c32b236227999ddb5e473d9a6e8259d8079be83950c145311e15dbe6776c151b

Sharing

Copy URL

Twitter E-mail

General

Target

c32b236227999ddb5e473d9a6e8259d8079be83950c145311e15dbe6776c151b
Size

50KB
MD5

5b87242a7a3245f789875ddeebf70a7f
SHA1

95d54a3c046c5b55b6a67845c1a71c63af65713a
SHA256

c32b236227999ddb5e473d9a6e8259d8079be83950c145311e15dbe6776c151b
SHA512

2775bf822949549e468897f88598f7d89efbabb971cfb02b6c3293a37d77c9687f049e8b846b3f2b3717571351a1add0344683bad7e5636eb5598944b9fe389c
SSDEEP

1536:KEKd90Nwt/ioyoGopgZqFERUXqP2AU1mDK6ab29J:+90Qio6ZqFERUXMFUsDK6ab2b

Score

N/A

Malware Config

Signatures

Files

c32b236227999ddb5e473d9a6e8259d8079be83950c145311e15dbe6776c151b
.exe windows x86

f06fd3a00d8edfd84027e7a83a1d2c39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

ProcessGroupPolicyCompleted
UnregisterGPNotification
DeleteProfileW
GetProfilesDirectoryA
UnloadUserProfile
GetGPOListW
DestroyEnvironmentBlock
GetAppliedGPOListA
RsopFileAccessCheck
WaitForUserPolicyForegroundProcessing
RegisterGPNotification
GetDefaultUserProfileDirectoryA
RefreshPolicyEx
RsopLoggingEnabled
GetAppliedGPOListW
EnterCriticalPolicySection
GetDefaultUserProfileDirectoryW
RsopSetPolicySettingStatus
GetProfileType
LoadUserProfileA
ForceSyncFgPolicy
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetPreviousFgPolicyRefreshInfo
DllGetClassObject
GetAllUsersProfileDirectoryW
CreateEnvironmentBlock
GetProfilesDirectoryW
RsopAccessCheckByType
DeleteProfileA
GetNextFgPolicyRefreshInfo
GetUserProfileDirectoryW
RefreshPolicy
LoadUserProfileW
ProcessGroupPolicyCompletedEx
FreeGPOListA
GetUserProfileDirectoryA
ExpandEnvironmentStringsForUserA
RsopResetPolicySettingStatus
LeaveCriticalPolicySection
WaitForMachinePolicyForegroundProcessing
GetGPOListA
GetAllUsersProfileDirectoryA

polstore

IPSecExportPolicies
IPSecCreateNFAData
IPSecCreatePolicyData
IPSecEnumISAKMPData
IPSecFreeFilterData
IPSecDeletePolicyData
IPSecClosePolicyStore
IPSecFreeMulPolicyData
IPSecAllocPolStr
IPSecFreeISAKMPData
IPSecEnumNFAData
IPSecFreePolStr
IPSecGetISAKMPData
IPSecCreateNegPolData
IPSecCopyNFAData
IPSecSetFilterData
IPSecFreeMulFilterData
IPSecFreeFilterSpecs
IPSecDeleteFilterData
IPSecGetAssignedPolicyData
IPSecCopyPolicyData
IPSecEnumNegPolData
IPSecEnumPolicyData
IPSecCopyISAKMPData
IPSecUnassignPolicy
IPSecCopyNegPolData
IPSecEnumFilterData
IPSecCopyAuthMethod
IPSecGetFilterData
IPSecCreateFilterData
IPSecFreeMulNegPolData
IPSecSetNFAData
IPSecFreeNegPolData
IPSecCreateISAKMPData
IPSecDeleteNegPolData
IPSecImportPolicies
IPSecDeleteISAKMPData
IPSecDeleteNFAData
IPSecIsDomainPolicyAssigned
IPSecFreeNFAData
IPSecAssignPolicy
IPSecSetPolicyData
IPSecOpenPolicyStore
IPSecAllocPolMem

ntdsapi

DsInheritSecurityIdentityA
DsaopBindWithCred
DsListInfoForServerW
DsIsMangledRdnValueW
DsReplicaUpdateRefsW
DsFreeSpnArrayA
DsListServersInSiteW
DsGetRdnW
DsReplicaAddA
DsMapSchemaGuidsA
DsUnquoteRdnValueW
DsReplicaUpdateRefsA
DsListInfoForServerA
DsListSitesW
DsCrackUnquotedMangledRdnA
DsReplicaConsistencyCheck
DsReplicaSyncA
DsGetDomainControllerInfoW
DsWriteAccountSpnA
DsMakeSpnW
DsAddSidHistoryA
DsListServersInSiteA
DsBindWithCredW
DsReplicaDelW
DsCrackNamesA
DsClientMakeSpnForTargetServerA
DsGetDomainControllerInfoA
DsBindWithSpnW
DsReplicaVerifyObjectsA
DsRemoveDsServerA
DsCrackSpnA
DsBindA
DsListDomainsInSiteA
DsIsMangledDnW
DsCrackSpn2W
DsRemoveDsDomainA
DsaopExecuteScript
DsServerRegisterSpnW
DsReplicaModifyW
DsMapSchemaGuidsW
DsReplicaVerifyObjectsW

query

?Marshall@CDbByGuid@@QBEXAAVPSerStream@@@Z
??1CDbPropBaseRestriction@@QAE@XZ
?DisableCI@CMachineAdmin@@QAEHXZ
BindIFilterFromStream
CiSvcMain
?SkipLong@CMemDeSerStream@@UAEXXZ
?SetSecret@@YGXPBG00K@Z
?OpenFileFromPath@@YGPAU_iobuf@@PBG@Z
?GetLong@CMemDeSerStream@@UAEJXZ
?SetR4@CStorageVariant@@QAEXMI@Z
?Copy@CDbProp@@QAEHABUtagDBPROP@@@Z
?GetCGIVariable@CWebServer@@QAEHPBDAAV?$XArray@G@@AAK@Z
?MakePath@CFullPath@@QAEXPBGI@Z
??1CPidRemapper@@QAE@XZ
??1SStorageObject@@QAE@XZ
?SetLocale@CCatState@@QAEXPBG@Z
??0CCiRegParams@@QAE@PBG@Z
?VT_VARIANT_LE@@YGHABUtagPROPVARIANT@@0@Z
?Clone@CNodeRestriction@@QBEPAV1@XZ
?GetCLSID@CAllocStorageVariant@@QBE?AU_GUID@@I@Z
?SkipByte@CMemDeSerStream@@UAEXXZ
?SaCreateAndCopy@@YGHAAVPMemoryAllocator@@PAUtagSAFEARRAY@@PAPAU2@@Z
?URLEscapeW@@YGXPBGAAVCVirtualString@@KH@Z
?SetCatalog@CCatState@@QAEXPBG@Z
?SetBSTR@CAllocStorageVariant@@QAEXPAGAAVPMemoryAllocator@@@Z
?SetUI2@CStorageVariant@@QAEXGI@Z

kernel32

GlobalDeleteAtom
LZInit
ResetEvent
GlobalFindAtomA
InitAtomTable
SetEvent
lstrcatA
InitializeCriticalSection
DeleteFileA
CreateActCtxW
EnumResourceLanguagesA
LoadLibraryA
InterlockedDecrement
CreateDirectoryA
SetTapePosition
CreateEventW
Heap32ListFirst
GetFullPathNameA
GetWriteWatch
WriteConsoleInputVDMA
VirtualAlloc
GetFileSize
GetBinaryType
LockFile
CreateHardLinkA
VerSetConditionMask
GetTickCount
IsValidCodePage
LocalShrink
VirtualLock
SetFileTime
IsDBCSLeadByteEx
EnumCalendarInfoExA
GetConsoleDisplayMode
_lread
GetDiskFreeSpaceExA

crypt32

PFXExportCertStore
RegEnumValueU
CryptMsgVerifyCountersignatureEncoded
CryptEncodeObject
CryptMsgOpenToEncode
CryptFindCertificateKeyProvInfo
PFXImportCertStore
CertAddEncodedCertificateToStore
I_CertSrvProtectFunction
CertEnumCRLContextProperties
CryptEnumKeyIdentifierProperties
I_CryptFindLruEntry
I_CryptGetDefaultCryptProvForEncrypt
CertAddStoreToCollection
CertGetEnhancedKeyUsage
I_CryptEnableLruOfEntries
I_CryptReleaseLruEntry
CertEnumCTLContextProperties
CryptEnumProvidersU
CertFreeCertificateChain
I_CryptFreeLruCache
CertEnumSubjectInSortedCTL
CertGetNameStringW
CertFindCertificateInCRL
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CertFindExtension
I_CryptCreateLruEntry
CryptBinaryToStringA
CertEnumCertificateContextProperties
CryptMsgCountersignEncoded
CertEnumCRLsInStore
CertFreeCertificateChainEngine
RegQueryInfoKeyU
CertAddCTLLinkToStore
CertStrToNameW

msi

MsiGetFeatureValidStatesA
MsiEvaluateConditionA
MsiRecordGetStringA
MsiGetFileHashA
MsiConfigureProductW
MsiDoActionA
MsiNotifySidChangeA
MsiInstallProductW
MsiInvalidateFeatureCache
MsiViewExecute
MsiGetFeatureStateW
MsiRecordSetStreamA
MsiRecordSetStreamW
MsiEnumComponentsW
MsiGetFeatureUsageW
MsiGetFileVersionW
MsiSummaryInfoPersist
MsiEnumClientsA
MsiSummaryInfoGetPropertyW
MsiLocateComponentA
MsiConfigureFeatureA
MsiGetPropertyW
MsiGetUserInfoA
MsiEnumRelatedProductsA
MsiProvideAssemblyW
MsiSetPropertyA
DllGetVersion
MsiQueryFeatureStateW
MsiProvideQualifiedComponentW
MsiGetShortcutTargetA
MsiEnumFeaturesA
MsiRecordSetStringA
MsiGetComponentPathA
MsiDatabaseGenerateTransformA
MsiEnableLogA
MsiGetTargetPathA
MsiLoadStringW
MsiLocateComponentW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f06fd3a00d8edfd84027e7a83a1d2c39

Headers

DLL Characteristics

File Characteristics

Imports

userenv

polstore

ntdsapi

query

kernel32

crypt32

msi

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B