f5aa2fde69da3cf9b4d7b26f02bb477e91d6a023ba55966ba455f122f07dbc30

Sharing

Copy URL Twitter E-mail

General

Target

f5aa2fde69da3cf9b4d7b26f02bb477e91d6a023ba55966ba455f122f07dbc30
Size

869KB
MD5

3d8ea3130d427bc49c2be4d2be0f61ae
SHA1

68865179b0ad93e91c567602a1071e8d78b0ef10
SHA256

f5aa2fde69da3cf9b4d7b26f02bb477e91d6a023ba55966ba455f122f07dbc30
SHA512

a8c8f35183ed6706d51c35e6f3d6b02a31a774285f2db15bee1273e27dd7f236683663df623a1b457e1293eb81dcd914b3a623cf38a05a76b0e6b7bb52310fcd
SSDEEP

24576:+QkTWsjSx8pM4KtpDuwLjfr3U06gAyTBGQM:+QkasvM4KnVL3U0qyNGQ

Score

N/A

Malware Config

Signatures

Files

f5aa2fde69da3cf9b4d7b26f02bb477e91d6a023ba55966ba455f122f07dbc30
.exe windows x86

b9132821d4f9d31ba9338223479ccc34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAAsyncGetProtoByName
send
listen
WSCUpdateProvider
WSACreateEvent
WSALookupServiceNextA
getprotobyname
WSASetServiceA
WSAStringToAddressA
WSASetLastError
inet_ntoa
getservbyport
WSAGetOverlappedResult
WSACancelAsyncRequest
WSASend
freeaddrinfo
ntohl
WSALookupServiceEnd
WSAEnumNetworkEvents
WSALookupServiceBeginW

ntdsapi

DsUnquoteRdnValueA
DsReplicaVerifyObjectsA
DsRemoveDsDomainW
DsIsMangledDnA
DsFreePasswordCredentials
DsFreeSchemaGuidMapW
DsCrackSpn2A
DsFreeSpnArrayW
DsInheritSecurityIdentityW
DsRemoveDsServerA
DsMakePasswordCredentialsW
DsBindA
DsListInfoForServerA
DsListSitesA
DsCrackSpnA
DsMapSchemaGuidsW
DsReplicaUpdateRefsW

wintrust

CryptCATCDFEnumMembers
WTHelperGetFileHandle
WintrustAddActionID
WVTAsn1SpcMinimalCriteriaInfoDecode
CryptCATPutAttrInfo
WVTAsn1SpcIndirectDataContentEncode
WTHelperGetProvSignerFromChain
TrustIsCertificateSelfSigned

kernel32

LocalReAlloc
CreateFileMappingA
SetFileShortNameA
MoveFileExW
HeapValidate
SetConsoleTitleA
GetConsoleTitleA
SetConsoleTextAttribute
SetCriticalSectionSpinCount
FindNextVolumeMountPointA
GetComputerNameExW
LoadLibraryA
GetExitCodeThread
GetStartupInfoA
GetConsoleMode
GetNumberFormatA
GetConsoleAliasExesLengthA
GetStdHandle
SetCalendarInfoW
FindFirstVolumeA
TerminateJobObject
HeapCreate
QueryMemoryResourceNotification

gdi32

ColorMatchToTarget
EngAlphaBlend
CreateFontIndirectW
SetMapperFlags
DdEntry53
DeviceCapabilitiesExW
GetTextExtentPointI
DdEntry24
StrokeAndFillPath
FrameRgn
SetDeviceGammaRamp
EngQueryEMFInfo
DdEntry56
GdiConvertAndCheckDC
GetMetaFileW

pdh

PdhGetFormattedCounterArrayA
PdhOpenLogA
PdhGetDataSourceTimeRangeH
PdhParseInstanceNameA
PdhVbOpenLog
PdhGetCounterInfoA
PdhMakeCounterPathW
PdhBrowseCountersHA
PdhVbOpenQuery

Sections

.text
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 207KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9132821d4f9d31ba9338223479ccc34

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

ntdsapi

wintrust

kernel32

gdi32

pdh

Sections

.text Size: 357KB - Virtual size: 356KB

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 207KB - Virtual size: 1.7MB

.rsrc Size: 168KB - Virtual size: 167KB

.reloc Size: 1024B - Virtual size: 948B

.text
Size: 357KB - Virtual size: 356KB

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 207KB - Virtual size: 1.7MB

.rsrc
Size: 168KB - Virtual size: 167KB

.reloc
Size: 1024B - Virtual size: 948B