f454c3aa0ff3109c5792c024237080b34d10e4f379a552d8c133ef9e5b6ff2b6

Sharing

Copy URL Twitter E-mail

General

Target

f454c3aa0ff3109c5792c024237080b34d10e4f379a552d8c133ef9e5b6ff2b6
Size

49KB
MD5

93da798e17b95c75fa67d3e175c58822
SHA1

09ec898123b76478c43ec18b8f6490bb4bd02db1
SHA256

f454c3aa0ff3109c5792c024237080b34d10e4f379a552d8c133ef9e5b6ff2b6
SHA512

0bdb0677da92d647fa73b065cd4ac9f0674ca0d5affa433ed25985bc614ee605ca18529c795687aa49b838d774bc1df6b5a9f3983ba4a87989a168679e9131b4
SSDEEP

768:lRWhp86TGrZNxOJSN3snYcBsF7oBDYM72uP9slhH0WM4YALc6a9ZP:lm8vrZ37o5Mue0P4YALA1

Score

N/A

Malware Config

Signatures

Files

f454c3aa0ff3109c5792c024237080b34d10e4f379a552d8c133ef9e5b6ff2b6
.exe windows x86

42a14ed32d6b53e748f625a1aa1c8a34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msdart

?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?_DeleteRecord@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@PBXK@Z
?SetDefaultSpinCount@CReaderWriterLock@@SGXG@Z
?WriteLock@CLKRHashTable@@QAEXXZ
?_TryWriteLock2@CReaderWriterLock3@@AAE_NXZ
?ReadUnlock@CReaderWriterLock@@QAEXXZ
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?Push@CSingleList@@QAEXQAVCSingleListEntry@@@Z
?IsReadUnlocked@CSmallSpinLock@@QBE_NXZ
?DeleteKey@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@K@Z
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?ReadUnlock@CFakeLock@@QAEXXZ
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?WriteUnlock@CLKRLinearHashTable@@QBEXXZ
?IsEmpty@CSingleList@@QBE_NXZ
?SetDefaultSpinAdjustmentFactor@CFakeLock@@SGXN@Z
?FindRecord@CLKRHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
??0CReaderWriterLock@@QAE@XZ
FXMemAttach
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?Last@CDoubleList@@QBEQAVCListEntry@@XZ
?TryReadLock@CReaderWriterLock@@QAE_NXZ
?IsWin98orLater@CMdVersionInfo@@SAHXZ
?SetSpinCount@CSpinLock@@QAE_NG@Z
?SetSpinCount@CSmallSpinLock@@QAE_NG@Z
?DeleteIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?CheckTable@CLKRLinearHashTable@@QBEHXZ
?IsWin2k@CMdVersionInfo@@SAHXZ
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
??1CReaderWriterLock3@@QAE@XZ

kernel32

AddVectoredExceptionHandler
GetOEMCP
RtlZeroMemory
GetTickCount
CreateConsoleScreenBuffer
Module32First
CreateActCtxA
BaseDumpAppcompatCache
GetNumaHighestNodeNumber
QueryPerformanceCounter
RegisterWaitForSingleObjectEx
SetEvent
PulseEvent
SetConsolePalette
ClearCommBreak
ReplaceFile
SignalObjectAndWait
GetLongPathNameW
MoveFileWithProgressA
WriteConsoleInputA
WaitForMultipleObjectsEx
SetComputerNameW
SetConsoleMenuClose
ReadFile
LoadLibraryA
VirtualAlloc
CompareFileTime

winipsec

AddQMPolicy
DeleteTunnelFilter
DeleteTransportFilter
SetMMFilter
GetTransportFilter
MatchTransportFilter
AddMMAuthMethods
AddMMPolicy
OpenTunnelFilterHandle
EnumTransportFilters
SetTunnelFilter
GetQMPolicy
AddTunnelFilter
GetMMAuthMethods
EnumQMPolicies
EnumTunnelFilters
MatchMMFilter
CloseTunnelFilterHandle
CloseMMFilterHandle
EnumMMFilters
EnumIPSecInterfaces
EnumMMPolicies
SetQMPolicy
OpenMMFilterHandle
DeleteMMPolicy
DeleteQMPolicy
CloseTransportFilterHandle
DeleteMMAuthMethods
OpenTransportFilterHandle
AddTransportFilter
QueryIPSecStatistics
AddMMFilter
SPDApiBufferFree
SetMMPolicy
SPDApiBufferAllocate

wldap32

ldap_close_extended_op
ldap_delete_ext_s
ldap_sasl_bind_sW
ber_skip_tag
cldap_open
ldap_dn2ufnA
ldap_modrdn2W
ldap_compare_ext_sA
ldap_compare
ldap_start_tls_sW
ldap_start_tls_sA
ldap_abandon
ldap_err2string
ldap_free_controlsW
ldap_search_ext
ldap_first_attribute
ldap_openW
ldap_set_optionA
ldap_delete_extA
ldap_parse_extended_resultA
ldap_addW
ldap_memfreeA
ldap_init
ldap_get_optionW
ldap_ufn2dnW
ldap_count_valuesW

cabinet

FDICreate
FDICopy
FCIFlushFolder
FDIDestroy
FDITruncateCabinet
Extract
DllGetVersion
GetDllVersion
FCICreate
FCIFlushCabinet
FCIDestroy
DeleteExtractedFiles
FDIIsCabinet
FCIAddFile

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42a14ed32d6b53e748f625a1aa1c8a34

Headers

DLL Characteristics

File Characteristics

Imports

msdart

kernel32

winipsec

wldap32

cabinet

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB