e1d9c114b5500b6fe66b46839fd9a73a5ad31b7f506d14b14a9e17a60d7ab9fd

Sharing

Copy URL Twitter E-mail

General

Target

e1d9c114b5500b6fe66b46839fd9a73a5ad31b7f506d14b14a9e17a60d7ab9fd
Size

142KB
MD5

1cbad95c2286bedc295830726ae96530
SHA1

532946cce490a386a87ff39c86d6987248044f09
SHA256

e1d9c114b5500b6fe66b46839fd9a73a5ad31b7f506d14b14a9e17a60d7ab9fd
SHA512

847bc06faf2bdb0171178a2817ad9205cba663db650abd837b298989cec9c0651128ffd13bc733a51b4c2d54f93cad7fb10b5f791d77bb836456ed5613a74926
SSDEEP

3072:QnSF99ydoTpevMbJRz8oX/xpU9e+eXX+bTfHiV962n+:QSRy8eiJRdX/7U94H6bHkHn+

Score

N/A

Malware Config

Signatures

Files

e1d9c114b5500b6fe66b46839fd9a73a5ad31b7f506d14b14a9e17a60d7ab9fd
.exe windows x86

43f0aeb8b3a2ef4c8a456c0dc8fc7514

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_modrdn
ldap_parse_sort_controlA
ldap_search_abandon_page
ldap_search_ext_s
ldap_add_sA
ldap_count_values
ldap_encode_sort_controlW
ldap_next_attribute
ldap_modrdn2
ldap_simple_bind_s
ldap_parse_sort_control
ldap_rename_ext
ldap_startup
ldap_unbind_s
ldap_next_attributeW
ldap_get_next_page
ldap_memfreeA
ldap_search_init_pageW
ldap_sasl_bindA
ldap_openW
ldap_search_stA
ldap_set_dbg_flags
ldap_first_reference
ldap_ufn2dn
ldap_search_extA
ldap_extended_operation_sA
ldap_get_dnW
LdapUnicodeToUTF8
ldap_sslinitA
ldap_controls_free

netapi32

I_NetServerReqChallenge
NetDfsGetDcAddress
I_NetDatabaseSync
NetUserChangePassword
NetServerGetInfo
DsGetDcSiteCoverageW
NetConfigGetAll
I_NetLogonControl2
NetUseGetInfo
RxNetServerEnum
NetServerDiskEnum
NetDfsAddFtRoot
NetDfsEnum
NetAuditRead
NetConfigGet
NetpGetFileSecurity
NetGroupEnum
NetpOpenConfigData
NetpNetBiosStatusToApiStatus
I_NetDfsGetVersion
NetpwPathCanonicalize
NetReplExportDirUnlock
NetServiceGetInfo
NetLocalGroupDelMembers
NetServerTransportAddEx
NetReplImportDirLock
NetValidateName
NetLocalGroupAdd
NetDfsAddStdRoot
RxNetUserPasswordSet
DsGetDcCloseW
NetLocalGroupEnum
NetErrorLogClear
DsDeregisterDnsHostRecordsW
DsRoleGetDcOperationProgress
NetShareDelSticky
NetUserDel
NetReplImportDirUnlock
NetApiBufferAllocate
NetReplExportDirLock
NlBindingRemoveServerFromCache
NetReplImportDirAdd
DsRoleFreeMemory
NetMessageNameDel
NetRemoveAlternateComputerName
NetGroupGetInfo

kernel32

GetLocaleInfoA
FindCloseChangeNotification
Process32NextW
SetComputerNameW
WTSGetActiveConsoleSessionId
PurgeComm
WriteConsoleW
GetTimeFormatA
GetPrivateProfileStringA
VerifyVersionInfoA
CmdBatNotification
LoadLibraryW
GetConsoleInputWaitHandle
SetLocalPrimaryComputerNameW
GetCurrentThread
GetComputerNameExA
OpenJobObjectW
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
GetConsoleCommandHistoryLengthW
WritePrivateProfileSectionA

atmlib

ATMGetNtmFields
ATMGetPostScriptNameA
ATMGetMenuNameW
ATMBBoxBaseXYShowText
ATMMakePSSA
ATMRemoveSubstFontW
ATMFontStatus
ATMRemoveSubstFontA
ATMXYShowTextA
ATMMakePFM
ATMRemoveFontW
ATMGetGlyphList
ATMGetBuildStr
ATMProperlyLoaded
ATMBeginFontChange
ATMFinish
ATMFontStatusW
ATMSelectEncoding
ATMEnumMMFonts
ATMFontAvailableA
ATMGetOutlineW
ATMEnumMMFontsW
ATMEndFontChange
ATMAddFont
ATMGetBuildStrW
ATMGetMenuNameA
ATMGetOutline
ATMForceFontChange
ATMMakePSSW
ATMMakePSS

cfgmgr32

CM_Get_Device_ID_List_SizeA
CM_Get_Device_ID_ExA
CM_Add_Empty_Log_Conf_Ex
CM_Get_Device_Interface_Alias_ExA
CM_Delete_Class_Key_Ex
CM_Remove_SubTree_Ex
CM_Open_Class_KeyA
CM_Get_Resource_Conflict_DetailsW
CM_Free_Res_Des
CMP_WaitServicesAvailable
CM_Find_Range
CMP_Init_Detection
CM_Open_DevNode_Key

msvcrt

mbstowcs
_mbsinc
_strtoui64
wscanf
_dup
exit
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
raise
_sys_errlist
__isascii
_osver
_fdopen
__getmainargs
_wtempnam
__p__winminor
__p__commode
_wsystem
_commit
_endthreadex
ftell
_mbsdup
_safe_fprem
_read
__set_app_type
wcsspn

advapi32

ObjectCloseAuditAlarmA
IsTextUnicode
GetInheritanceSourceA
GetServiceKeyNameW
RegOpenCurrentUser
BuildExplicitAccessWithNameW
GetManagedApplicationCategories
AccessCheckByTypeResultListAndAuditAlarmW

user32

RegisterClassW
DefWindowProcW
PostQuitMessage

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43f0aeb8b3a2ef4c8a456c0dc8fc7514

Headers

File Characteristics

Imports

wldap32

netapi32

kernel32

atmlib

cfgmgr32

msvcrt

advapi32

user32

Sections

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 512B - Virtual size: 284B

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 512B - Virtual size: 284B

.rsrc
Size: 8KB - Virtual size: 8KB