97009f8f9e718aba6742f0a216fbf3b0d87a6d6768baa93ce3c861950af23e3b

Sharing

Copy URL Twitter E-mail

General

Target

97009f8f9e718aba6742f0a216fbf3b0d87a6d6768baa93ce3c861950af23e3b
Size

43KB
MD5

9c83322cfa9c89b20442d1e6cfbb4e7f
SHA1

61604edbc6cd7ff74991e4e850e8c1798b4c6ed1
SHA256

97009f8f9e718aba6742f0a216fbf3b0d87a6d6768baa93ce3c861950af23e3b
SHA512

e680665f538314144c626472bc037dde68129cd6a832903bde098f948667954b31017c82ad6a2e693a7f3b29ba109a0ef1b6bfdad748d03575f5379ac3f00b4a
SSDEEP

768:pdA58X6QyHzaDIm2hhlAZ2IoGT/XOUMnuhWawvmuzYW7RQlfG:pxYmDHynSoG7TMnuhWtm6DRQlfG

Score

N/A

Malware Config

Signatures

Files

97009f8f9e718aba6742f0a216fbf3b0d87a6d6768baa93ce3c861950af23e3b
.exe windows x86

811d6996761b26a9636cffcdd473619d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_modify_ext_s
ldap_compare_extA
ldap_parse_vlv_controlA
ldap_search
ldap_parse_sort_controlW
ldap_get_next_page
ldap_result2error
ldap_first_attributeW
ldap_get_next_page_s
ldap_unbind_s
ldap_modrdn
ldap_parse_page_control
ldap_close_extended_op
cldap_open
ldap_modify_ext_sA
ldap_search_st
ldap_initW

mapistub

MAPIInitialize@4
MAPIAdminProfiles@8
HrSetOmiProvidersFlagsInvalid
BMAPIGetAddress
HrThisThreadAdviseSink@8
MNLS_WideCharToMultiByte@32
SzFindLastCh@8
MAPIAllocateBuffer@8
CreateTable@36
FixMAPI
OpenIMsgOnIStg@44
UNKOBJ_ScCOReallocate@12
cmc_send
FtAddFt@16
HrDecomposeMsgID@24
UNKOBJ_COFree@8
WrapProgress@20
FPropCompareProp@12
cmc_act_on

kernel32

CancelIo
MapUserPhysicalPages
SetUserGeoID
GetFullPathNameA
SetCommTimeouts
OpenJobObjectA
CreateNamedPipeA
WriteFile
Thread32First
IsValidLanguageGroup
FindAtomW
SetFileShortNameW
lstrcpyW
CreateMutexW
InitializeCriticalSection
GetTickCount
ReadConsoleInputA
EnumCalendarInfoA
DebugActiveProcessStop
FreeLibraryAndExitThread
LoadLibraryW
GetDiskFreeSpaceA
GetVolumePathNamesForVolumeNameA
WriteProcessMemory
GetConsoleAliasW
SetProcessPriorityBoost
EnumDateFormatsA
DelayLoadFailureHook
EndUpdateResourceA
MultiByteToWideChar
GetUserDefaultLCID
GetTempFileNameW

mfcsubs

?Compare@CString@@QBEHPBG@Z
??4CString@@QAEABV0@ABV0@@Z
?FormatMessageW@CString@@QAAXPBGZZ
?GetStartPosition@CMapStringToPtr@@QBEPAU__POSITION@@XZ
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
?SetAt@CString@@QAEXHG@Z
??YCString@@QAEABV0@PBG@Z
??M@YG_NPBGABVCString@@@Z
??H@YG?AVCString@@PBGABV0@@Z
?InsertAt@CStringArray@@QAEXHPBGH@Z
?AfxW2AHelper@@YGPADPADPBGH@Z
?FindOneOf@CString@@QBEHPBG@Z
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
?Lock@CCriticalSection@@QAEHXZ
?GetAllocLength@CString@@QBEHXZ
??N@YG_NABVCString@@PBG@Z
?GetData@CStringArray@@QBEPBVCString@@XZ
??4CString@@QAEABV0@D@Z
??8@YG_NABVCString@@PBG@Z
?Collate@CString@@QBEHPBG@Z
??P@YG_NABVCString@@0@Z
??0CStringArray@@QAE@XZ
??P@YG_NPBGABVCString@@@Z

ntdll

_allmul
NtFlushKey
RtlEnableEarlyCriticalSectionEventCreation
RtlInitializeContext
LdrInitShimEngineDynamic
NtPulseEvent
ZwOpenJobObject
_aullrem
NtMapViewOfSection
RtlSetSecurityDescriptorRMControl
LdrLoadDll
LdrVerifyImageMatchesChecksum
RtlActivateActivationContext
isalpha
ZwCreateDirectoryObject
ZwPrivilegedServiceAuditAlarm
RtlDestroyQueryDebugBuffer
NtSetQuotaInformationFile
NtCreateSection
RtlConvertSharedToExclusive
ZwProtectVirtualMemory
DbgUiGetThreadDebugObject
RtlDeleteTimer
ZwRegisterThreadTerminatePort
DbgQueryDebugFilterState
NtQueryInformationProcess
NtSetEventBoostPriority
_snprintf

wiashext

AddDeviceWasChosenA
DllRegisterServer
AddDeviceWasChosen

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

811d6996761b26a9636cffcdd473619d

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

mapistub

kernel32

mfcsubs

ntdll

wiashext

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB