PszScanToWhiteA
DeleteTempFileOnShutdownEx
PszAllocA
IsPrint
PszFromANSIStreamA
strtrimW
UlStripWhitespaceW
FIsHTMLFile
HrIStreamToBSTR
FIsValidFileNameCharA
RicheditStreamOut
UpdateRebarBandColors
PVDecodeObject
HrCopyStreamCB
WriteStreamToFile
CreateSystemHandleName
HrGetStreamSize

mfcsubs

??4CPlex@@QAEAAU0@ABU0@@Z
?GetSize@CStringArray@@QBEHXZ
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
??4CString@@QAEABV0@PBE@Z
?GetBuffer@CString@@QAEPAGH@Z
?GetHashTableSize@CMapStringToPtr@@QBEIXZ
?FindOneOf@CString@@QBEHPBG@Z
?GetBufferSetLength@CString@@QAEPAGH@Z
??M@YG_NABVCString@@PBG@Z
??4CString@@QAEABV0@ABV0@@Z
?Add@CStringArray@@QAEHPBG@Z
??ACString@@QBEGH@Z
?Copy@CStringArray@@QAEXABV1@@Z
?SpanExcluding@CString@@QBE?AV1@PBG@Z
?Lock@CSyncObject@@UAEHK@Z
?AfxA2WHelper@@YGPAGPAGPBDH@Z
?LockBuffer@CString@@QAEPAGXZ
??M@YG_NPBGABVCString@@@Z
??0CString@@QAE@PBD@Z
??H@YG?AVCString@@GABV0@@Z
?Right@CString@@QBE?AV1@H@Z
?AfxExtractSubString@@YGHAAVCString@@PBGHG@Z
??8@YG_NPBGABVCString@@@Z
?SetSize@CStringArray@@QAEXHH@Z
?TrimRight@CString@@QAEXXZ
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?SafeStrlen@CString@@KGHPBG@Z
?RemoveAll@CStringArray@@QAEXXZ
?MakeReverse@CString@@QAEXXZ
??YCString@@QAEABV0@ABV0@@Z

odbcbcp

bcp_done
bcp_sendrow
SQLGetNextEnumeration
bcp_bind
SQLLinkedCatalogsA
bcp_getcolfmt
dbprtypeA
bcp_readfmtW
bcp_readfmtA
bcp_initW
dbprtypeW
LibMain
bcp_colfmt
bcp_collen
bcp_columns

ntdll

NtCreateMailslotFile
RtlCaptureStackBackTrace
ZwUnloadDriver
RtlExitUserThread
ZwReadVirtualMemory
RtlQueryTimeZoneInformation
NtMapViewOfSection
_CIcos
ZwOpenThreadTokenEx
RtlInsertElementGenericTable
NtReleaseMutant
RtlImageRvaToSection
ZwQueryKey
NtDeviceIoControlFile

kernel32

GetUserDefaultLCID
LoadLibraryW
FlushViewOfFile
GetConsoleAliasExesW
IsWow64Process
WritePrivateProfileSectionA
WaitForMultipleObjects
GetTickCount
UpdateResourceA
WritePrivateProfileSectionW
SetLastError
FindFirstChangeNotificationW
GetCommandLineW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59f94bc6d41775e1d2c4d8ae129a5e5c

Headers

File Characteristics

Imports

wldap32

crypt32

msoert2

mfcsubs

odbcbcp

ntdll

kernel32

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 145KB - Virtual size: 144KB

.data Size: 59KB - Virtual size: 59KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 145KB - Virtual size: 144KB

.data
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 3KB - Virtual size: 3KB