b80688232e0781f906507f00e2169e203a671977a0ad02feed47a6dcb73d6198

Sharing

Copy URL Twitter E-mail

General

Target

b80688232e0781f906507f00e2169e203a671977a0ad02feed47a6dcb73d6198
Size

831KB
MD5

d7b3b1e2558998ed46ea410047579cfc
SHA1

48293f6dadbce549c4dbc54e0e1eefb63db3fe2b
SHA256

b80688232e0781f906507f00e2169e203a671977a0ad02feed47a6dcb73d6198
SHA512

5f51716dc7167c84672c80dffe72ad301177cfdd4ed421d9040fe82d0443edd0ab928fb4e2e1ee1f4d86080ecc86c7345271addf0f839e9df64267b27dc35f30
SSDEEP

12288:HaSq95+TeaMNSyKkmyBpVpPMwzNelFs+uD77RQWFSKdToFWDwpF92wA8PuV:HaS65wT8Bff2w0s+u2NwToFWEpFNAA

Score

N/A

Malware Config

Signatures

Files

b80688232e0781f906507f00e2169e203a671977a0ad02feed47a6dcb73d6198
.exe windows x86

ad909120e02354d0a8d18de0fd05257a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsReplicaSyncW
DsReplicaConsistencyCheck
DsAddSidHistoryA
DsUnBindW
DsCrackSpnW
DsListInfoForServerW
DsCrackSpnA
DsFreeSchemaGuidMapA
DsIsMangledDnW
DsMapSchemaGuidsW
DsFreeNameResultA
DsInheritSecurityIdentityA
DsListServersInSiteW
DsAddSidHistoryW
DsBindWithCredA
DsCrackUnquotedMangledRdnW
DsFreeSpnArrayW
DsReplicaDelA
DsReplicaSyncAllW
DsIsMangledRdnValueA
DsGetRdnW
DsReplicaModifyW
DsListRolesW
DsRemoveDsServerA
DsQuoteRdnValueW
DsIsMangledDnA
DsWriteAccountSpnA
DsGetSpnW
DsBindWithSpnA
DsaopUnBind

kernel32

EnumResourceNamesA
SetTimerQueueTimer
CreateTimerQueue
GetCurrentDirectoryA
lstrlen
QueryDepthSList
AttachConsole
SetFilePointerEx
LoadLibraryW
GetStartupInfoA
LockResource
SetVolumeLabelW
GlobalSize
FileTimeToSystemTime
GetFileSizeEx
IsValidLanguageGroup
GetLocaleInfoA
GetNumaNodeProcessorMask
RequestWakeupLatency
GetPrivateProfileSectionNamesA
GetCurrentThread
SetLastError
GetModuleHandleW
GetVolumePathNamesForVolumeNameW

dsauth

DhcpDsInitDS
DhcpDsGetRoot
StoreCreateObjectVA
DhcpDsGetLists
DhcpDsDelServer
StoreCleanupHandle
DhcpDsValidateService
StoreGetHandle
StoreSearchGetNext
DhcpEnumServersDS
StoreCollectAttributes
DhcpDsCleanupDS
StoreBeginSearch
StoreEndSearch
DhcpDeleteServerDS

msvcrt

ctime
mktime
wcsstr
_findnext64
__getmainargs
_aligned_offset_realloc
??_Ebad_typeid@@UAEPAXI@Z
_inpw
_dup
_heapmin
__p__fileinfo
fread
getchar
_unlock
frexp
__p__acmdln
_initterm
_CIpow
atol
__toascii
__p__commode
?set_terminate@@YAP6AXXZP6AXXZ@Z
__set_app_type
__p___argv
_beginthread
strrchr
tolower
_memccpy
exit
_wgetcwd
??0bad_cast@@QAE@ABQBD@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z

odbccu32

SQLGetDescField
ReleaseCLStmtResources
SQLPutData
SQLParamData
SQLFetchScroll
SQLGetStmtOption
SQLSetStmtOption
SQLSetConnectOption
SQLSetPos
SQLCancel
SQLExtendedFetch
SQLNumParams
SQLBindCol
SQLParamOptions
SQLExecute
SQLTransact
SQLMoreResults
SQLGetStmtAttr
SQLNativeSql
SQLEndTran
SQLSetScrollOptions
SQLSetStmtAttr
SQLGetData
SQLCloseCursor
SQLFreeHandle
SQLSetDescRec
SQLBulkOperations

msoert2

HrGetStyleSheet
_MSG
CreateStreamOnHFileW
HrIndexOfWeek
CleanupGlobalTempFiles
PszSkipWhiteW
HrBSTRToLPSZ
HrSetDirtyFlagImpl
StrToUintA
FBuildTempPath

rsaenh

CPCreateHash
CPSetProvParam
CPSetKeyParam
CPEncrypt
CPGenRandom
CPGenKey
CPImportKey
CPDecrypt
CPGetKeyParam
CPHashSessionKey
CPGetHashParam
CPAcquireContext
CPDuplicateHash
CPExportKey
CPSetHashParam
CPSignHash
CPGetProvParam
DllUnregisterServer
CPVerifySignature

rasman

RasRegisterRedialCallback
RasBundleClearStatisticsEx
RasGetCalledIdInfo
RasSecurityDialogReceive
RasGetConnectionUserData
RasGetDevConfig
RasRpcConnectServer
RasPortSetProtocolCompression
RasCreateConnection
RasRpcUnloadDll
RasGetConnectInfo
RasGetConnectionParams
RasPortBundle
RasRpcRemoteGetUserPreferences
RasmanUninitialize
RasPortSetInfo
RasPortSetFramingEx
RasPortOpen
RasPortStoreUserData
RasGetTimeSinceLastActivity
RasSetEapUserInfo

Sections

.text
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad909120e02354d0a8d18de0fd05257a

Headers

DLL Characteristics

File Characteristics

Imports

ntdsapi

kernel32

dsauth

msvcrt

odbccu32

msoert2

rsaenh

rasman

Sections

.text Size: 390KB - Virtual size: 389KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 173KB - Virtual size: 1.6MB

.rsrc Size: 181KB - Virtual size: 181KB

.reloc Size: 1024B - Virtual size: 880B

.text
Size: 390KB - Virtual size: 389KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 173KB - Virtual size: 1.6MB

.rsrc
Size: 181KB - Virtual size: 181KB

.reloc
Size: 1024B - Virtual size: 880B