e68fa1029c99f64a38dafb8a1736f0e11fe29178195b17970cf4d1228d4a45ce

Sharing

Copy URL Twitter E-mail

General

Target

e68fa1029c99f64a38dafb8a1736f0e11fe29178195b17970cf4d1228d4a45ce
Size

833KB
MD5

dd0595354b9cbdf2effc66c72d2268af
SHA1

cdb3a239dc9d03215a6f98004b117691fad10058
SHA256

e68fa1029c99f64a38dafb8a1736f0e11fe29178195b17970cf4d1228d4a45ce
SHA512

ab0c227f033787b170f17ae770bec8b7283abdcb6c51967dca14a3c3218e1a38618d63523fc8b5371cbe8d0c40462d1870e2657bbdb81943aac60e2750a46cf4
SSDEEP

12288:Smrd+tQ6TDF2w1U9Mi5phUuUFNNsGMjMfdWijcYnlWemJ8+zYlocSUpzt:HRsQ6PxEXphVUF/sGHWij9AemdzyAUt

Score

N/A

Malware Config

Signatures

Files

e68fa1029c99f64a38dafb8a1736f0e11fe29178195b17970cf4d1228d4a45ce
.exe windows x86

a43b61ee06e1548aef2c06b1aca448e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsFreeDomainControllerInfoW
DsIsMangledRdnValueW
DsListRolesW
DsWriteAccountSpnA
DsAddSidHistoryW
DsReplicaDelW
DsListDomainsInSiteA
DsQuoteRdnValueW
DsaopUnBind
DsCrackSpnW
DsMakePasswordCredentialsW
DsIsMangledDnW
DsListInfoForServerW
DsReplicaGetInfoW
DsListServersForDomainInSiteW
DsReplicaSyncAllA
DsWriteAccountSpnW
DsListSitesA

glu32

gluBeginTrim
gluEndPolygon
gluErrorUnicodeStringEXT
gluBuild1DMipmaps
gluNewQuadric
gluUnProject
gluNurbsCallback
gluPwlCurve
gluTessProperty
gluNewNurbsRenderer

ntdll

iswalpha
RtlAddressInSectionTable
CsrCaptureMessageBuffer
RtlUpcaseUnicodeStringToCountedOemString
NtSetDefaultUILanguage
ZwQueryAttributesFile
strcpy
NtQueryInformationAtom
RtlUpcaseUnicodeToOemN
NtSetSecurityObject
ZwTestAlert
NtSetInformationProcess
RtlMultiByteToUnicodeN
ZwSetInformationThread
RtlFreeSid

kernel32

LoadLibraryA
GetModuleHandleExA
GetPrivateProfileIntA
RemoveLocalAlternateComputerNameA
FindResourceExW
GlobalAlloc
GlobalMemoryStatusEx
IsValidLocale
CreateThread
GetACP
GetSystemTimeAsFileTime
ReadConsoleOutputA
GlobalMemoryStatus
EnumSystemLocalesA
WideCharToMultiByte

sqlunirl

_IsBadStringPtr_@8
_GetMessage_@16
_LookupPrivilegeValue_@12
_EnumPropsEx_@12
_GetKeyNameText_@12
_CreateFile@28
_GetCurrentHwProfile_@4
_CreateDialogParam_@20
_CreateColorSpace_@4
_ExtTextOut@32
_GlobalGetAtomName_@12
_trename

advapi32

GetInformationCodeAuthzLevelW
AccessCheckByTypeAndAuditAlarmW
SetInformationCodeAuthzLevelW
GetUserNameA
ReportEventA
SaferiCompareTokenLevels
AdjustTokenPrivileges
A_SHAFinal
CryptDeriveKey
SaferiChangeRegistryScope
DeleteAce
RegSaveKeyW
IsTokenRestricted
ConvertStringSDToSDDomainA

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a43b61ee06e1548aef2c06b1aca448e7

Headers

DLL Characteristics

File Characteristics

Imports

ntdsapi

glu32

ntdll

kernel32

sqlunirl

advapi32

Sections

.text Size: 389KB - Virtual size: 389KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 173KB - Virtual size: 1.6MB

.rsrc Size: 171KB - Virtual size: 170KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 389KB - Virtual size: 389KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 173KB - Virtual size: 1.6MB

.rsrc
Size: 171KB - Virtual size: 170KB

.reloc
Size: 1KB - Virtual size: 1KB