4b44904d3fadecede8b55ddbeb648874e32e539c3078cf2454e4d27b3b91e6fe

Sharing

Copy URL Twitter E-mail

General

Target

4b44904d3fadecede8b55ddbeb648874e32e539c3078cf2454e4d27b3b91e6fe
Size

136KB
MD5

da1d19321c007bbc8fd2139ef12d15e0
SHA1

24965f2729c8cde00f05c74b13e5041b3717e550
SHA256

4b44904d3fadecede8b55ddbeb648874e32e539c3078cf2454e4d27b3b91e6fe
SHA512

ae07228df50d5b95e6b604003289689a3798482d3210967e49800890c0ca1e76cf98971dbe304e273402e69d4d777a2259298c8acdde7880417d57d13acbfb28
SSDEEP

3072:wnj8O37vr+maHmCHv020AQZALiwnV6EQYOxuSBh:nO3ubyAQZAmwnhSB

Score

N/A

Malware Config

Signatures

Files

4b44904d3fadecede8b55ddbeb648874e32e539c3078cf2454e4d27b3b91e6fe
.dll windows x86

057d8e121fd81b1529a30e30c88febc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalGetAtomNameA
SetFileShortNameW
GetDllDirectoryW
SetFileShortNameA
WritePrivateProfileStringW
MoveFileW
MoveFileExA
GetCPInfoExA
LocalSize
GetPrivateProfileStructA
GetCPInfoExW
OpenWaitableTimerW
UnlockFileEx
ReadConsoleOutputW
SignalObjectAndWait
lstrcpyA
GetConsoleTitleA
CreateFiber
CreateJobObjectA
ShowConsoleCursor
RegisterConsoleOS2
GetConsoleAliasW
VDMConsoleOperation
CreateDirectoryExW
GlobalAddAtomA
TryEnterCriticalSection
SetCurrentDirectoryW
SetLastError
LocalFlags
InterlockedFlushSList
CloseHandle
GetSystemTimes
PeekConsoleInputA
SetFilePointer
DeleteFileW
RemoveDirectoryA
lstrcmpA
VirtualAlloc
CreateJobSet
GlobalGetAtomNameW
InterlockedPopEntrySList
Module32FirstW

user32

IsWindowEnabled
ShowOwnedPopups
EndDialog
AdjustWindowRect

crypt32

CryptRegisterOIDInfo
CertDuplicateCRLContext
CertDeleteCertificateFromStore
CryptImportPublicKeyInfo
CertOIDToAlgId
CryptFindLocalizedName
CryptVerifyDetachedMessageHash
CertGetCRLFromStore
CertStrToNameA
CryptGetDefaultOIDFunctionAddress
CertCreateCTLContext
PFXExportCertStoreEx
CertFindCRLInStore
CryptVerifyCertificateSignature
CertDeleteCRLFromStore
CryptSIPRemoveSignedDataMsg
CertControlStore
CertSetCRLContextProperty
CertGetCTLContextProperty
CertFindCertificateInCRL
CryptHashMessage
CertCompareCertificate
CryptLoadSip
CryptUninstallDefaultContext
CertRegisterPhysicalStore
CryptCloseAsyncHandle
CertVerifyCRLTimeValidity
CertCreateSelfSignCertificate
CryptExportPublicKeyInfoEx

cryptui

CryptUIDlgSelectCertificateFromStore
CryptUIWizExport
CryptUIDlgSelectStoreA
CryptUIDlgViewCertificateA
CryptUIDlgViewSignerInfoW
CryptUIFreeViewSignaturesPagesW
CryptUIDlgViewCTLW
ACUIProviderInvokeUI
CryptUIWizDigitalSign
CryptUIDlgViewCertificateW
CryptUIDlgViewCTLA
CryptUIWizFreeDigitalSignContext
CryptUIGetCertificatePropertiesPagesA
CryptUIDlgSelectCertificateA
CryptUIDlgViewCertificatePropertiesW
CryptUIStartCertMgr
CryptUIGetViewSignaturesPagesA
CryptUIDlgSelectStoreW
CryptUIFreeCertificatePropertiesPagesW
CryptUIDlgSelectCA
CryptUIWizImport
CryptUIGetViewSignaturesPagesW
CryptUIDlgViewCertificatePropertiesA
CryptUIFreeCertificatePropertiesPagesA

ntdsapi

DsReplicaSyncAllW
DsCrackSpn2W
DsaopExecuteScript
DsReplicaModifyA
DsRemoveDsDomainW
DsCrackSpnW
DsServerRegisterSpnW
DsBindW
DsFreeSpnArrayW
DsFreeSchemaGuidMapA
DsFreeSpnArrayA
DsFreeDomainControllerInfoA
DsIsMangledRdnValueA
DsClientMakeSpnForTargetServerW
DsMapSchemaGuidsA
DsRemoveDsServerA
DsReplicaUpdateRefsW
DsGetRdnW
DsCrackSpn2A
DsBindWithCredW
DsRemoveDsDomainA
DsaopBind
DsaopBindWithCred
DsGetDomainControllerInfoW
DsGetSpnW
DsGetSpnA
DsListServersForDomainInSiteA
DsListServersInSiteA
DsBindWithCredA
DsFreeSchemaGuidMapW
DsLogEntry
DsListServersInSiteW
DsServerRegisterSpnA
DsUnquoteRdnValueA
DsListServersForDomainInSiteW

Exports

Exports

ButMay
TheASyntaxOptionalThe
ValidStarting

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1010B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

057d8e121fd81b1529a30e30c88febc1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

crypt32

cryptui

ntdsapi

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 119KB

.data Size: 4KB - Virtual size: 104KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1010B

.text
Size: 120KB - Virtual size: 119KB

.data
Size: 4KB - Virtual size: 104KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1010B