2e2aad1a17afbc0a569469617598e2117961def444573f14d184647e613fda84

Sharing

Copy URL Twitter E-mail

General

Target

2e2aad1a17afbc0a569469617598e2117961def444573f14d184647e613fda84
Size

774KB
MD5

2a9b0ac4327a431f62eb01b76b209410
SHA1

ff754ad7412f26b9f6c5df0d682c1a57296acd9f
SHA256

2e2aad1a17afbc0a569469617598e2117961def444573f14d184647e613fda84
SHA512

84fd5ed5742e4bdb4cce111c26f8d87be7d804f0a90bf2bf63bc49f7dd6059c3467ec8a44ca57054ef85e1342783ee20807b32074b6b14e2058b695c08edeac3
SSDEEP

12288:9MV15o/BlxTwGdAB06yO7HyuoXoLIx26Y/qDrraUDMFUcaOR3d//vH:9JkyA3biY0fznPoFU4N//

Score

N/A

Malware Config

Signatures

Files

2e2aad1a17afbc0a569469617598e2117961def444573f14d184647e613fda84
.exe windows x86

633df0589e1cd0f6427232e6c60be115

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mprapi

MprAdminInterfaceCreate
MprInfoBlockFind
MprAdminServerDisconnect
MprConfigInterfaceDelete
MprConfigInterfaceTransportEnum
MprAdminConnectionEnum
MprConfigGetGuidName
MprConfigInterfaceTransportSetInfo
MprConfigInterfaceEnum
MprAdminUserOpen

kernel32

GetDevicePowerState
InterlockedExchange
GetVolumePathNameA
EnumResourceLanguagesW
SetProcessAffinityMask
PurgeComm
GetCPInfo
FindResourceW
GetStringTypeExA
VirtualAlloc
DeleteTimerQueueTimer
InterlockedDecrement
CompareStringW
GetWindowsDirectoryA
GetDefaultCommConfigW
WaitForMultipleObjects
FreeConsole
RegisterWaitForSingleObject
SetVolumeMountPointW

netapi32

NetUserChangePassword
NetUserGetGroups
I_NetServerSetServiceBitsEx
NetUseEnum
NetUserSetInfo
NetUserModalsGet
NetFileEnum
NetServiceInstall
NetServerSetInfo
NetLocalGroupAddMembers
NetUseGetInfo
NetLocalGroupGetMembers

advapi32

GetKernelObjectSecurity
RegFlushKey
CryptEncrypt
QueryServiceStatus
GetSidSubAuthority
StartServiceCtrlDispatcherA
CryptGetHashParam
RegUnLoadKeyW
BackupEventLogW

ntdsapi

DsMakePasswordCredentialsW
DsMakeSpnW
DsGetDomainControllerInfoW
DsBindWithCredW
DsQuoteRdnValueW
DsFreeSchemaGuidMapW
DsCrackNamesW
DsFreePasswordCredentials
DsMapSchemaGuidsW
DsCrackSpnW
DsBindW

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 595KB - Virtual size: 958KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 42B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

633df0589e1cd0f6427232e6c60be115

Headers

File Characteristics

Imports

mprapi

kernel32

netapi32

advapi32

ntdsapi

Sections

.text Size: 5KB - Virtual size: 5KB

DATA Size: 595KB - Virtual size: 958KB

.rsrc Size: 172KB - Virtual size: 171KB

.reloc Size: 512B - Virtual size: 42B

.text
Size: 5KB - Virtual size: 5KB

DATA
Size: 595KB - Virtual size: 958KB

.rsrc
Size: 172KB - Virtual size: 171KB

.reloc
Size: 512B - Virtual size: 42B