2eed3c7143e82928bb65f1506384799594d65b5ff7d1bd00dae923f876733407

Sharing

Copy URL Twitter E-mail

General

Target

2eed3c7143e82928bb65f1506384799594d65b5ff7d1bd00dae923f876733407
Size

237KB
MD5

9638e56870dd8ec5523fd9b7b3f3b310
SHA1

876c4180f8ec2d869a457e9eff8725b33b2f57fe
SHA256

2eed3c7143e82928bb65f1506384799594d65b5ff7d1bd00dae923f876733407
SHA512

0cc0fdb4aef6cdeeae10f4b3147198a3c8879e0320ec8440fe874e7002634aad18b532cf989e078b957219dc4b1c8f920b0461716066f4bbe22d21f03ed9d370
SSDEEP

6144:yDOPrm9PmlxHgCzYFKmiPvq8ZONxq/AqJ79rUqrywpBv:F/lxACzWKXANFgRywpB

Score

N/A

Malware Config

Signatures

Files

2eed3c7143e82928bb65f1506384799594d65b5ff7d1bd00dae923f876733407
.exe windows x86

c429342b6ce1c6485466a808b582f81f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProfileIntA
EnumResourceTypesA
OpenJobObjectW
GetTimeZoneInformation
OpenFileMappingW
GetExpandedNameA
SetConsoleCP
IsBadStringPtrW
SetUserGeoID
WaitForSingleObjectEx
SetLastError
LoadLibraryW
BackupWrite
LocalFileTimeToFileTime
SystemTimeToFileTime
AddAtomA
InterlockedFlushSList
TransmitCommChar
ChangeTimerQueueTimer
GetLocaleInfoW
FindFirstFileW
GetDefaultCommConfigA
GetFileTime
SetUnhandledExceptionFilter
LocalFlags
FindNextChangeNotification

wldap32

ldap_add_ext_sW
ldap_open
ldap_add_extA
ldap_get_values_len
ber_bvfree
ldap_free_controls
ldap_simple_bindA
ber_alloc_t
ldap_create_vlv_controlW
ldap_add
ldap_next_attributeW
ldap_get_next_page
ldap_sasl_bind_sW
ldap_search
ldap_extended_operationA
ber_bvdup
ldap_bind_s
ldap_modrdn_sW
ldap_simple_bind_s
LdapGetLastError
ldap_compare
ldap_addA
ldap_free_controlsW
ldap_addW
ldap_dn2ufnA
ldap_searchA
ldap_modify

ifsutil

?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?QueryPageSize@IFS_SYSTEM@@SGKXZ
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0@Z
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Add@NUMBER_SET@@QAEEPBV1@@Z
??1CANNED_SECURITY@@UAE@XZ
??0INTSTACK@@QAE@XZ
?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?Initialize@INTSTACK@@QAEEXZ
?ChkDsk@VOL_LIODPDRV@@QAEEW4FIX_LEVEL@@PAVMESSAGE@@KKGPAKPBVWSTRING@@@Z
?ReverseCopy@INTSTACK@@QAEEPAV1@@Z
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
??0SECRUN@@QAE@XZ
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??1SUPERAREA@@UAE@XZ

sqlunirl

_BroadcastSystemMessage_@20
_lstrcat_@8
_DefMDIChildProc_@16
_GetTextMetrics@8
_SetDlgItemText@12
_NDdeShareSetInfo_@24
_WritePrivateProfileStruct_@20
_lstrcmp_@8
_CommConfigDialog_@12
_InsertMenu_@20
_BuildCommDCBAndTimeouts_@12
_GetFullPathName_@16
_PrivilegedServiceAuditAlarm_@20
_GetPrivateProfileString_@24
_GetProfileInt_@12
__hwrite_@12
_LookupAccountName_@28
_SHGetFileInfo_@20
_SHBrowseForFolder_@4
_UpdateResource_@24
_GetCharWidth_@16
_GetClipboardFormatName_@12
_DrawState_@40
_ObjectPrivilegeAuditAlarm_@24
_SetCurrentDirectory_@4

msdart

??0CSpinLock@@QAE@XZ
?WriteUnlock@CSpinLock@@QAEXXZ
?ReadUnlock@CLKRHashTable@@QBEXXZ
??4CSingleList@@QAEAAV0@ABV0@@Z
?SetSpinCount@CSpinLock@@QAE_NG@Z
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?ReadLock@CFakeLock@@QAEXXZ
?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
MpHeapDestroy
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
?ReadOrWriteLock@CCritSec@@QAE_NXZ
?_TryReadLock@CReaderWriterLock@@AAE_NXZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
mpRealloc
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?IsWinNT4@CMdVersionInfo@@SAHXZ
?TryWriteLock@CSmallSpinLock@@QAE_NXZ
?IsWriteLocked@CFakeLock@@QBE_NXZ
??1CLKRLinearHashTable@@QAE@XZ
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
MpHeapReAlloc
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
?IsUnlocked@CLockedSingleList@@QBE_NXZ
MpHeapAlloc
?SetDefaultSpinAdjustmentFactor@CSpinLock@@SGXN@Z

shlwapi

SHDeleteEmptyKeyW
StrFormatKBSizeW
StrIsIntlEqualA
PathMakeSystemFolderW
PathUnmakeSystemFolderW
SHStrDupW
ColorAdjustLuma
SHRegisterValidateTemplate
SHRegSetUSValueW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c429342b6ce1c6485466a808b582f81f

Headers

File Characteristics

Imports

kernel32

wldap32

ifsutil

sqlunirl

msdart

shlwapi

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 59KB - Virtual size: 58KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 59KB - Virtual size: 58KB

.rsrc
Size: 3KB - Virtual size: 2KB