7976b11608a9f8ba362a474dae9403c1f832eae8fab35b711fcde77146bacb68

Sharing

Copy URL

Twitter E-mail

General

Target

7976b11608a9f8ba362a474dae9403c1f832eae8fab35b711fcde77146bacb68
Size

396KB
MD5

94d59ea4c1f6ba3eeb946b8ccb20db13
SHA1

c00e2d05de73d6302a960334fb3ba92946ab8e42
SHA256

7976b11608a9f8ba362a474dae9403c1f832eae8fab35b711fcde77146bacb68
SHA512

6715549533eb9ca657792e7660ebbe06b6dcc949765a8d5a9d9103da073067e377cfd8d5d7c0b9141199ebbc6bb46e311bf0054afa13d16d9c511f48711450b5
SSDEEP

12288:kJQ98TOv5ATyrrRxQOj3niIWdzDSaQw1Z:ku8CyTyrHQ6cd3Vl

Score

N/A

Malware Config

Signatures

Files

7976b11608a9f8ba362a474dae9403c1f832eae8fab35b711fcde77146bacb68
.exe windows x86

1a12c64bf41a92c1f021fe4ae3f6b851

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsFreeSpnArrayA
DsUnquoteRdnValueA
DsFreeDomainControllerInfoA
DsGetSpnA
DsInheritSecurityIdentityA
DsClientMakeSpnForTargetServerA
DsIsMangledRdnValueA
DsCrackUnquotedMangledRdnA
DsQuoteRdnValueA
DsCrackNamesA
DsAddSidHistoryA
DsServerRegisterSpnA
DsReplicaFreeInfo
DsCrackSpnA
DsReplicaUpdateRefsA
DsListDomainsInSiteA
DsListServersForDomainInSiteA
DsMakePasswordCredentialsA
DsBindA
DsRemoveDsDomainA
DsGetDomainControllerInfoA
DsListRolesA
DsBindWithSpnA
DsMapSchemaGuidsA
DsReplicaSyncAllA
DsReplicaModifyA
DsIsMangledDnA
DsReplicaSyncA
DsFreeSchemaGuidMapA
DsListServersInSiteA
DsReplicaVerifyObjectsA
DsBindWithCredA
DsFreeNameResultA
DsListSitesA
DsMakeSpnA
DsWriteAccountSpnA
DsReplicaAddA
DsFreePasswordCredentials
DsListInfoForServerA
DsUnBindA
DsRemoveDsServerA
DsReplicaDelA
DsReplicaConsistencyCheck

kernel32

WriteFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoW
GetLocaleInfoA
MultiByteToWideChar
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
Sleep
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetCurrentThread
InterlockedDecrement
GetCurrentThreadId
GetLogicalDrives
VirtualProtectEx
PrepareTape
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError

Sections

.text
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a12c64bf41a92c1f021fe4ae3f6b851

Headers

File Characteristics

Imports

ntdsapi

kernel32

Sections

.text Size: 240KB - Virtual size: 237KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 128KB - Virtual size: 195KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 240KB - Virtual size: 237KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 128KB - Virtual size: 195KB

.reloc
Size: 8KB - Virtual size: 5KB