fbd94fc56e7c85f401e79ae3177a798946394533378475c1eeabec468e77d8ae

Sharing

Copy URL

Twitter E-mail

General

Target

fbd94fc56e7c85f401e79ae3177a798946394533378475c1eeabec468e77d8ae
Size

834KB
MD5

f00c8e6ebff833d6fefa8a8ea8870dd4
SHA1

b5514c95a836e9fab429b8ca76e29c8213335b73
SHA256

fbd94fc56e7c85f401e79ae3177a798946394533378475c1eeabec468e77d8ae
SHA512

b3c222c9fd93d5f1be110076b46855d9e1c68b908009c729dfa180491977447684c32e45ea9775f6808e10ee3f77f2814d14a96e790c194dd824a285ac013155
SSDEEP

24576:Y5xVCYAl19WVWqvydNSEmZnBFEJpZ4cTgRHkpvB:0VCdb9WBydNR8DEB43RuB

Score

N/A

Malware Config

Signatures

Files

fbd94fc56e7c85f401e79ae3177a798946394533378475c1eeabec468e77d8ae
.exe windows x86

f70849c9a1b5efe4b2f348d98dd6ad4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_GetPrivateProfileInt_@16
_CharToOemBuff_@12
_FindFirstFile_@8
_PostThreadMessage_@16
_DefineDosDevice_@12
_GetProfileString_@20
_RegQueryInfoKey_@48
_ReadEventLog_@28
_CreateEvent_@16
_GetTimeFormat_@24
_CallNamedPipe_@28
_GetFileTitle@12
_LookupAccountSid_@28

kernel32

GetModuleHandleW
FindResourceExA
GetLocaleInfoA
SetFileApisToANSI
GetCurrentProcess
HeapCompact
GetVolumePathNamesForVolumeNameW
LoadLibraryW
CreateProcessInternalA
GetCurrentThread
GetVersionExW
OpenProfileUserMapping

msvcirt

??4ostream@@IAEAAV0@ABV0@@Z
??_7ostream_withassign@@6B@
??0fstream@@QAE@PBDHH@Z
??5istream@@QAEAAV0@AAM@Z
?in_avail@streambuf@@QBEHXZ
??0fstream@@QAE@HPADH@Z
?unlockbuf@ios@@QAAXXZ
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
?get@istream@@QAEAAV1@PAEHD@Z
??0istrstream@@QAE@ABV0@@Z
?underflow@strstreambuf@@UAEHXZ
?endl@@YAAAVostream@@AAV1@@Z
??0strstreambuf@@QAE@H@Z
?good@ios@@QBEHXZ
??4iostream@@IAEAAV0@AAV0@@Z
?floatfield@ios@@2JB
?flags@ios@@QBEJXZ
??1ofstream@@UAE@XZ
??4istream@@IAEAAV0@PAVstreambuf@@@Z
??_Eiostream@@UAEPAXI@Z
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?fill@ios@@QAEDD@Z
??0ofstream@@QAE@XZ
??_Distream@@QAEXXZ
??0Iostream_init@@QAE@XZ
?tie@ios@@QAEPAVostream@@PAV2@@Z
??_Dostrstream@@QAEXXZ
??0strstream@@QAE@PADHH@Z
??0streambuf@@IAE@XZ
??6ostream@@QAEAAV0@PBE@Z
?opfx@ostream@@QAEHXZ
??6ostream@@QAEAAV0@PBX@Z
?is_open@ofstream@@QBEHXZ
??0strstreambuf@@QAE@XZ
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
??1istream_withassign@@UAE@XZ
??_Gofstream@@UAEPAXI@Z
??6ostream@@QAEAAV0@PBC@Z
?pword@ios@@QBEAAPAXH@Z
??_7ios@@6B@
?cerr@@3Vostream_withassign@@A
??_Gostrstream@@UAEPAXI@Z
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
__dummy_export
??0ios@@IAE@XZ
?adjustfield@ios@@2JB
?setmode@filebuf@@QAEHH@Z
??_8iostream@@7Bostream@@@
?ends@@YAAAVostream@@AAV1@@Z
?underflow@filebuf@@UAEHXZ
??_Estdiobuf@@UAEPAXI@Z
??_Eofstream@@UAEPAXI@Z
??_7ostrstream@@6B@
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z

crtdll

_spawnl
_mbscspn
exp
_tell
cosh
_fgetwchar
strcmp
gets

ntdsapi

DsRemoveDsDomainW
DsGetSpnW
DsListSitesA
DsReplicaSyncW
DsAddSidHistoryW
DsReplicaVerifyObjectsA
DsMapSchemaGuidsW
DsListDomainsInSiteA
DsCrackSpn3W
DsIsMangledDnA
DsReplicaConsistencyCheck
DsBindA
DsMakePasswordCredentialsW
DsRemoveDsServerW
DsGetDomainControllerInfoW
DsaopBindWithCred
DsListSitesW
DsFreeSpnArrayA

ntdll

RtlCreateUserSecurityObject
NtSetTimerResolution
RtlxUnicodeStringToAnsiSize
RtlUnicodeStringToAnsiSize
NtQuerySystemTime
CsrCaptureMessageMultiUnicodeStringsInPlace
RtlCopyString
ZwTerminateJobObject
NtNotifyChangeMultipleKeys
RtlAddressInSectionTable
ZwDeleteFile
RtlFillMemoryUlong
DbgUiContinue
RtlFirstEntrySList
_i64toa
ZwOpenSemaphore
NtCreateProcess
NtOpenSymbolicLinkObject
ZwAllocateVirtualMemory
ZwFindAtom
ZwSetInformationToken
RtlDowncaseUnicodeChar
ZwQuerySemaphore
ZwSetLdtEntries
RtlCharToInteger
ZwPulseEvent
RtlCreateUnicodeStringFromAsciiz
NtImpersonateClientOfPort
RtlGetAce
NtImpersonateAnonymousToken
KiRaiseUserExceptionDispatcher
CsrIdentifyAlertableThread
RtlAddCompoundAce
NtSetVolumeInformationFile
ZwQuerySystemInformation

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f70849c9a1b5efe4b2f348d98dd6ad4e

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

kernel32

msvcirt

crtdll

ntdsapi

ntdll

Sections

.text Size: 392KB - Virtual size: 392KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 165KB - Virtual size: 1.6MB

.rsrc Size: 151KB - Virtual size: 150KB

.reloc Size: 1024B - Virtual size: 840B

.text
Size: 392KB - Virtual size: 392KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 165KB - Virtual size: 1.6MB

.rsrc
Size: 151KB - Virtual size: 150KB

.reloc
Size: 1024B - Virtual size: 840B