da0e70f7cdd749dc20e7cbfd994637aaa14123177c6a0babb8769986e7e6ea57

Sharing

Copy URL Twitter E-mail

General

Target

da0e70f7cdd749dc20e7cbfd994637aaa14123177c6a0babb8769986e7e6ea57
Size

275KB
MD5

8dac0a5b67c895c5ce6ffa449066b8ab
SHA1

2239163efeb8f55777c93c3cc73f22261ecbc8ee
SHA256

da0e70f7cdd749dc20e7cbfd994637aaa14123177c6a0babb8769986e7e6ea57
SHA512

6277d4b929b9b5d6abeb5c24c997030bbeee8fa2036f25855f35923af87a4f07ca78e259c1c3cd5026f130abee98b2217d3249d6751d8e8e17156d7b64783c10
SSDEEP

6144:c+9zfQMYksDj3GCVqR7fp2Xs/JdAHzc4gy+sKrqpYXzaOufyP4:HRYMYksPgHAHzc4IMYXzPFP4

Score

N/A

Malware Config

Signatures

Files

da0e70f7cdd749dc20e7cbfd994637aaa14123177c6a0babb8769986e7e6ea57
.exe windows x86

c46de8d74f77d13682a5835ae30ab29c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsGetDomainControllerInfoW
DsBindWithCredW
DsFreeSpnArrayA
DsIsMangledRdnValueA
DsReplicaSyncA
DsReplicaAddA
DsaopBind
DsQuoteRdnValueW

sqlsrv32

BCP_exec
SQLStatisticsW
SQLSpecialColumnsW
SQLBindParameter
SQLCloseCursor
BCP_sendrow
SQLFreeHandle
SQLTablesW
SQLConnectW
SQLColumnPrivilegesW
SQLSetScrollOptions
BCP_batch
BCP_bind
SQLGetConnectAttrW

oleaut32

VarParseNumFromStr
VarBoolFromCy
VarDecSub
VarR8FromStr
VarR4FromCy
SafeArrayAllocDescriptorEx
SafeArrayUnaccessData
OleCreatePictureIndirect
VarUI1FromDate
VarI1FromCy
VarR8FromI1
SysReAllocStringLen
VarR8FromR4

kernel32

GetConsoleCommandHistoryLengthA
GetDriveTypeA
Process32Next
GetAtomNameA
SetEnvironmentVariableW
LoadLibraryW
VirtualFreeEx
EnumResourceTypesA
GetModuleHandleW
ReleaseMutex
EnumTimeFormatsW
UnregisterWait
VirtualAllocEx
LocalCompact
GetLocaleInfoW
CreateNamedPipeW
EnumSystemLocalesA
MoveFileExA
InterlockedPushEntrySList
GetLongPathNameW
FindActCtxSectionStringA
MapViewOfFile
GetCurrentConsoleFont
GetCurrentThread
ConnectNamedPipe
GetOEMCP
WritePrivateProfileStructA
ResumeThread

netapi32

Netbios
NetDfsManagerSendSiteInfo
NetEnumerateTrustedDomains
NetpwPathType
I_NetLogonSendToSam
DsAddressToSiteNamesA
NetLocalGroupSetInfo
NetUnregisterDomainNameChangeNotification
NetUnjoinDomain
NetDfsManagerGetConfigInfo
NetConnectionEnum
NetGroupDelUser
I_NetServerAuthenticate3
NetDfsGetClientInfo
NetReplImportDirLock

mspatcha

GetFilePatchSignatureByHandle
ApplyPatchToFileA
ApplyPatchToFileExA
GetFilePatchSignatureA
TestApplyPatchToFileW
TestApplyPatchToFileByHandles
ApplyPatchToFileW
ApplyPatchToFileExW
ApplyPatchToFileByHandles
GetFilePatchSignatureW
ApplyPatchToFileByHandlesEx
TestApplyPatchToFileA

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c46de8d74f77d13682a5835ae30ab29c

Headers

File Characteristics

Imports

ntdsapi

sqlsrv32

oleaut32

kernel32

netapi32

mspatcha

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 93KB - Virtual size: 92KB

.data Size: 512B - Virtual size: 4B

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 512B - Virtual size: 4B

.rsrc
Size: 8KB - Virtual size: 7KB