3829513456409f3433668e4810fd7cad9c730df7e4ba7546aff6fc7770f717ba

Sharing

Copy URL Twitter E-mail

General

Target

3829513456409f3433668e4810fd7cad9c730df7e4ba7546aff6fc7770f717ba
Size

828KB
MD5

0d397420ebf5c15b3850d1d68cf8550f
SHA1

1d0b6f7f8998957af3d92fa86872aba8e6fa5679
SHA256

3829513456409f3433668e4810fd7cad9c730df7e4ba7546aff6fc7770f717ba
SHA512

369d5bc720e9764fbe8aee901ddf9295febc0a891f041b414a66d6876f87696a32f6aac4bbb436439eef6827dece83e85b86e84317e208d069050aea537435dc
SSDEEP

12288:vJEOVb7p7hzzroEWnzUsAJlVAWdhvISXd2D+jZTQTy6JXV6vyxMe/nV4N:zJdzrBWnzU7yWdNMwpQTXwvyxD

Score

N/A

Malware Config

Signatures

Files

3829513456409f3433668e4810fd7cad9c730df7e4ba7546aff6fc7770f717ba
.exe windows x86

9b410c2e9dc6fb6dc72e2344a1f8dd17

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetGeoInfoA
EnumSystemLocalesW
RemoveDirectoryW
CreateNamedPipeW
RemoveVectoredExceptionHandler
HeapReAlloc
CreateMemoryResourceNotification
GetConsoleWindow
GetOEMCP
LoadLibraryW
FormatMessageW
HeapWalk
CreateMailslotA
CreateJobObjectA
HeapCreate
DebugActiveProcessStop

netapi32

DsAddressToSiteNamesW
I_NetLogonUasLogoff
NetRemoteTOD
I_BrowserQueryEmulatedDomains
NetDfsEnum
NetpAllocFtinfoEntry
NetApiBufferSize
NetReplGetInfo
NetpDbgPrint
DsRoleDnsNameToFlatName
NetLocalGroupAdd
DsRoleGetPrimaryDomainInformation
NetDfsRemoveFtRootForced
NetMessageNameAdd
NetUseDel
NetConfigSet
I_NetLogonSamLogonEx
NetJoinDomain
NetReplExportDirGetInfo
NetGroupDel
DsEnumerateDomainTrustsA
NetWkstaUserGetInfo
NetGetJoinInformation
DsRoleGetDcOperationResults
NetShareDel
DsRoleDcAsReplica
NetUseAdd

imm32

ImmGetStatusWindowPos
ImmEnumInputContext
ImmNotifyIME
ImmGetCompositionFontW
ImmProcessKey
ImmLockIMCC
ImmIsUIMessageW
ImmGetVirtualKey
ImmSimulateHotKey
ImmLoadIME
ImmSetCompositionFontA
ImmAssociateContextEx
ImmIsUIMessageA
ImmWINNLSEnableIME
ImmFreeLayout
ImmSendIMEMessageExW
ImmGetConversionStatus
ImmGetRegisterWordStyleW
ImmSetCandidateWindow
ImmIsIME

ole32

CreateBindCtx
HWND_UserFree
StgOpenStorage
PropSysFreeString
StgOpenAsyncDocfileOnIFillLockBytes
HGLOBAL_UserSize
CoRegisterPSClsid
CoMarshalInterThreadInterfaceInStream
CLIPFORMAT_UserFree

wldap32

ldap_sasl_bindA
ldap_sslinitW
ldap_add_sW
ldap_rename_ext_sW
ldap_delete_extW
ldap_memfree
ldap_sasl_bindW
ldap_compare_ext_s
ldap_next_entry
ldap_controls_freeA
ber_init
ldap_search_extW
ldap_search_stA
ldap_unbind
ldap_get_optionW
ldap_simple_bind_sW
ldap_next_attribute
ldap_init
ldap_add_extW
ldap_explode_dnA
ldap_first_attributeW
ldap_modrdn2_sW
ldap_connect

oleaut32

VarR8FromI1
VarAnd
VarR8Round
VarDateFromR4
VarBstrFromUI1
VarR4FromUI1
VarUI4FromDate
VarUdateFromDate
VarUI8FromDec
VariantCopy
VarDiv
VarI1FromR8
VarI2FromI4
VarNeg
VarUI1FromI8
VarDecFromI2
VarBstrFromUI2
VarR8FromDate
VarAdd
VarBstrFromBool
VarUI2FromDisp
VarDecFromR4
VarCyFromDisp
SetOaNoCache

scecli

SceDcPromoteSecurityEx
SceAddToNameList
SceGetObjectChildren
SceDcPromoCreateGPOsInSysvol
SceConfigureConvertedFileSecurity
SceOpenProfile
SceSetupUpdateSecurityFile
SceCopyBaseProfile
SceConfigureSystem
SceGetAnalysisAreaSummary

Sections

.text
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fggqwtr
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b410c2e9dc6fb6dc72e2344a1f8dd17

Headers

File Characteristics

Imports

kernel32

netapi32

imm32

ole32

wldap32

oleaut32

scecli

Sections

.text Size: 404KB - Virtual size: 403KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 165KB - Virtual size: 1.5MB

.rsrc Size: 150KB - Virtual size: 149KB

.reloc Size: 1024B - Virtual size: 29KB

fggqwtr Size: - Virtual size: 4KB

.text
Size: 404KB - Virtual size: 403KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 165KB - Virtual size: 1.5MB

.rsrc
Size: 150KB - Virtual size: 149KB

.reloc
Size: 1024B - Virtual size: 29KB

fggqwtr
Size: - Virtual size: 4KB