8da2eb12dd723ae2d7f64349987cf863e047612c406d475fdb5ae04cd5b0d234

Sharing

Copy URL Twitter E-mail

General

Target

8da2eb12dd723ae2d7f64349987cf863e047612c406d475fdb5ae04cd5b0d234
Size

255KB
MD5

69f812961bc7c859736e6802b2cf37e0
SHA1

d6b3efdada2cdcbda4daaa1f765afcf5c092b3af
SHA256

8da2eb12dd723ae2d7f64349987cf863e047612c406d475fdb5ae04cd5b0d234
SHA512

310db2a44aaa9d2573b5b8416012210c4846d34c5a71f1f3c3fbc8bffec2bdcdeef218dc3a7acf7d8dca88798711a7a939bcea70179753f9fdd70c628a3da121
SSDEEP

6144:Gkiyb05FxBEvT1Hsw8MWJIAaDIqEWZeO/S3UgAij:3YXxWZsw8RJyDv4eSEg/

Score

N/A

Malware Config

Signatures

Files

8da2eb12dd723ae2d7f64349987cf863e047612c406d475fdb5ae04cd5b0d234
.exe windows x86

59f94bc6d41775e1d2c4d8ae129a5e5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_get_dnA
ber_scanf
ldap_parse_page_control
ldap_set_dbg_flags
ldap_compareW
ldap_delete
ldap_search_ext_sA
ldap_compareA
ldap_simple_bind_sA
ldap_parse_referenceA
ldap_modrdn
ldap_addA

crypt32

CryptCloseAsyncHandle
CryptSIPCreateIndirectData
CertSetCertificateContextProperty
CryptEncodeObjectEx
RegCreateHKCUKeyExU
I_CryptGetFileVersion
CertRemoveEnhancedKeyUsageIdentifier
PFXImportCertStore
RegOpenKeyExU
CertDuplicateCRLContext
CertEnumCertificatesInStore
CryptAcquireContextU
CertAddEncodedCertificateToStore
CertCompareIntegerBlob
CertCreateCRLContext
CryptMemAlloc
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CertSetCertificateContextPropertiesFromCTLEntry
I_CryptFindLruEntryData
CryptFindLocalizedName
CertUnregisterPhysicalStore
CryptSIPRemoveProvider
CertStrToNameW
CryptDecryptAndVerifyMessageSignature

msoert2

CreateTempFileStream
HrGetCertKeyUsage
CenterDialog
PszScanToWhiteA
DeleteTempFileOnShutdownEx
PszAllocA
IsPrint
PszFromANSIStreamA
strtrimW
UlStripWhitespaceW
FIsHTMLFile
HrIStreamToBSTR
FIsValidFileNameCharA
RicheditStreamOut
UpdateRebarBandColors
PVDecodeObject
HrCopyStreamCB
WriteStreamToFile
CreateSystemHandleName
HrGetStreamSize

mfcsubs

??4CPlex@@QAEAAU0@ABU0@@Z
?GetSize@CStringArray@@QBEHXZ
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
??4CString@@QAEABV0@PBE@Z
?GetBuffer@CString@@QAEPAGH@Z
?GetHashTableSize@CMapStringToPtr@@QBEIXZ
?FindOneOf@CString@@QBEHPBG@Z
?GetBufferSetLength@CString@@QAEPAGH@Z
??M@YG_NABVCString@@PBG@Z
??4CString@@QAEABV0@ABV0@@Z
?Add@CStringArray@@QAEHPBG@Z
??ACString@@QBEGH@Z
?Copy@CStringArray@@QAEXABV1@@Z
?SpanExcluding@CString@@QBE?AV1@PBG@Z
?Lock@CSyncObject@@UAEHK@Z
?AfxA2WHelper@@YGPAGPAGPBDH@Z
?LockBuffer@CString@@QAEPAGXZ
??M@YG_NPBGABVCString@@@Z
??0CString@@QAE@PBD@Z
??H@YG?AVCString@@GABV0@@Z
?Right@CString@@QBE?AV1@H@Z
?AfxExtractSubString@@YGHAAVCString@@PBGHG@Z
??8@YG_NPBGABVCString@@@Z
?SetSize@CStringArray@@QAEXHH@Z
?TrimRight@CString@@QAEXXZ
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?SafeStrlen@CString@@KGHPBG@Z
?RemoveAll@CStringArray@@QAEXXZ
?MakeReverse@CString@@QAEXXZ
??YCString@@QAEABV0@ABV0@@Z

odbcbcp

bcp_done
bcp_sendrow
SQLGetNextEnumeration
bcp_bind
SQLLinkedCatalogsA
bcp_getcolfmt
dbprtypeA
bcp_readfmtW
bcp_readfmtA
bcp_initW
dbprtypeW
LibMain
bcp_colfmt
bcp_collen
bcp_columns

ntdll

NtCreateMailslotFile
RtlCaptureStackBackTrace
ZwUnloadDriver
RtlExitUserThread
ZwReadVirtualMemory
RtlQueryTimeZoneInformation
NtMapViewOfSection
_CIcos
ZwOpenThreadTokenEx
RtlInsertElementGenericTable
NtReleaseMutant
RtlImageRvaToSection
ZwQueryKey
NtDeviceIoControlFile

kernel32

GetUserDefaultLCID
LoadLibraryW
FlushViewOfFile
GetConsoleAliasExesW
IsWow64Process
WritePrivateProfileSectionA
WaitForMultipleObjects
GetTickCount
UpdateResourceA
WritePrivateProfileSectionW
SetLastError
FindFirstChangeNotificationW
GetCommandLineW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59f94bc6d41775e1d2c4d8ae129a5e5c

Headers

File Characteristics

Imports

wldap32

crypt32

msoert2

mfcsubs

odbcbcp

ntdll

kernel32

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 145KB - Virtual size: 144KB

.data Size: 59KB - Virtual size: 59KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 145KB - Virtual size: 144KB

.data
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 3KB - Virtual size: 3KB