c4a7bf0b00a0f0db39a5704f6401b428c1c0fe94252ec3f1ff3ebef2df303dbb

Sharing

Copy URL Twitter E-mail

General

Target

c4a7bf0b00a0f0db39a5704f6401b428c1c0fe94252ec3f1ff3ebef2df303dbb
Size

827KB
MD5

21b6fc15ac97afab3ee986a56ee74ecc
SHA1

9ff22d8e97758a66810031d0c44ab68a784188ab
SHA256

c4a7bf0b00a0f0db39a5704f6401b428c1c0fe94252ec3f1ff3ebef2df303dbb
SHA512

c69e93382060f1aaa2712c2f36d03a72278077baa5f67d7f33dca4f881883018f4c48f2572a7d6df2bcd1c7c4c03127d52f5ea553c347b9682e310a6dbb28c2d
SSDEEP

12288:TLkxkmxhRm8lhsBGLJ28w9Dg71NOk1xKmCIG7TPTO9NTR5yqcz4W35khuqfZxE9z:TL83RmIsBx9S1NR1oO95wz4Wyu4ZU1F

Score

N/A

Malware Config

Signatures

Files

c4a7bf0b00a0f0db39a5704f6401b428c1c0fe94252ec3f1ff3ebef2df303dbb
.exe windows x86

7c2c1787272e1e2f5ea6befc2b0fc42a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsMakePasswordCredentialsA
DsReplicaModifyW
DsReplicaFreeInfo
DsListServersForDomainInSiteA
DsListSitesW
DsGetSpnA
DsBindWithSpnA
DsReplicaUpdateRefsW
DsCrackSpn2W
DsCrackNamesW
DsListDomainsInSiteW
DsFreeSchemaGuidMapW
DsIsMangledRdnValueW

user32

CreateWindowStationW
ReleaseCapture
BeginPaint
OpenIcon
MenuWindowProcA
DdeUninitialize
GetSystemMenu
RegisterDeviceNotificationW
GetKeyboardLayoutList
DdePostAdvise
GetClassInfoExW
InsertMenuW
AdjustWindowRect
RealGetWindowClass
InvalidateRgn
SoftModalMessageBox
ChangeDisplaySettingsA
DdeCreateDataHandle
DispatchMessageA
GetDC
UserRealizePalette
IsCharAlphaNumericA

iprtprio

ComputeRouteMetric
GetPriorityInfo
SetPriorityInfo

kernel32

SetLocaleInfoA
TlsSetValue
WriteFile
DeleteFiber
lstrcpyW
SetComputerNameExW
QueryActCtxW
CancelWaitableTimer
FoldStringW
CreateNamedPipeW
GetModuleHandleW
CreateNamedPipeA
ConvertFiberToThread
GetPriorityClass
GetUserDefaultLCID
GetProcessPriorityBoost
GetLocaleInfoA
SetEndOfFile
FindActCtxSectionStringW
LockResource
GetCPInfoExA
GetMailslotInfo
ReplaceFileA
LZClose
GetCurrentThread
GetProcessWorkingSetSize
LoadLibraryW

psapi

EnumDeviceDrivers
GetDeviceDriverFileNameA
GetPerformanceInfo
EnumProcesses
EnumPageFilesW
GetProcessMemoryInfo
GetDeviceDriverBaseNameA
GetMappedFileNameA
EnumProcessModules
GetModuleBaseNameA
EnumPageFilesA
GetMappedFileNameW
GetModuleBaseNameW
GetDeviceDriverBaseNameW
GetProcessImageFileNameA
EmptyWorkingSet
GetModuleFileNameExA
GetModuleFileNameExW
QueryWorkingSet
GetDeviceDriverFileNameW
GetProcessImageFileNameW

msorcl32

SQLExtendedFetch
SQLNumResultCols
SQLProcedures
SQLStatistics
SQLCancel
SQLPrimaryKeys
SQLFreeEnv
SQLMoreResults
SQLConnect
SQLDriverConnect
SQLFreeStmt

msacm32

acmFilterChooseA
acmStreamConvert
acmStreamUnprepareHeader
acmDriverEnum
acmDriverPriority
acmDriverDetailsW
acmFormatSuggest
acmDriverMessage
acmMessage32
acmFilterEnumA
acmStreamMessage
acmFormatDetailsA
acmFilterEnumW

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c2c1787272e1e2f5ea6befc2b0fc42a

Headers

DLL Characteristics

File Characteristics

Imports

ntdsapi

user32

iprtprio

kernel32

psapi

msorcl32

msacm32

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 173KB - Virtual size: 1.7MB

.rsrc Size: 217KB - Virtual size: 216KB

.reloc Size: 1024B - Virtual size: 832B

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 173KB - Virtual size: 1.7MB

.rsrc
Size: 217KB - Virtual size: 216KB

.reloc
Size: 1024B - Virtual size: 832B