bf27dad0edaa00208352dde38923626f4711f32044ebc25a6a27793b27b81bbf

Sharing

Copy URL Twitter E-mail

General

Target

bf27dad0edaa00208352dde38923626f4711f32044ebc25a6a27793b27b81bbf
Size

824KB
MD5

56a055891cc3db4c741869c4ff3de53f
SHA1

9e6ed087ae556166482b0473257aefe497c6b373
SHA256

bf27dad0edaa00208352dde38923626f4711f32044ebc25a6a27793b27b81bbf
SHA512

3294f0c3e3b2eb41aa1c449a067819a732132cfd764908d3db33067c1528c30192cf2befa15a1d96fd52130ed436186c659dad6d4962ed9d3f5bd91eaf51f9f8
SSDEEP

24576:0a+Iu/9G35zC4Uiyym4Gp+BZHLrh+0l2cf92eUYAQvqvTiI:0aXu/e5z7WRfwZrl1ZweHAQvKz

Score

N/A

Malware Config

Signatures

Files

bf27dad0edaa00208352dde38923626f4711f32044ebc25a6a27793b27b81bbf
.exe windows x86

dc7890cf38ef17e9c2c6efcea3fb5a1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeactivateActCtx
GetConsoleProcessList
GetLongPathNameW
EnumSystemLanguageGroupsW
LoadLibraryExW
InterlockedPushEntrySList
GetModuleHandleW
GetFileInformationByHandle
DeleteCriticalSection
DeleteFileW
WTSGetActiveConsoleSessionId
GetLocaleInfoW
GetConsoleCommandHistoryLengthA
WriteProfileStringW
FindNextVolumeMountPointW
LZStart
GetCurrentThread
_lclose
MapViewOfFileEx
HeapSummary
QueryDepthSList
GetNumaHighestNodeNumber
FindVolumeMountPointClose
GlobalFindAtomW
GetACP
GetConsoleInputWaitHandle
GetProcessHeap
LoadLibraryW
RestoreLastError
GetDiskFreeSpaceExW

sqlunirl

_EnumDisplaySettings_@12
_OpenFileMapping_@12
_RegQueryInfoKey_@48
_GetTextExtentPoint@16
_DefineDosDevice_@12
_OpenEventLog_@8
_DlgDirList_@20
_NDdeGetShareSecurity_@24
_ChangeMenu_@20
_OpenMutex_@12
_EnumFonts_@16
_RemoveFontResource_@4
_NDdeShareDel_@12
_FreeEnvironmentStrings@4
_GetProcAddress_@8
_UpdateResource_@24
_RegCreateKey_@12
_EnumDesktops_@12
_GetClassInfoEx_@12
_CreateSemaphore_@16
_GlobalGetAtomName_@12
_GetTextExtentPoint32@16

winsta

WinStationQueryLicense
WinStationVirtualOpen
WinStationShadow
_WinStationUpdateSettings
WinStationConnectCallback
WinStationEnumerateA
_WinStationNotifyLogon
WinStationSendMessageA
WinStationEnumerateLicenses
ServerSetInternetConnectorStatus
ServerLicensingUnloadPolicy
WinStationWaitSystemEvent
ServerQueryInetConnectorInformationA
_WinStationUpdateUserConfig
WinStationQueryUpdateRequired
WinStationNtsdDebug
LogonIdFromWinStationNameA
_WinStationShadowTarget
_NWLogonSetAdmin
WinStationGetLanAdapterNameW
WinStationCloseServer
WinStationConnectA
WinStationGenerateLicense
WinStationRemoveLicense
ServerLicensingSetPolicy
ServerGetInternetConnectorStatus
ServerLicensingGetPolicyInformationW
WinStationShutdownSystem
_WinStationGetApplicationInfo

wininet

HttpEndRequestW
InternetSetStatusCallbackA
InternetSetPerSiteCookieDecisionW
FtpSetCurrentDirectoryA
InternetDialW
FtpPutFileW
GopherOpenFileW
CreateMD5SSOHash
GetUrlCacheGroupAttributeA
InternetSetOptionW
FtpCommandA
HttpSendRequestExW

advapi32

RegUnLoadKeyW
WmiDevInstToInstanceNameW
WmiQueryAllDataMultipleW
CredWriteW
IsTextUnicode
InitializeAcl
GetSecurityInfoExA
ElfReadEventLogA
CryptSetProviderExW
RegisterServiceCtrlHandlerA
LsaSetForestTrustInformation
CreateTraceInstanceId
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateLocallyUniqueId
CredReadW
GetMultipleTrusteeOperationW
CredUnmarshalCredentialA
CryptGenKey
MD5Init
SystemFunction031
CredWriteDomainCredentialsA
CredpDecodeCredential

wldap32

ldap_rename_extA
ldap_search_sA
ldap_compare_ext_sA
ldap_search_ext_sW
ldap_get_optionW
ldap_rename_ext_sA
ldap_parse_page_controlW
ldap_add_ext_sW
ldap_compareA
ldap_sslinitW
ldap_search_stA
ldap_modifyA
ldap_bindA

cfgmgr32

CM_Register_Device_InterfaceW
CM_Get_Resource_Conflict_DetailsA
CM_Open_Class_KeyW
CM_Add_Empty_Log_Conf
CM_Delete_DevNode_Key_Ex
CM_Uninstall_DevNode_Ex
CM_Delete_Range
CM_Add_IDW

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc7890cf38ef17e9c2c6efcea3fb5a1f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

sqlunirl

winsta

wininet

advapi32

wldap32

cfgmgr32

Sections

.text Size: 389KB - Virtual size: 389KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 173KB - Virtual size: 1.5MB

.rsrc Size: 121KB - Virtual size: 120KB

.reloc Size: 1024B - Virtual size: 856B

.text
Size: 389KB - Virtual size: 389KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 173KB - Virtual size: 1.5MB

.rsrc
Size: 121KB - Virtual size: 120KB

.reloc
Size: 1024B - Virtual size: 856B