ebdc99cd06b0954f994294fdc71b1cd25d504bc577d260d164c594275539540e

Sharing

Copy URL Twitter E-mail

General

Target

ebdc99cd06b0954f994294fdc71b1cd25d504bc577d260d164c594275539540e
Size

275KB
MD5

96c952411d6c716493e8df47b93bc024
SHA1

a738d384448de97bfded38737d4b491289c39b5d
SHA256

ebdc99cd06b0954f994294fdc71b1cd25d504bc577d260d164c594275539540e
SHA512

6f722812b2f93aff69d63134e424378e210aa1803e594a6f8938a55bf2ce6ac648f23fd465710ae773dec9d1290b8f8c0a78eb89b9f47cebf5c738ce4c36420f
SSDEEP

6144:c+9zfQMYksDj3GCVqR7fp2Xs/JdAHzc4gy+sKrqpYXzaOufyPXQ:HRYMYksPgHAHzc4IMYXzPFPg

Score

N/A

Malware Config

Signatures

Files

ebdc99cd06b0954f994294fdc71b1cd25d504bc577d260d164c594275539540e
.exe windows x86

c46de8d74f77d13682a5835ae30ab29c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsGetDomainControllerInfoW
DsBindWithCredW
DsFreeSpnArrayA
DsIsMangledRdnValueA
DsReplicaSyncA
DsReplicaAddA
DsaopBind
DsQuoteRdnValueW

sqlsrv32

BCP_exec
SQLStatisticsW
SQLSpecialColumnsW
SQLBindParameter
SQLCloseCursor
BCP_sendrow
SQLFreeHandle
SQLTablesW
SQLConnectW
SQLColumnPrivilegesW
SQLSetScrollOptions
BCP_batch
BCP_bind
SQLGetConnectAttrW

oleaut32

VarParseNumFromStr
VarBoolFromCy
VarDecSub
VarR8FromStr
VarR4FromCy
SafeArrayAllocDescriptorEx
SafeArrayUnaccessData
OleCreatePictureIndirect
VarUI1FromDate
VarI1FromCy
VarR8FromI1
SysReAllocStringLen
VarR8FromR4

kernel32

GetConsoleCommandHistoryLengthA
GetDriveTypeA
Process32Next
GetAtomNameA
SetEnvironmentVariableW
LoadLibraryW
VirtualFreeEx
EnumResourceTypesA
GetModuleHandleW
ReleaseMutex
EnumTimeFormatsW
UnregisterWait
VirtualAllocEx
LocalCompact
GetLocaleInfoW
CreateNamedPipeW
EnumSystemLocalesA
MoveFileExA
InterlockedPushEntrySList
GetLongPathNameW
FindActCtxSectionStringA
MapViewOfFile
GetCurrentConsoleFont
GetCurrentThread
ConnectNamedPipe
GetOEMCP
WritePrivateProfileStructA
ResumeThread

netapi32

Netbios
NetDfsManagerSendSiteInfo
NetEnumerateTrustedDomains
NetpwPathType
I_NetLogonSendToSam
DsAddressToSiteNamesA
NetLocalGroupSetInfo
NetUnregisterDomainNameChangeNotification
NetUnjoinDomain
NetDfsManagerGetConfigInfo
NetConnectionEnum
NetGroupDelUser
I_NetServerAuthenticate3
NetDfsGetClientInfo
NetReplImportDirLock

mspatcha

GetFilePatchSignatureByHandle
ApplyPatchToFileA
ApplyPatchToFileExA
GetFilePatchSignatureA
TestApplyPatchToFileW
TestApplyPatchToFileByHandles
ApplyPatchToFileW
ApplyPatchToFileExW
ApplyPatchToFileByHandles
GetFilePatchSignatureW
ApplyPatchToFileByHandlesEx
TestApplyPatchToFileA

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c46de8d74f77d13682a5835ae30ab29c

Headers

File Characteristics

Imports

ntdsapi

sqlsrv32

oleaut32

kernel32

netapi32

mspatcha

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 93KB - Virtual size: 92KB

.data Size: 512B - Virtual size: 4B

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 512B - Virtual size: 4B

.rsrc
Size: 8KB - Virtual size: 7KB