dcee52eed64672d829123a727d555176fc4433c36d9a41a128c7f0980be9e17a

Sharing

Copy URL Twitter E-mail

General

Target

dcee52eed64672d829123a727d555176fc4433c36d9a41a128c7f0980be9e17a
Size

237KB
MD5

15499bd5e6f103c464dced4327afa5c0
SHA1

a0cdf0eddfb34e27dd8141c780af29370cccda15
SHA256

dcee52eed64672d829123a727d555176fc4433c36d9a41a128c7f0980be9e17a
SHA512

6a83a08ca539cc892b47512c9770b61a8bfad5cc1ae8089a28c4d2ca659a2c9ae8bc25138a142b6df19c28c04b8b6638876ff442c88fb0cb30a68c5bd5a43768
SSDEEP

6144:Q2rxQr66+n+p8daMqi+nvqio51L63J7Xx17PRVV2FnpeJdH0:QY6r61+ppd2LWJjbMJpeX0

Score

N/A

Malware Config

Signatures

Files

dcee52eed64672d829123a727d555176fc4433c36d9a41a128c7f0980be9e17a
.exe windows x86

4abaf50174c38b7702067cfe8a3b5def

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_next_reference
ldap_addW
ldap_search_abandon_page
ldap_control_freeA
ldap_delete_extW
ldap_unbind_s
ldap_sasl_bindA
ldap_add_ext_sW
ldap_unbind
ldap_err2stringW
ldap_bind_s
ldap_check_filterW
ldap_explode_dn
ldap_parse_extended_resultA
ldap_first_entry
ldap_modify_sW
LdapUTF8ToUnicode
ldap_parse_referenceA
ldap_get_optionW
ldap_get_dnA
ldap_parse_extended_resultW
ldap_get_values
ldap_get_next_page_s
ldap_get_paged_count
ldap_compare_extW
ldap_modrdnA
ldap_add_ext_s

odbc32

SQLProceduresW
ODBCQualifyFileDSNW
SQLGetDescRecW
SQLGetCursorNameW
SQLGetDescRecA
SQLCloseCursor
SQLGetEnvAttr
SQLAllocHandleStd
VFreeErrors
SQLSetDescField
SQLBrowseConnectA
SQLColumns
SQLSetStmtAttrA
SQLGetDescFieldA
SQLErrorW
SQLSetCursorNameA
SQLSetConnectAttr

adsldpc

LdapParseResult
LdapRenameExtS
ADsHelperGetCurrentRowMessage
IsGCNamespace
LdapGetSyntaxIdOfAttribute
LdapNextAttribute
LdapNextEntry
BuildADsParentPathFromObjectInfo2
ConvertU2TrusteeToSid
GetSyntaxOfAttribute
BuildLDAPPathFromADsPath2
ADsCreateDSObject
ADsExecuteSearch
LdapInitializeSearchPreferences
LdapCloseObject
BerBvFree
MapADSTypeToLDAPType
LdapMsgFree
LdapReadAttribute2
BuildADsPathFromLDAPPath2
SchemaAddRef
BuildADsParentPathFromObjectInfo
LdapTypeFreeLdapObjects
LdapModifyExtS
AdsTypeToLdapTypeCopyTime

kernel32

GetNextVDMCommand
BaseUpdateAppcompatCache
LoadLibraryW
GetProcessHeaps
SetConsoleCursorMode
EnumSystemLocalesA
RegisterWaitForSingleObject
CreateTapePartition
GetTickCount
lstrcpynA
GetProcessPriorityBoost
GetCurrentThread
GetUserDefaultLCID
TransactNamedPipe
SetLastError
CloseProfileUserMapping
GetEnvironmentVariableW

rpcns4

RpcNsEntryObjectInqBeginA
RpcNsEntryObjectInqDone
I_RpcNsSendReceive
RpcNsEntryObjectInqNext
RpcNsMgmtEntryCreateW
RpcNsGroupMbrInqDone
RpcNsEntryExpandNameA
RpcNsMgmtEntryDeleteW
RpcNsProfileEltRemoveW
RpcNsGroupMbrRemoveA
RpcNsGroupMbrAddA
RpcNsBindingUnexportPnPW
RpcIfIdVectorFree
RpcNsBindingUnexportW
RpcNsProfileEltInqBeginW
RpcNsProfileEltInqNextA
RpcNsProfileEltAddW

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4abaf50174c38b7702067cfe8a3b5def

Headers

File Characteristics

Imports

wldap32

odbc32

adsldpc

kernel32

rpcns4

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 47KB - Virtual size: 47KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 47KB - Virtual size: 47KB

.rsrc
Size: 3KB - Virtual size: 2KB