99b317d1b34979e11d9349f23c972687e1c1005b00960d98759b4502eca82a57

Sharing

Copy URL

Twitter E-mail

General

Target

99b317d1b34979e11d9349f23c972687e1c1005b00960d98759b4502eca82a57
Size

828KB
MD5

e857267211a983a2907482716abf733e
SHA1

c3335d329eb5f0844eba79ca941e572581457f53
SHA256

99b317d1b34979e11d9349f23c972687e1c1005b00960d98759b4502eca82a57
SHA512

e540c8fe0ded6258dc8dc9c0187d17793a7ec9439eb29576a697b4bb4a4f8027c8413cf51c303ee29b832503dbd62bb7357703f5a3cb0a1d3994face6815db64
SSDEEP

12288:EBiqyYYB4i0DqkJ0jl+937PIrhcaMnV77bU0ci73pkrRHKqII5YzQsW/e+Iw6yb5:yJf1Ku/arUpk1ve+/z9

Score

N/A

Malware Config

Signatures

Files

99b317d1b34979e11d9349f23c972687e1c1005b00960d98759b4502eca82a57
.exe windows x86

b6220fa7400bb84a7aa122269e7f2376

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapistub

SetAttribIMsgOnIStg@16
BMAPIAddress
HrThisThreadAdviseSink@8
UNKOBJ_ScCOReallocate@12
HrGetOmiProvidersFlags@8
UlPropSize@4
MAPILogoff
ScUNCFromLocalPath@12
FBadSortOrderSet@4
HrComposeEID@28

kernel32

ReadConsoleInputA
EnumSystemLanguageGroupsA
CancelDeviceWakeupRequest
VirtualQuery
GetNativeSystemInfo
GetComPlusPackageInstallStatus
GetCompressedFileSizeA
ExpungeConsoleCommandHistoryA
GetProcAddress
GetLocaleInfoA
VirtualQueryEx
SetThreadAffinityMask
LocalSize
SetThreadUILanguage
GetModuleHandleW
GetCurrentThread
lstrcatA
GetDateFormatA
LoadLibraryExW
VirtualUnlock
LoadLibraryW
CreateProcessInternalW
GetTapePosition
SleepEx

wldap32

ldap_openW
ldap_parse_sort_controlA
ldap_get_values
ldap_search_ext_s
ldap_get_next_page_s
ldap_get_paged_count
cldap_open
ldap_addA

glu32

gluDisk
gluOrtho2D
gluTessVertex
gluErrorUnicodeStringEXT
gluGetNurbsProperty
gluScaleImage
gluGetTessProperty
gluGetString
gluEndTrim
gluTessBeginPolygon
gluBeginCurve

ntdsapi

DsListSitesA
DsListInfoForServerA
DsReplicaModifyW
DsLogEntry
DsQuoteRdnValueA
DsListServersInSiteW
DsListRolesA
DsAddSidHistoryA
DsFreeSpnArrayW
DsaopBindWithSpn
DsBindWithSpnA
DsMapSchemaGuidsA
DsListSitesW
DsUnBindW
DsGetSpnW
DsReplicaAddW
DsReplicaConsistencyCheck
DsListServersForDomainInSiteW
DsListDomainsInSiteA
DsGetDomainControllerInfoW
DsWriteAccountSpnW
DsUnquoteRdnValueW
DsMakePasswordCredentialsW
DsCrackUnquotedMangledRdnA
DsGetRdnW

msvcirt

??0fstream@@QAE@H@Z
?x_statebuf@ios@@0PAJA
?dec@@YAAAVios@@AAV1@@Z
?width@ios@@QAEHH@Z
?seekpos@streambuf@@UAEJJH@Z
?basefield@ios@@2JB
?str@strstreambuf@@QAEPADXZ
??_Estdiobuf@@UAEPAXI@Z

Sections

.text
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6220fa7400bb84a7aa122269e7f2376

Headers

DLL Characteristics

File Characteristics

Imports

mapistub

kernel32

wldap32

glu32

ntdsapi

msvcirt

Sections

.text Size: 411KB - Virtual size: 410KB

.rdata Size: 129KB - Virtual size: 128KB

.data Size: 157KB - Virtual size: 1.5MB

.rsrc Size: 129KB - Virtual size: 128KB

.reloc Size: 1024B - Virtual size: 896B

.text
Size: 411KB - Virtual size: 410KB

.rdata
Size: 129KB - Virtual size: 128KB

.data
Size: 157KB - Virtual size: 1.5MB

.rsrc
Size: 129KB - Virtual size: 128KB

.reloc
Size: 1024B - Virtual size: 896B