197c1f911e5e99ad7248f51c8f0fc100c0cdb4132f67cd6497f1032986ea50b3

Sharing

Copy URL Twitter E-mail

General

Target

197c1f911e5e99ad7248f51c8f0fc100c0cdb4132f67cd6497f1032986ea50b3
Size

63KB
MD5

a35a5bc3c23f846c50308f110d5cfed0
SHA1

a3ec8873e87374d58b63402a386e9593afb2e15d
SHA256

197c1f911e5e99ad7248f51c8f0fc100c0cdb4132f67cd6497f1032986ea50b3
SHA512

26a4bb5203c8cf480bce013dfc62a9276f357325124bb726f4030ae01e33b97ab28c41bb3fdcefee4d06f77fe2443f817dcff73006bef0d6bb4de99d6473917e
SSDEEP

1536:BGC1KadortqybEQULqN49pU/cWFidTv3HlixhZMR14:BGC1KaytqybEaOEO9lwhiR14

Score

N/A

Malware Config

Signatures

Files

197c1f911e5e99ad7248f51c8f0fc100c0cdb4132f67cd6497f1032986ea50b3
.exe windows x86

1e82437e263c4457e9902ec336d54cd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
WSAGetLastError
getprotobynumber
__WSAFDIsSet
WSAEnumProtocolsA
WSALookupServiceBeginA
gethostname
htons
WSAWaitForMultipleEvents
WSAHtonl
WSAResetEvent
WSCWriteNameSpaceOrder
WSAGetServiceClassInfoW
getservbyname
getpeername
WSASocketA
WSACancelAsyncRequest
WSACloseEvent
getservbyport
WSAIoctl
WSACreateEvent
WSAStringToAddressW
getsockname
WSAEnumNameSpaceProvidersA
WSAInstallServiceClassW
recvfrom
WSAAddressToStringA
gethostbyname
WSCGetProviderPath
WSAConnect
WSCInstallProvider
WSASendDisconnect
inet_addr
WSAAsyncGetServByPort
WSAGetServiceClassNameByClassIdW
WSAUnhookBlockingHook
WSASetLastError

ntdsapi

DsUnBindA
DsReplicaUpdateRefsW
DsAddSidHistoryW
DsUnBindW
DsListDomainsInSiteW
DsReplicaSyncA
DsCrackSpnA
DsReplicaUpdateRefsA
DsFreeDomainControllerInfoW
DsUnquoteRdnValueA
DsListDomainsInSiteA
DsListRolesW
DsFreePasswordCredentials
DsWriteAccountSpnW
DsBindW
DsFreeSpnArrayW
DsInheritSecurityIdentityA
DsListServersForDomainInSiteW
DsBindWithSpnA
DsCrackSpnW
DsBindA
DsInheritSecurityIdentityW
DsQuoteRdnValueW
DsMapSchemaGuidsA
DsReplicaGetInfoW
DsQuoteRdnValueA
DsGetSpnA
DsReplicaModifyW
DsFreeNameResultW
DsUnquoteRdnValueW
DsGetSpnW
DsReplicaSyncAllW
DsWriteAccountSpnA
DsBindWithCredA
DsMapSchemaGuidsW
DsListInfoForServerW

user32

SendMessageW
DialogBoxParamW

kernel32

SetCalendarInfoA
GetProcAddress

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e82437e263c4457e9902ec336d54cd9

Headers

File Characteristics

Imports

ws2_32

ntdsapi

user32

kernel32

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 14KB - Virtual size: 14KB

.rdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 14KB - Virtual size: 14KB

.rdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 12KB