87812bf676d7cadb408609696a8d9a2e4c7142c6acddcb640b43f6c0650173e0

Sharing

Copy URL Twitter E-mail

General

Target

87812bf676d7cadb408609696a8d9a2e4c7142c6acddcb640b43f6c0650173e0
Size

362KB
MD5

14a35d99baa7a360e9e2df363f3cafc3
SHA1

cce51e24fec065659a4995032f01b0f7c456b64c
SHA256

87812bf676d7cadb408609696a8d9a2e4c7142c6acddcb640b43f6c0650173e0
SHA512

250cafd811fc42d1f57fd4a49d334aff91d758634868163797641da9539942267ba20b79fbdfd56a20489f9b40c44655677af293bf0af1621a68594fb6df59ef
SSDEEP

6144:jiPCtBHKZqyxP4gkkwc76EmPrgz/w/CieZiN7isW05JyQoBzWhpDdKyATXnuxfA:PqZDjmP8z/w//eelWKkkhpJKyyuxo

Score

N/A

Malware Config

Signatures

Files

87812bf676d7cadb408609696a8d9a2e4c7142c6acddcb640b43f6c0650173e0
.exe windows x86

637588f1102722de2715519341ea725a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msvcrt

_wexeclp
wcsxfrm
_wutime
_futime
_i64tow
_msize
__mb_cur_max
tolower
_wexeclpe
fgets
wcstol
_vsnwprintf
fscanf
tmpfile
__p__timezone
__CxxQueryExceptionSize
_ismbcgraph
div
_longjmpex
_wexecve
_chdrive
_chkesp
_y0
_lrotl
_resetstkoflw
_heapmin
__lc_handle
??1exception@@UAE@XZ
_mbsicmp
_strlwr
_scprintf
_execvpe
_isatty
___unguarded_readlc_active_add_func
fputc
_wfdopen
_wcsdup
_set_error_mode

kernel32

GetNumberOfConsoleFonts
GetDiskFreeSpaceExA
FindFirstVolumeA
LoadLibraryExA
GetCurrentProcessId
LoadLibraryA
HeapReAlloc
DeleteTimerQueueTimer
GetConsoleAliasA
GetNumberFormatW
SetVolumeMountPointA
GetBinaryType
GetSystemTimeAsFileTime
SetLastError
SetConsoleMode
GetProcAddress
AddAtomW
GetLogicalDriveStringsA
GetTimeZoneInformation
CompareStringW
CreateToolhelp32Snapshot
Module32NextW
AddLocalAlternateComputerNameA
EnumLanguageGroupLocalesA
lstrcpyn
OpenProfileUserMapping
PrivCopyFileExW
Heap32First
VirtualAlloc
FindActCtxSectionStringA
OpenEventA
GetConsoleOutputCP
GetSystemDirectoryA
CloseConsoleHandle
LZInit
WriteProfileStringA
GetFirmwareEnvironmentVariableA
GlobalHandle
BaseCheckAppcompatCache
GetDateFormatW
CmdBatNotification

crtdll

_getche
gets
_mbsrchr
_getch
_wcsnicmp
_mbsnccnt
__fpecode
_strlwr
localeconv
sprintf
_open
_mbctokata
_timezone_dll
_exit
_findclose
_rotl
_endthread
_cabs
strspn
_spawnve
_winmajor_dll
_creat
_mbsninc
isupper
_spawnvpe
fwscanf
_strcmpi
_pclose
strncat
_flsbuf
_ismbcl1
atan2
_finite
_putch

advapi32

ConvertStringSDToSDRootDomainW
TraceEvent
AddAuditAccessAce
ObjectOpenAuditAlarmW
QueryServiceConfig2A
SetInformationCodeAuthzLevelW
CredpEncodeCredential
EqualDomainSid
SystemFunction041
CryptExportKey
CreateProcessWithLogonW
BackupEventLogA
WmiDevInstToInstanceNameW
LsaDelete
RegOverridePredefKey
CryptReleaseContext
IsTokenRestricted
BuildTrusteeWithSidA
RegOpenKeyExA
RegisterEventSourceA
ConvertSDToStringSDRootDomainA
WmiNotificationRegistrationW
LsaOpenTrustedDomainByName
ImpersonateNamedPipeClient
LsaStorePrivateData
AddAccessAllowedAceEx
EqualSid
CredWriteA
BuildImpersonateTrusteeA
EnableTrace
RegCreateKeyExA
GetUserNameA
AddAccessDeniedObjectAce
LsaSetSecret

query

??0CAllocStorageVariant@@QAE@AAVPDeSerStream@@AAVPMemoryAllocator@@@Z
LoadTextFilter
?GetOleError@@YGJAAVCException@@@Z
?GetVPathAuthorization@CMetaDataMgr@@QAEKPBG@Z
?Rewind@CMmStreamConsecBuf@@QAEXXZ
?GetWChar@CMemDeSerStream@@UAEXPAGK@Z
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecordForWrites@@@Z
?Lookup@CPropStoreInfo@@AAEIK@Z
??0CPropNameArray@@QAE@AAVPDeSerStream@@@Z
??0CColumnSet@@QAE@I@Z
??0CPhysStorage@@IAE@AAVPStorage@@AAVPStorageObject@@KPAVPMmStream@@W4EOpenMode@1@HIH@Z
CIMakeICommand
?SetProperty@CFullPropSpec@@QAEHPBG@Z
?ReleaseWorkThreads@CWorkQueue@@QAEXXZ
?Marshall@CDbPropSet@@QBEXAAVPSerStream@@@Z
?OpenRecord@CPropStoreManager@@QAEPAVCCompositePropRecord@@KPAE@Z
CITextToSelectTreeEx
?GetGlobalStaticPropertyList@@YGPAVCStaticPropertyList@@XZ
?GetPropTypeCount@CEmptyPropertyList@@SGIXZ
??0CFullPropSpec@@QAE@ABV0@@Z
??1CDbCmdTreeNode@@QAE@XZ
LoadIFilter
?Serialize@CDbQueryResults@@QBEXAAVPSerStream@@@Z
?AddArg@CFwEventItem@@QAEXPBG@Z
??0CPropertyRestriction@@QAE@XZ
?VT_VARIANT_LE@@YGHABUtagPROPVARIANT@@0@Z
?Clone@CEnumString@@UAGJPAPAUIEnumString@@@Z
?GetNumber@CQueryScanner@@QAEHAAKAAH@Z
?Skip@CEnumString@@UAGJK@Z
?AccessCheck@CSdidLookupTable@@QAEHKPAXKAAH@Z
?VerifyConsistency@PRcovStorageObj@@QAEXXZ
??1CDbPropIDSet@@QAE@XZ
CITextToSelectTree
?Empty@CRcovStrmWriteTrans@@QAEXXZ
??1CRangeKeyRepository@@UAE@XZ
?QueryScopeAdmin@CCatalogAdmin@@QAEPAVCScopeAdmin@@PBG@Z
?GetULong@CMemDeSerStream@@UAEKXZ
?CIShutdown@@YGXXZ
?_wcstoui64@@YA_KPBGPAPAGH@Z

adsldpc

LdapReadAttribute
ADsAbandonSearch
LdapGetSubSchemaSubEntryPath
SchemaOpen
ADsDeleteClassDefinition
SchemaAddRef
LdapNextEntry
LdapSearchST
?SetExclaimnationDisabler@CLexer@@QAEXH@Z
LdapCrackUserDNtoNTLMUser2
LdapParsePageControl
LdapSearchInitPage
ADsSetObjectAttributes
ChangeSeparator
GetDisplayName
LdapCountEntries
LdapGetSyntaxOfAttributeOnServer
LdapControlFree
LdapSearchExtS
LdapOpenObject
SchemaGetClassInfo
LdapGetValuesLen
??1CLexer@@QAE@XZ
ConvertU2TrusteeToSid
LdapSearch
LdapInitializeSearchPreferences
LdapGetDn
LdapSearchS
LdapTypeToAdsTypeDNWithString
ReallocADsMem
ADsGetNextColumnName
MapADSTypeToLDAPType
AdsTypeToLdapTypeCopyDNWithString
SchemaGetClassInfoByIndex
ADsGetNextRow
ADsCreateAttributeDefinition
ADsGetFirstRow
ADsHelperGetCurrentRowMessage
LdapTypeToAdsTypeGeneralizedTime

wsock32

WSAStartup
GetTypeByNameW
shutdown
WSApSetPostRoutine
WSAGetLastError
SetServiceW
listen
WSAAsyncGetServByPort
send
WEP
gethostname
ntohl
WSAAsyncGetProtoByName
WSASetBlockingHook
recv
recvfrom
getprotobyname
GetTypeByNameA
SetServiceA
socket
TransmitFile
WSAIsBlocking
s_perror
getservbyname
AcceptEx
sendto
getpeername
WSAAsyncSelect
WSASetLastError
WSACancelAsyncRequest

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

637588f1102722de2715519341ea725a

Headers

File Characteristics

Imports

msvcrt

kernel32

crtdll

advapi32

query

adsldpc

wsock32

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 112KB - Virtual size: 112KB

.data Size: 79KB - Virtual size: 472KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 112KB - Virtual size: 112KB

.data
Size: 79KB - Virtual size: 472KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 1024B - Virtual size: 1024B