d7336ffffd5aaeb9286c3b658830805ce4650d907f4b567a36e484dad7bdab49

Sharing

Copy URL Twitter E-mail

General

Target

d7336ffffd5aaeb9286c3b658830805ce4650d907f4b567a36e484dad7bdab49
Size

237KB
MD5

a2254197c96b24064d46bd901ac792c0
SHA1

c8c9e0c1ab5f1df92cd67de7be3e39f568231cb9
SHA256

d7336ffffd5aaeb9286c3b658830805ce4650d907f4b567a36e484dad7bdab49
SHA512

87a4d19c27587490a8bc06e37dd64ae3ad59e0c9d0cbb0a364f5cd58e17fc8bc610cbedb9c2ee8a7742334e9f805c799cd86fb202f0480643be81a723ab362a6
SSDEEP

6144:yDOPrm9PmlxHgCzYFKmiPvq8ZONxq/AqJ79rUqrywpk:F/lxACzWKXANFgRywpk

Score

N/A

Malware Config

Signatures

Files

d7336ffffd5aaeb9286c3b658830805ce4650d907f4b567a36e484dad7bdab49
.exe windows x86

c429342b6ce1c6485466a808b582f81f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProfileIntA
EnumResourceTypesA
OpenJobObjectW
GetTimeZoneInformation
OpenFileMappingW
GetExpandedNameA
SetConsoleCP
IsBadStringPtrW
SetUserGeoID
WaitForSingleObjectEx
SetLastError
LoadLibraryW
BackupWrite
LocalFileTimeToFileTime
SystemTimeToFileTime
AddAtomA
InterlockedFlushSList
TransmitCommChar
ChangeTimerQueueTimer
GetLocaleInfoW
FindFirstFileW
GetDefaultCommConfigA
GetFileTime
SetUnhandledExceptionFilter
LocalFlags
FindNextChangeNotification

wldap32

ldap_add_ext_sW
ldap_open
ldap_add_extA
ldap_get_values_len
ber_bvfree
ldap_free_controls
ldap_simple_bindA
ber_alloc_t
ldap_create_vlv_controlW
ldap_add
ldap_next_attributeW
ldap_get_next_page
ldap_sasl_bind_sW
ldap_search
ldap_extended_operationA
ber_bvdup
ldap_bind_s
ldap_modrdn_sW
ldap_simple_bind_s
LdapGetLastError
ldap_compare
ldap_addA
ldap_free_controlsW
ldap_addW
ldap_dn2ufnA
ldap_searchA
ldap_modify

ifsutil

?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?QueryPageSize@IFS_SYSTEM@@SGKXZ
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0@Z
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Add@NUMBER_SET@@QAEEPBV1@@Z
??1CANNED_SECURITY@@UAE@XZ
??0INTSTACK@@QAE@XZ
?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?Initialize@INTSTACK@@QAEEXZ
?ChkDsk@VOL_LIODPDRV@@QAEEW4FIX_LEVEL@@PAVMESSAGE@@KKGPAKPBVWSTRING@@@Z
?ReverseCopy@INTSTACK@@QAEEPAV1@@Z
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
??0SECRUN@@QAE@XZ
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??1SUPERAREA@@UAE@XZ

sqlunirl

_BroadcastSystemMessage_@20
_lstrcat_@8
_DefMDIChildProc_@16
_GetTextMetrics@8
_SetDlgItemText@12
_NDdeShareSetInfo_@24
_WritePrivateProfileStruct_@20
_lstrcmp_@8
_CommConfigDialog_@12
_InsertMenu_@20
_BuildCommDCBAndTimeouts_@12
_GetFullPathName_@16
_PrivilegedServiceAuditAlarm_@20
_GetPrivateProfileString_@24
_GetProfileInt_@12
__hwrite_@12
_LookupAccountName_@28
_SHGetFileInfo_@20
_SHBrowseForFolder_@4
_UpdateResource_@24
_GetCharWidth_@16
_GetClipboardFormatName_@12
_DrawState_@40
_ObjectPrivilegeAuditAlarm_@24
_SetCurrentDirectory_@4

msdart

??0CSpinLock@@QAE@XZ
?WriteUnlock@CSpinLock@@QAEXXZ
?ReadUnlock@CLKRHashTable@@QBEXXZ
??4CSingleList@@QAEAAV0@ABV0@@Z
?SetSpinCount@CSpinLock@@QAE_NG@Z
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?ReadLock@CFakeLock@@QAEXXZ
?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
MpHeapDestroy
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
?ReadOrWriteLock@CCritSec@@QAE_NXZ
?_TryReadLock@CReaderWriterLock@@AAE_NXZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
mpRealloc
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?IsWinNT4@CMdVersionInfo@@SAHXZ
?TryWriteLock@CSmallSpinLock@@QAE_NXZ
?IsWriteLocked@CFakeLock@@QBE_NXZ
??1CLKRLinearHashTable@@QAE@XZ
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
MpHeapReAlloc
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
?IsUnlocked@CLockedSingleList@@QBE_NXZ
MpHeapAlloc
?SetDefaultSpinAdjustmentFactor@CSpinLock@@SGXN@Z

shlwapi

SHDeleteEmptyKeyW
StrFormatKBSizeW
StrIsIntlEqualA
PathMakeSystemFolderW
PathUnmakeSystemFolderW
SHStrDupW
ColorAdjustLuma
SHRegisterValidateTemplate
SHRegSetUSValueW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c429342b6ce1c6485466a808b582f81f

Headers

File Characteristics

Imports

kernel32

wldap32

ifsutil

sqlunirl

msdart

shlwapi

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 59KB - Virtual size: 58KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 59KB - Virtual size: 58KB

.rsrc
Size: 3KB - Virtual size: 2KB