a03833c1548664fca5e93e70f685ff0c7bf7b4058c325dabc2240f9d09e9518d

Sharing

Copy URL Twitter E-mail

General

Target

a03833c1548664fca5e93e70f685ff0c7bf7b4058c325dabc2240f9d09e9518d
Size

44KB
MD5

556da2b80866d4b3cc06fd0aeb318d94
SHA1

4b118f382d9a9baae197a2971ccd212fb3049c20
SHA256

a03833c1548664fca5e93e70f685ff0c7bf7b4058c325dabc2240f9d09e9518d
SHA512

683e1637f2ae09413b85f66bc6880162993c177e09245e7db467f8f2334c82aba35b5d64ee329ffab4b8755114d02df6bb384fe13eb748be042a49179c9ed11b
SSDEEP

768:/s9gHMW0u2tcixdq8u7vWLRGYF0NEltkRFSUnuHpgrsR:/s9Yl0u2tLxc8uqNGk0K3k3SUnulR

Score

N/A

Malware Config

Signatures

Files

a03833c1548664fca5e93e70f685ff0c7bf7b4058c325dabc2240f9d09e9518d
.exe windows x86

c9006045f07d86a1dfdb5b39c9a32482

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcat
GetQueuedCompletionStatus
GlobalFix
SetVolumeMountPointW
SetCurrentDirectoryA
GetLongPathNameA
WriteProcessMemory
OpenProfileUserMapping
LoadLibraryA
ExpungeConsoleCommandHistoryA
FindClose
GetConsoleAliasExesA
AreFileApisANSI
GetPrivateProfileStringW
GetEnvironmentVariableA
AllocateUserPhysicalPages
ActivateActCtx
MoveFileExW
GetConsoleFontInfo
VirtualAlloc
SetProcessPriorityBoost
FindNextVolumeMountPointW
InitializeSListHead
SetSystemPowerState
RegisterConsoleVDM
DeleteVolumeMountPointA
OpenEventW
CreateEventW
GetSystemTimeAsFileTime
GetCPInfoExW
LocalAlloc
GetLongPathNameW
SetFileAttributesW
TryEnterCriticalSection
EnumResourceNamesW
EnumSystemLanguageGroupsW

certcli

CAOIDGetProperty
CACreateNewCA
CACertTypeRegisterQuery
CASetCAFlags
CACreateLocalAutoEnrollmentObject
CASetCertTypePropertyEx
CAGetCertTypeProperty
CAFreeCertTypeExtensions
CAFindByCertType
CASetCAExpiration
CACertTypeAccessCheck
CACertTypeGetSecurity
CAFindCertTypeByName
CASetCertTypeProperty
CAGetCertTypeExpiration
CAEnumCertTypesEx
CAAccessCheck

samlib

SamQueryInformationDomain
SamCreateUserInDomain
SamEnumerateGroupsInDomain
SamEnumerateUsersInDomain
SamConnect
SamiEncryptPasswords
SamCreateGroupInDomain
SamiSetDSRMPasswordOWF
SamQueryDisplayInformation
SamLookupIdsInDomain
SamSetInformationAlias
SamEnumerateDomainsInSamServer
SamiChangeKeys
SamiSetBootKeyInformation
SamLookupNamesInDomain
SamRemoveMemberFromAlias
SamGetAliasMembership
SamDeleteAlias

odbc32

SQLDisconnect
GetODBCSharedData
SQLColumnsW
SQLConnectW
SQLGetConnectAttrA
SQLTablePrivilegesA
SQLStatisticsA
SQLTransact
CursorLibLockStmt
SQLBrowseConnect
SQLColAttribute
SQLProcedures
SQLGetDescRec
SQLSetScrollOptions
ValidateErrorQueue

kerberos

SpInitialize
SpUserModeInitialize
KerbMakeKdcCall
SpLsaModeInitialize
KerbCreateTokenFromTicket
SpInstanceInit
KerbDomainChangeCallback
KerbKdcCallBack
KerbIsInitialized

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9006045f07d86a1dfdb5b39c9a32482

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

certcli

samlib

odbc32

kerberos

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 61KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 61KB

.rsrc
Size: 1KB - Virtual size: 1KB