53096c1bd380781fa98e151bf715bc58a546b1eb943cc3ff551e115e4ce10d13

Sharing

Copy URL Twitter E-mail

General

Target

53096c1bd380781fa98e151bf715bc58a546b1eb943cc3ff551e115e4ce10d13
Size

46KB
MD5

f521e2af1b9b9e27933aded8adb158a3
SHA1

550e40b2ccf09cf6042816122032ee3511c8c285
SHA256

53096c1bd380781fa98e151bf715bc58a546b1eb943cc3ff551e115e4ce10d13
SHA512

d91896fbcd68788e88874facf0e5bd1a533134fe3b1d5e51c0e97978c6b2379abe213fba07ef39f63b854a616df2470897d7dae3df6057addeecc6a92ab28fbb
SSDEEP

768:AgOeVZRy+nBLIlO5apKze79TyHrnCIvsLv+lLE1toHP5QE9qVfETA51N8Xmb:AgByIi85a0ze7hSCBv65x581qmb

Score

N/A

Malware Config

Signatures

Files

53096c1bd380781fa98e151bf715bc58a546b1eb943cc3ff551e115e4ce10d13
.exe windows x86

2b4fea88ebc0aa19f070dba28872e104

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??0ostrstream@@QAE@ABV0@@Z
?close@fstream@@QAEXXZ
??0strstream@@QAE@XZ
??0fstream@@QAE@H@Z
__dummy_export
?sputbackc@streambuf@@QAEHD@Z
?x_lockc@ios@@0U_CRT_CRITICAL_SECTION@@A
??0istream@@IAE@XZ
?write@ostream@@QAEAAV1@PBEH@Z
?setmode@fstream@@QAEHH@Z
?underflow@stdiobuf@@UAEHXZ
?get@istream@@QAEAAV1@PAEHD@Z
??0istrstream@@QAE@PAD@Z
?open@fstream@@QAEXPBDHH@Z
?is_open@filebuf@@QBEHXZ
?rdbuf@ios@@QBEPAVstreambuf@@XZ
?xalloc@ios@@SAHXZ
??0logic_error@@QAE@ABQBD@Z
??1strstreambuf@@UAE@XZ
??_Gstrstreambuf@@UAEPAXI@Z
?get@istream@@QAEHXZ
??_Estdiobuf@@UAEPAXI@Z
?write@ostream@@QAEAAV1@PBCH@Z
??0exception@@QAE@XZ
?opfx@ostream@@QAEHXZ
??_8istream@@7B@
??_7stdiostream@@6B@

advapi32

ElfOldestRecord
WmiFreeBuffer
GetServiceDisplayNameW
CommandLineFromMsiDescriptor
BuildImpersonateExplicitAccessWithNameA
IsTextUnicode
WmiQuerySingleInstanceA
ConvertSecurityDescriptorToStringSecurityDescriptorA
RegReplaceKeyA
SetEntriesInAuditListA
SaferiIsExecutableFileType
WmiReceiveNotificationsW
EnumServicesStatusA
StartServiceCtrlDispatcherW
OpenBackupEventLogW
QueryServiceStatus
StartServiceCtrlDispatcherA
A_SHAUpdate
I_ScIsSecurityProcess
RegQueryValueA
SystemFunction008
WmiMofEnumerateResourcesW
IsValidSid
EnumDependentServicesA
RegGetKeySecurity
GetUserNameW
ReadEventLogA

activeds

SecurityDescriptorToBinarySD
FreeADsMem
ADsEnumerateNext
ADsOpenObject
ADsBuildVarArrayStr
AllocADsStr
ADsBuildVarArrayInt
ADsGetLastError
ADsGetObject
ADsEncodeBinaryData
PropVariantToAdsType
ADsSetLastError
AdsTypeToPropVariant2
ConvertSecDescriptorToVariant
AdsTypeToPropVariant
AllocADsMem
FreeADsStr
BinarySDToSecurityDescriptor
ReallocADsStr
ConvertSecurityDescriptorToSecDes
ADsDecodeBinaryData
PropVariantToAdsType2
ReallocADsMem
ADsFreeEnumerator
ADsBuildEnumerator
AdsFreeAdsValues

kernel32

GetLogicalDriveStringsW
IsSystemResumeAutomatic
FileTimeToSystemTime
GetComputerNameW
WaitNamedPipeA
MulDiv
InitializeCriticalSectionAndSpinCount
TransmitCommChar
BackupRead
WaitForSingleObjectEx
SetLocalPrimaryComputerNameA
GetComputerNameA
GetProcAddress
GetStartupInfoA
GetCurrentProcessId
GetCPInfo
GetProcessAffinityMask
ShowConsoleCursor
VirtualAlloc
FindNextChangeNotification
GetBinaryTypeW
PurgeComm
DuplicateConsoleHandle
GetEnvironmentStringsW
DosPathToSessionPathA
GetLongPathNameA
DelayLoadFailureHook
SleepEx
OutputDebugStringA
GetProcessId
SetTapeParameters
SetClientTimeZoneInformation
SetFilePointerEx
LockFile
GetConsoleAliasExesA
LoadLibraryA
QueryActCtxW
GetVolumeNameForVolumeMountPointA

ntdsapi

DsMakePasswordCredentialsA
DsBindWithCredA
DsReplicaSyncW
DsReplicaGetInfo2W
DsReplicaGetInfoW
DsMapSchemaGuidsA
DsaopBind
DsIsMangledDnA
DsWriteAccountSpnW
DsRemoveDsServerA
DsUnquoteRdnValueW
DsReplicaUpdateRefsW
DsaopUnBind
DsCrackSpn3W
DsCrackUnquotedMangledRdnW
DsGetDomainControllerInfoW
DsUnBindW
DsReplicaDelW
DsReplicaAddA
DsInheritSecurityIdentityW
DsReplicaModifyW
DsAddSidHistoryA
DsReplicaSyncA
DsReplicaVerifyObjectsW
DsMakeSpnA
DsListDomainsInSiteA

msoert2

strtrim
CreateStreamOnHFileW
DeleteTempFile
HrGetElementImpl
HrStreamToByte
HrCopyStreamCBEndOnCRLF
WriteStreamToFile
CopyRegistry
PszEscapeMenuStringA
PVGetMsgParam
CleanupFileNameInPlaceA
ReplaceChars
HrCreateTridentMenu
HrIndexOfMonth
PszDayFromIndex
FIsSpaceW
UpdateRebarBandColors
HrGetCertKeyUsage
OpenFileStreamShare
HrCopyStreamCB
HrCopyLockBytesToStream
UlStripWhitespace
GetDllMajorVersion
HrStreamSeekBegin
PVDecodeObject
OpenFileStream
CenterDialog
HrLPSZCPToBSTR
IsDigit
PszSkipWhiteW
PszToUnicode
HrIndexOfWeek
CreateDataObject

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b4fea88ebc0aa19f070dba28872e104

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

advapi32

activeds

kernel32

ntdsapi

msoert2

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 892B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 892B

.rsrc
Size: 1KB - Virtual size: 1KB