1a2fde970bedd6be65cec0a53fc6a87ffb356c44edbdb1f8c779dfe08e1689d1

Sharing

Copy URL Twitter E-mail

General

Target

1a2fde970bedd6be65cec0a53fc6a87ffb356c44edbdb1f8c779dfe08e1689d1
Size

255KB
MD5

9687acf66218e0abfa75b2079cdb6930
SHA1

491e20cf0f8f47449c0db775a845ac6962de476b
SHA256

1a2fde970bedd6be65cec0a53fc6a87ffb356c44edbdb1f8c779dfe08e1689d1
SHA512

c13ec2641f88557a18dbb77521d40717abc1573be62ae243d1e716bbdf3c7ea20b8ace7edb3aed474c7e95359dd2bc1c670ca195d0ed85c9a1a249cf4625ab7c
SSDEEP

6144:Gkiyb05FxBEvT1Hsw8MWJIAaDIqEWZeO/S3UgAiC:3YXxWZsw8RJyDv4eSEge

Score

N/A

Malware Config

Signatures

Files

1a2fde970bedd6be65cec0a53fc6a87ffb356c44edbdb1f8c779dfe08e1689d1
.exe windows x86

59f94bc6d41775e1d2c4d8ae129a5e5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_get_dnA
ber_scanf
ldap_parse_page_control
ldap_set_dbg_flags
ldap_compareW
ldap_delete
ldap_search_ext_sA
ldap_compareA
ldap_simple_bind_sA
ldap_parse_referenceA
ldap_modrdn
ldap_addA

crypt32

CryptCloseAsyncHandle
CryptSIPCreateIndirectData
CertSetCertificateContextProperty
CryptEncodeObjectEx
RegCreateHKCUKeyExU
I_CryptGetFileVersion
CertRemoveEnhancedKeyUsageIdentifier
PFXImportCertStore
RegOpenKeyExU
CertDuplicateCRLContext
CertEnumCertificatesInStore
CryptAcquireContextU
CertAddEncodedCertificateToStore
CertCompareIntegerBlob
CertCreateCRLContext
CryptMemAlloc
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CertSetCertificateContextPropertiesFromCTLEntry
I_CryptFindLruEntryData
CryptFindLocalizedName
CertUnregisterPhysicalStore
CryptSIPRemoveProvider
CertStrToNameW
CryptDecryptAndVerifyMessageSignature

msoert2

CreateTempFileStream
HrGetCertKeyUsage
CenterDialog
PszScanToWhiteA
DeleteTempFileOnShutdownEx
PszAllocA
IsPrint
PszFromANSIStreamA
strtrimW
UlStripWhitespaceW
FIsHTMLFile
HrIStreamToBSTR
FIsValidFileNameCharA
RicheditStreamOut
UpdateRebarBandColors
PVDecodeObject
HrCopyStreamCB
WriteStreamToFile
CreateSystemHandleName
HrGetStreamSize

mfcsubs

??4CPlex@@QAEAAU0@ABU0@@Z
?GetSize@CStringArray@@QBEHXZ
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
??4CString@@QAEABV0@PBE@Z
?GetBuffer@CString@@QAEPAGH@Z
?GetHashTableSize@CMapStringToPtr@@QBEIXZ
?FindOneOf@CString@@QBEHPBG@Z
?GetBufferSetLength@CString@@QAEPAGH@Z
??M@YG_NABVCString@@PBG@Z
??4CString@@QAEABV0@ABV0@@Z
?Add@CStringArray@@QAEHPBG@Z
??ACString@@QBEGH@Z
?Copy@CStringArray@@QAEXABV1@@Z
?SpanExcluding@CString@@QBE?AV1@PBG@Z
?Lock@CSyncObject@@UAEHK@Z
?AfxA2WHelper@@YGPAGPAGPBDH@Z
?LockBuffer@CString@@QAEPAGXZ
??M@YG_NPBGABVCString@@@Z
??0CString@@QAE@PBD@Z
??H@YG?AVCString@@GABV0@@Z
?Right@CString@@QBE?AV1@H@Z
?AfxExtractSubString@@YGHAAVCString@@PBGHG@Z
??8@YG_NPBGABVCString@@@Z
?SetSize@CStringArray@@QAEXHH@Z
?TrimRight@CString@@QAEXXZ
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?SafeStrlen@CString@@KGHPBG@Z
?RemoveAll@CStringArray@@QAEXXZ
?MakeReverse@CString@@QAEXXZ
??YCString@@QAEABV0@ABV0@@Z

odbcbcp

bcp_done
bcp_sendrow
SQLGetNextEnumeration
bcp_bind
SQLLinkedCatalogsA
bcp_getcolfmt
dbprtypeA
bcp_readfmtW
bcp_readfmtA
bcp_initW
dbprtypeW
LibMain
bcp_colfmt
bcp_collen
bcp_columns

ntdll

NtCreateMailslotFile
RtlCaptureStackBackTrace
ZwUnloadDriver
RtlExitUserThread
ZwReadVirtualMemory
RtlQueryTimeZoneInformation
NtMapViewOfSection
_CIcos
ZwOpenThreadTokenEx
RtlInsertElementGenericTable
NtReleaseMutant
RtlImageRvaToSection
ZwQueryKey
NtDeviceIoControlFile

kernel32

GetUserDefaultLCID
LoadLibraryW
FlushViewOfFile
GetConsoleAliasExesW
IsWow64Process
WritePrivateProfileSectionA
WaitForMultipleObjects
GetTickCount
UpdateResourceA
WritePrivateProfileSectionW
SetLastError
FindFirstChangeNotificationW
GetCommandLineW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59f94bc6d41775e1d2c4d8ae129a5e5c

Headers

File Characteristics

Imports

wldap32

crypt32

msoert2

mfcsubs

odbcbcp

ntdll

kernel32

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 145KB - Virtual size: 144KB

.data Size: 59KB - Virtual size: 59KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 145KB - Virtual size: 144KB

.data
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 3KB - Virtual size: 3KB