36224d0e48c102a76d2464f815828e914ad32ed410eeef92163c1f60cd75fe3f

Sharing

Copy URL Twitter E-mail

General

Target

36224d0e48c102a76d2464f815828e914ad32ed410eeef92163c1f60cd75fe3f
Size

63KB
MD5

185498b49cd4f459bc00821f8d6bc6c0
SHA1

93fc5d8563e6be97d70183f6759f4774df8d5239
SHA256

36224d0e48c102a76d2464f815828e914ad32ed410eeef92163c1f60cd75fe3f
SHA512

2ae2d58a1fdd067e2ecb12badcfbf78c2dcfdff35b90e70e1f8006caeed9bc63e2f79d313f90f7a23c7d223bf011bf69e6630eed6d437cdd3e52692e40ab1007
SSDEEP

1536:nGC1KadortqybEQULqN49pU/cWFidTv3HlixhZMR14:nGC1KaytqybEaOEO9lwhiR14

Score

N/A

Malware Config

Signatures

Files

36224d0e48c102a76d2464f815828e914ad32ed410eeef92163c1f60cd75fe3f
.exe windows x86

1e82437e263c4457e9902ec336d54cd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
WSAGetLastError
getprotobynumber
__WSAFDIsSet
WSAEnumProtocolsA
WSALookupServiceBeginA
gethostname
htons
WSAWaitForMultipleEvents
WSAHtonl
WSAResetEvent
WSCWriteNameSpaceOrder
WSAGetServiceClassInfoW
getservbyname
getpeername
WSASocketA
WSACancelAsyncRequest
WSACloseEvent
getservbyport
WSAIoctl
WSACreateEvent
WSAStringToAddressW
getsockname
WSAEnumNameSpaceProvidersA
WSAInstallServiceClassW
recvfrom
WSAAddressToStringA
gethostbyname
WSCGetProviderPath
WSAConnect
WSCInstallProvider
WSASendDisconnect
inet_addr
WSAAsyncGetServByPort
WSAGetServiceClassNameByClassIdW
WSAUnhookBlockingHook
WSASetLastError

ntdsapi

DsUnBindA
DsReplicaUpdateRefsW
DsAddSidHistoryW
DsUnBindW
DsListDomainsInSiteW
DsReplicaSyncA
DsCrackSpnA
DsReplicaUpdateRefsA
DsFreeDomainControllerInfoW
DsUnquoteRdnValueA
DsListDomainsInSiteA
DsListRolesW
DsFreePasswordCredentials
DsWriteAccountSpnW
DsBindW
DsFreeSpnArrayW
DsInheritSecurityIdentityA
DsListServersForDomainInSiteW
DsBindWithSpnA
DsCrackSpnW
DsBindA
DsInheritSecurityIdentityW
DsQuoteRdnValueW
DsMapSchemaGuidsA
DsReplicaGetInfoW
DsQuoteRdnValueA
DsGetSpnA
DsReplicaModifyW
DsFreeNameResultW
DsUnquoteRdnValueW
DsGetSpnW
DsReplicaSyncAllW
DsWriteAccountSpnA
DsBindWithCredA
DsMapSchemaGuidsW
DsListInfoForServerW

user32

SendMessageW
DialogBoxParamW

kernel32

SetCalendarInfoA
GetProcAddress

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e82437e263c4457e9902ec336d54cd9

Headers

File Characteristics

Imports

ws2_32

ntdsapi

user32

kernel32

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 14KB - Virtual size: 14KB

.rdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 14KB - Virtual size: 14KB

.rdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 12KB