bc46e64afb52f293304769dfe418c23d954c24c27243e81b64474a1be918caf1

Sharing

Copy URL Twitter E-mail

General

Target

bc46e64afb52f293304769dfe418c23d954c24c27243e81b64474a1be918caf1
Size

109KB
MD5

8307a16719094b84ab9dccc1cd57fb70
SHA1

4de607dfc25c83fa5c57e719db73daedb15cdc87
SHA256

bc46e64afb52f293304769dfe418c23d954c24c27243e81b64474a1be918caf1
SHA512

ac87adb78c1ac13b9b5a5bce3dc89f1861479e589bf0c65533a5621c4f0fafa3500b574a3fac405e1eea436af2f435de67b58f421c60906479d6437c9c3ef4ff
SSDEEP

3072:wpghLkHOZsXS/nI+wK8f39kvv+zhNs8mq7hVfY0:thLkHOZsC/I+wKx+zhW8mwhVf

Score

N/A

Malware Config

Signatures

Files

bc46e64afb52f293304769dfe418c23d954c24c27243e81b64474a1be918caf1
.exe windows x86

e74e6656ce0d4d2dbf6ca34c93510c96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfW
CharUpperW
LoadStringW

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

ole32

CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx

oleaut32

VariantClear
VariantCopy
VariantInit
VariantChangeType
SysAllocStringByteLen
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SafeArrayGetElement
SysStringLen
SysAllocString

secur32

TranslateNameW
GetComputerObjectNameW
GetUserNameExW

ws2_32

WSACleanup
inet_addr
WSAGetLastError
WSAStartup
gethostbyaddr

netapi32

NetApiBufferFree
DsGetDcNameW
NetServerGetInfo

framedyn

??1CHString@@QAE@XZ
??0CHString@@QAE@XZ
?GetData@CHString@@IBEPAUCHStringData@@XZ
?Empty@CHString@@QAEXXZ
?Compare@CHString@@QBEHPBG@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
?Format@CHString@@QAAXPBGZZ
??4CHString@@QAEABV0@ABV0@@Z
?Mid@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Left@CHString@@QBE?AV1@H@Z
??YCHString@@QAEABV0@PBG@Z
??0CHString@@QAE@PBG@Z
?Mid@CHString@@QBE?AV1@HH@Z
?Find@CHString@@QBEHPBG@Z
??0CHString@@QAE@ABV0@@Z
??H@YG?AVCHString@@ABV0@PBG@Z
?MakeLower@CHString@@QAEXXZ
??H@YG?AVCHString@@ABV0@0@Z
?GetBuffer@CHString@@QAEPAGH@Z
??4CHString@@QAEABV0@PBG@Z

ntdsapi

DsBindWithCredW
DsCrackNamesW
DsUnBindW
DsFreeNameResultW

msvcrt

free
calloc
wcstok
wcslen
wcstod
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_iob
wcsstr
?terminate@@YAXXZ
_except_handler3
_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_CxxThrowException
wcschr
strtok
fprintf
fflush
realloc
_wcsnicmp
wcscpy
wcsncmp
wcstol

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegConnectRegistryW
LookupAccountSidW
ConvertStringSidToSidW
RegCloseKey

kernel32

CreateMutexW
CloseHandle
GetConsoleScreenBufferInfo
GetModuleHandleA
GetConsoleMode
SetConsoleMode
GetStdHandle
SetLastError
lstrlenW
WriteConsoleW
SetConsoleCursorPosition
lstrcmpiW
lstrcpyW
lstrcmpW
InterlockedIncrement
LocalAlloc
FormatMessageW
lstrcatW
InterlockedDecrement
GetComputerNameW
GetUserDefaultLCID
GetTimeFormatW
ReadFile
ReadConsoleW
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
GetDateFormatW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpynW
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
LocalFree
GetComputerNameExW
WaitForSingleObject
ReleaseMutex
GetLastError

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e74e6656ce0d4d2dbf6ca34c93510c96

Headers

DLL Characteristics

File Characteristics

Imports

user32

mpr

ole32

oleaut32

secur32

ws2_32

netapi32

framedyn

ntdsapi

msvcrt

advapi32

kernel32

Sections

.text Size: 87KB - Virtual size: 86KB

.data Size: 512B - Virtual size: 144B

.tls Size: 512B - Virtual size: 21B

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 87KB - Virtual size: 86KB

.data
Size: 512B - Virtual size: 144B

.tls
Size: 512B - Virtual size: 21B

.rsrc
Size: 20KB - Virtual size: 19KB