c4c3dd2b2b3a32f49fdd3270d5277c5eeccfbfbac5adecadca390599f9b92dea

Sharing

Copy URL Twitter E-mail

General

Target

c4c3dd2b2b3a32f49fdd3270d5277c5eeccfbfbac5adecadca390599f9b92dea
Size

835KB
MD5

0437c32c3fdf6688e26e41fba98939ba
SHA1

5df219c1db477f0288e568ecf721c7643506da03
SHA256

c4c3dd2b2b3a32f49fdd3270d5277c5eeccfbfbac5adecadca390599f9b92dea
SHA512

b812ccb708639c87b707ed12d0fa0889ec55d10ff771663a58ecaf7421bb6094e9662786e350471065f29e08a37a966db637dae12cc809848a90a5393b9555ca
SSDEEP

12288:K4ZBPboOPbLr50c+woCa0o67jaeU5FYct6iaC0KjksGgqHcqZgDBC6dTSjBKYchO:KeXoJ7sxU5CO6oNqHFWw6dZYchv7

Score

N/A

Malware Config

Signatures

Files

c4c3dd2b2b3a32f49fdd3270d5277c5eeccfbfbac5adecadca390599f9b92dea
.exe windows x86

063c6167e553a6390b48738bf68bf364

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_search_extA
ldap_modify_ext_sA
ldap_modrdn_sA
ldap_count_values_len
ldap_memfree
ldap_search_ext_s
ldap_delete_ext_s
ldap_deleteW
ldap_ufn2dn
ldap_modifyW
ldap_first_entry
ldap_free_controlsA
ldap_msgfree
ldap_rename_extA
ldap_start_tls_sA
ldap_extended_operationW
ldap_simple_bind_sA
ldap_explode_dnW
ldap_dn2ufnA
ldap_create_page_controlW
ldap_add_ext_s
ldap_startup
ldap_sasl_bindA

mpr

WNetSetConnectionW
WNetCancelConnection2A
WNetGetResourceParentA
WNetAddConnection2A
WNetConnectionDialog1W
WNetGetResourceParentW
WNetSetLastErrorW
WNetGetProviderNameA
WNetCancelConnectionW

kernel32

GetLocaleInfoA
DebugSetProcessKillOnExit
GetModuleHandleW
GetOverlappedResult
SetTermsrvAppInstallMode
_lwrite
GetFullPathNameA
LockFile
CreateJobObjectW
IsBadReadPtr
SetConsoleScreenBufferSize
GetFileTime
GetCurrentThread
GetVersionExA
FoldStringW
InitializeCriticalSection
GetTickCount
SetDefaultCommConfigW
FindVolumeMountPointClose
RemoveDirectoryA
LoadLibraryW
WriteConsoleInputVDMW
VirtualProtectEx
FindFirstVolumeMountPointW
SetMessageWaitingIndicator
RegisterWaitForSingleObject
RegisterConsoleOS2
ReadConsoleW
RegisterConsoleIME
GetNumberOfConsoleInputEvents
TerminateThread
QueryPerformanceCounter
ReadConsoleOutputW
GetFileType

user32

DeferWindowPos
GetMenuState
MapVirtualKeyA
GetParent
InSendMessageEx
IntersectRect
ShowOwnedPopups
GetSystemMenu
GetTabbedTextExtentA
CharNextA
EnumDesktopsA
SendMessageA
GetDesktopWindow
CreateAcceleratorTableA
LockWorkStation
LoadCursorFromFileA
WCSToMBEx
DragDetect
DrawAnimatedRects
GetWindowTextLengthW
DispatchMessageW
HideCaret
GetRawInputData
EnableScrollBar
KillTimer
SwitchToThisWindow
GetDC

wintrust

CryptCATAdminPauseServiceForBackup
SoftpubLoadMessage
CryptSIPGetSignedDataMsg
CryptCATPutCatAttrInfo
SoftpubDllRegisterServer
CryptCATAdminAcquireContext
GenericChainFinalProv
SoftpubFreeDefUsageCallData
HTTPSFinalProv
CryptCATCDFClose
WVTAsn1SpcSigInfoEncode
AddPersonalTrustDBPages
WinVerifyTrust
WTHelperGetFileName
CryptCATAdminRemoveCatalog
OpenPersonalTrustDBDialog
CryptCATGetMemberInfo
SoftpubLoadDefUsageCallData
WVTAsn1SpcSpAgencyInfoDecode
WVTAsn1SpcLinkDecode
CryptCATOpen

ntdll

RtlUpcaseUnicodeString
RtlUpcaseUnicodeChar
RtlTraceDatabaseCreate
ZwEnumerateSystemEnvironmentValuesEx
RtlInitializeSListHead
RtlSizeHeap
NtUnlockFile
ZwMapViewOfSection
NtOpenKey
sprintf
RtlSetThreadIsCritical
RtlInitializeGenericTable
RtlNewSecurityObject
NtQueryMutant
RtlFlushSecureMemoryCache
LdrLoadAlternateResourceModule
LdrAddRefDll
NtOpenSemaphore
NtOpenTimer
RtlSetCriticalSectionSpinCount
ZwQueryInformationAtom
RtlEnumerateGenericTableLikeADirectory
__isascii
ZwLoadKey2
NtLockRegistryKey
RtlReleaseActivationContext
PfxRemovePrefix
NtRaiseException
NlsMbOemCodePageTag
NtIsProcessInJob
ZwTerminateProcess
NtAllocateUuids
wcsrchr
ZwContinue
RtlLockHeap

sqlunirl

_CreatePropertySheetPage_@4
_LookupAccountSid_@28
_CreateService_@52
_trename
_RegQueryValueEx_@24
_FindAtom_@4
_MessageBoxEx_@20
_GetClipboardFormatName_@12
_GetCharWidthFloat_@16
_GetAtomName_@12
_DispatchMessage_@4
_ExtractIconEx_@20

Sections

.text
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

063c6167e553a6390b48738bf68bf364

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

mpr

kernel32

user32

wintrust

ntdll

sqlunirl

Sections

.text Size: 417KB - Virtual size: 416KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 197KB - Virtual size: 1.5MB

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 1024B - Virtual size: 920B

.text
Size: 417KB - Virtual size: 416KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 197KB - Virtual size: 1.5MB

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 1024B - Virtual size: 920B