ea68fbc21cddee3b835fac911b0bcabdfbbd172c60ffe46143af259688d61d1e

Sharing

Copy URL

Twitter E-mail

General

Target

ea68fbc21cddee3b835fac911b0bcabdfbbd172c60ffe46143af259688d61d1e
Size

849KB
MD5

00f21b9934ae43af08c796806acd2309
SHA1

7590b519fc3edef6641af8b838d6bca4799e1250
SHA256

ea68fbc21cddee3b835fac911b0bcabdfbbd172c60ffe46143af259688d61d1e
SHA512

0e7d4069a6f39528f56083db922ae31b15144d86797361fbf2bb48cc6790c4006b4ee1a76db96ff2b04cb265d3695a52e8ce1c39ff0aa1db2ca2da36627eda36
SSDEEP

12288:TPO6sBTtibk4TfMRrU6WZ5uTA4OYNLyh/I8UlGVdcyIDbou7yOQrahHD95dpmqOp:TPcBT74TkRqIA2NE/SlXxDaaxZ5mf/

Score

N/A

Malware Config

Signatures

Files

ea68fbc21cddee3b835fac911b0bcabdfbbd172c60ffe46143af259688d61d1e
.exe windows x86

e3b92869f2c5db47209f48bb87308adc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_dn2ufn
ldap_value_freeW
ldap_modrdnA
ldap_free_controlsW
ldap_delete_sA
ldap_conn_from_msg
ldap_connect
ldap_ufn2dnA
ldap_unbind_s
ldap_modify_sW
ldap_search_ext_sW
ldap_err2stringW
ldap_ufn2dnW
ldap_extended_operationW
ldap_bindW
ldap_sslinitA
ldap_sasl_bind_sW
ldap_get_next_page_s
ldap_search

kernel32

FindResourceExW
GetPrivateProfileIntA
SetTermsrvAppInstallMode
WriteConsoleW
VirtualAlloc
WriteConsoleInputVDMW
GetCPInfoExW
IsValidCodePage
SetConsoleInputExeNameA
LoadLibraryA
InitializeCriticalSection
ReadConsoleW
LocalSize
GetConsoleDisplayMode
WriteConsoleInputA
IsDBCSLeadByte
ReadConsoleInputW
DeleteVolumeMountPointA
SetCommMask
Beep
GetStdHandle
GetModuleFileNameW

winscard

SCardGetProviderIdA
SCardState
SCardRemoveReaderFromGroupA
SCardListReadersA
g_rgSCardT0Pci
SCardIntroduceCardTypeW
SCardReconnect
SCardAccessStartedEvent
SCardListReadersW
ClassInstall32
SCardForgetReaderGroupA
SCardEndTransaction
SCardConnectW
SCardForgetCardTypeA
SCardGetProviderIdW
SCardConnectA

mapi32

FBinFromHex@8
FBadRowSet@4
HrDecomposeMsgID@24
RTFSync
HrGetOmiProvidersFlags
MAPIReadMail
ScInitMapiUtil@4
MAPIAddress
OpenTnefStreamEx
FBadColumnSet@4
FPropExists@8
HrAddColumnsEx@20
FPropCompareProp@12
MAPIOpenLocalFormContainer@4
CreateIProp@24

Sections

.text
Size: 734KB - Virtual size: 734KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3b92869f2c5db47209f48bb87308adc

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

kernel32

winscard

mapi32

Sections

.text Size: 734KB - Virtual size: 734KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 3KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 734KB - Virtual size: 734KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 3KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB