9387e54e842dfd87ba8b5020938bc13d35633b867d887c6e556e0d96063ec96d

Sharing

Copy URL Twitter E-mail

General

Target

9387e54e842dfd87ba8b5020938bc13d35633b867d887c6e556e0d96063ec96d
Size

372KB
MD5

6f7a88a4a562e4f549f7fcaf4862f380
SHA1

879d621ff07f5c6ea64f98ebd8f4a6724bd9c3b8
SHA256

9387e54e842dfd87ba8b5020938bc13d35633b867d887c6e556e0d96063ec96d
SHA512

ced4184bae09f14d9b04f83db8a32ea884a47c526ce7453c1db39a236f0660afa944e5d9668347f10149746db5e97b672dac712c749ec78bb2361c408ed0e1fe
SSDEEP

6144:rM8y7zDXM+8XjpGZwPT+fDLr9K1egJSQzE8nGrTXO2lA0vKLHQYyDRFK:rM5/GjlPT+fvI1NSQzE0W9AHQY+RU

Score

N/A

Malware Config

Signatures

Files

9387e54e842dfd87ba8b5020938bc13d35633b867d887c6e556e0d96063ec96d
.dll windows x86

2c84adf93fcef36db3cf7a78d32d37d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msvcrt

strrchr
strncmp
strchr
rand
puts
printf
memset
malloc
iswdigit
isspace
getenv
fseek
strstr
fprintf
fopen
fgets
fclose
atoi
_wspawnvp
_vsnprintf
_stricmp
_msize
_initterm
_exit
_controlfp
_cexit
_amsg_exit
__set_app_type
__p__fmode
__p__environ
__p__commode
_XcptFilter
time
tolower
free

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

dbghelp

SymRegisterCallback64
SymCleanup
MakeSureDirectoryPathExists
SymSetOptions
SymSetSearchPath
SymFindFileInPath
SymInitialize

kernel32

UnhandledExceptionFilter
TerminateProcess
SetUnhandledExceptionFilter
SetLastError
SetFilePointer
SetFileAttributesA
SetErrorMode
SetCurrentDirectoryA
RtlUnwind
RemoveDirectoryA
ReadFile
QueryPerformanceCounter
ProcessIdToSessionId
OutputDebugStringA
OpenProcess
MapViewOfFile
LocalFree
UnmapViewOfFile
LoadLibraryA
InterlockedExchange
HeapLock
HeapFree
HeapAlloc
GlobalMemoryStatus
GetTickCount
GetTempPathA
GetSystemTimeAsFileTime
GetProcessPriorityBoost
GetProcessHeap
GetProcAddress
GetPrivateProfileSectionA
GetModuleHandleA
GetFullPathNameA
GetFileAttributesExA
GetFileAttributesA
GetCurrentThreadId
VirtualAlloc
WriteFile
LocalAlloc
CopyFileA
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCommandLineA
FlushViewOfFile
FindNextFileA
FindFirstFileExA
FindFirstFileA
CloseHandle
CreateFileA
CreateFileMappingA
DeleteFileA
ExitProcess
FindClose

Exports

Exports

AbandonSearch
BuildADsPathFromLDAPPath2
CreateDSObject
DisassembleEffect

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c84adf93fcef36db3cf7a78d32d37d0

Headers

File Characteristics

Imports

version

msvcrt

advapi32

dbghelp

kernel32

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 74KB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 68KB - Virtual size: 70KB

.rsrc Size: 57KB - Virtual size: 57KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 68KB - Virtual size: 70KB

.rsrc
Size: 57KB - Virtual size: 57KB

.reloc
Size: 5KB - Virtual size: 4KB