9236697337924b866d4ac5dc0bd444fedf97aec6bf8a7b9380dc8ebadb92a03c

Sharing

Copy URL Twitter E-mail

General

Target

9236697337924b866d4ac5dc0bd444fedf97aec6bf8a7b9380dc8ebadb92a03c
Size

133KB
MD5

50db751be9795ede6cfe9f6f7512bea0
SHA1

2b3de73fde91cf4e4a20e22ed94eeb218932162f
SHA256

9236697337924b866d4ac5dc0bd444fedf97aec6bf8a7b9380dc8ebadb92a03c
SHA512

4db5e381784f06c5362a6168a9d16e8d46918fc24b87ccf3fd7a5a438be00309aea7ec6df466f66b77a8c19c7739721f718a71e74bb8f93868bed4da7536b5be
SSDEEP

3072:dba8lEz6JUTGAYHKGbrPla0FAULi0H8ox4NYV:dbPjPnVqN

Score

N/A

Malware Config

Signatures

Files

9236697337924b866d4ac5dc0bd444fedf97aec6bf8a7b9380dc8ebadb92a03c
.exe windows x86

94869008dadff23f89983db4855f6c36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msacm32

acmDriverEnum
acmStreamConvert
acmFormatTagEnumW
acmFilterTagDetailsW
acmDriverDetailsW
acmGetVersion
acmFilterDetailsW
acmDriverMessage
acmFilterChooseA
acmFormatSuggest
acmFilterDetailsA
acmStreamUnprepareHeader
acmFilterTagDetailsA
acmDriverClose
acmMessage32
acmStreamPrepareHeader
acmDriverAddW
acmDriverDetailsA
acmStreamMessage
acmFormatEnumW
acmStreamOpen
acmStreamReset
acmFilterChooseW
acmFormatDetailsW
acmDriverOpen
acmFormatTagDetailsW
acmDriverRemove
acmFilterTagEnumA
acmFilterEnumW
acmFormatTagDetailsA
acmMetrics
acmFormatTagEnumA
XRegThunkEntry
acmStreamSize
acmFilterTagEnumW
acmDriverPriority
acmFormatDetailsA
acmStreamClose
acmFilterEnumA
acmFormatEnumA
acmDriverID
acmFormatChooseW
acmDriverAddA
acmFormatChooseA

adsldpc

ADsGetColumn
ADSICloseSearchHandle
ADsCreateAttributeDefinition
Component
SortAndRemoveDuplicateOIDs
ADSIGetFirstRow
ADsGetObjectAttributes
ADSIGetNextRow
SchemaOpen
ADsDeleteDSObject
ADSIOpenDSObject
?GetNextToken@CLexer@@QAEJPAGPAK@Z
AdsTypeToLdapTypeCopyTime
ADSISetSearchPreference
LdapFirstEntry
ADsGetNextColumnName
?SetFSlashDisabler@CLexer@@QAEXH@Z
ReallocADsStr
ADsCloseSearchHandle
AdsTypeFreeAdsObjects
LdapRenameExtS
LdapModifyS
LdapOpenObject
?SetAtDisabler@CLexer@@QAEXH@Z
LdapAddExtS
SchemaGetObjectCount
ConvertSidToString
ADSIFreeColumn
LdapCacheAddRef
ADsWriteClassDefinition
LdapResult
LdapGetDn
BuildADsPathFromParent

mfcsubs

??P@YG_NPBGABVCString@@@Z
?FreeExtra@CString@@QAEXXZ
??0CString@@QAE@PBGH@Z
?ElementAt@CStringArray@@QAEAAVCString@@H@Z
??4CString@@QAEABV0@ABV0@@Z
??H@YG?AVCString@@PBGABV0@@Z
?Release@CString@@KGXPAUCStringData@@@Z
?GetAt@CString@@QBEGH@Z
?Unlock@CCriticalSection@@UAEHXZ
?Append@CStringArray@@QAEHABV1@@Z
?LoadStringW@CString@@QAEHI@Z
?AfxLoadString@@YGHIPAGI@Z
?MakeReverse@CString@@QAEXXZ
?Lock@CSyncObject@@UAEHK@Z
??P@YG_NABVCString@@0@Z
?GetLength@CString@@QBEHXZ
?SafeStrlen@CString@@KGHPBG@Z
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
??4CString@@QAEABV0@G@Z
??0CString@@QAE@XZ
?Add@CStringArray@@QAEHPBG@Z
?Compare@CString@@QBEHPBG@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
?AllocBeforeWrite@CString@@IAEXH@Z
?SetAt@CString@@QAEXHG@Z
??M@YG_NABVCString@@0@Z
??9@YG_NPBGABVCString@@@Z
?Left@CString@@QBE?AV1@H@Z
??1CObject@@UAE@XZ
?InsertAt@CStringArray@@QAEXHPAV1@@Z
??N@YG_NPBGABVCString@@@Z
??O@YG_NABVCString@@0@Z
??H@YG?AVCString@@GABV0@@Z
?GetStartPosition@CMapStringToPtr@@QBEPAU__POSITION@@XZ
??1CString@@QAE@XZ
??N@YG_NABVCString@@0@Z

credui

CredUIInitControls
CredUIStoreSSOCredA
CredUIReadSSOCredW
CredUIParseUserNameW
CredUIPromptForCredentialsA
CredUIConfirmCredentialsA
CredUIStoreSSOCredW
CredUICmdLinePromptForCredentialsW
CredUICmdLinePromptForCredentialsA
CredUIParseUserNameA
CredUIPromptForCredentialsW
CredUIConfirmCredentialsW
CredUIReadSSOCredA

crtdll

_pgmptr_dll
_gcvt
_tell
_getche
_baseversion_dll
tolower
_isatty
_ismbbkana
_mbstrlen
_getpid
atoi
div
_wcsrev
_CIlog
_execlpe
_ismbbtrail
wctomb
wcscmp
atan2
iswdigit
_strrev
log
fputs
localtime
_dup
exit
_execvp
_mbsdup
strstr

kernel32

ReleaseSemaphore
DeleteFileA
GlobalUnfix
DefineDosDeviceA
UnlockFileEx
GetProcessAffinityMask
ClearCommBreak
FileTimeToSystemTime
PulseEvent
FlushConsoleInputBuffer
HeapCreate
CreateEventA
LoadLibraryA
LocalUnlock
SetConsoleOutputCP
EraseTape
GetTickCount
QueryPerformanceCounter
EnumDateFormatsA
FindFirstChangeNotificationW
GetStartupInfoW
lstrcmpiW
OpenFileMappingA
GlobalAddAtomW
OpenEventW
SetCurrentDirectoryW
GetModuleHandleExW
CopyLZFile
GetPrivateProfileStructW
LockFile
VirtualAlloc
GlobalUnlock
GetLocaleInfoW
UnmapViewOfFile
ReleaseActCtx
UnlockFile
GetDriveTypeA
VerSetConditionMask
SearchPathA
GetThreadContext
FatalExit
GetCurrentConsoleFont
WriteFile
LocalAlloc
UTRegister
IsBadHugeWritePtr

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94869008dadff23f89983db4855f6c36

Headers

DLL Characteristics

File Characteristics

Imports

msacm32

adsldpc

mfcsubs

credui

crtdll

kernel32

Sections

.text Size: 85KB - Virtual size: 85KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 23KB - Virtual size: 177KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 220B

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 23KB - Virtual size: 177KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 220B