ca2d05a44325f65ea5497b2724743f75ec23fb8b44b0e7b7f19a8e38dd721219

Sharing

Copy URL Twitter E-mail

General

Target

ca2d05a44325f65ea5497b2724743f75ec23fb8b44b0e7b7f19a8e38dd721219
Size

868KB
MD5

6406ea4f360b996159e113d851005b7e
SHA1

13b43238ad6dc5c4729ea397929b7a3fbd95e753
SHA256

ca2d05a44325f65ea5497b2724743f75ec23fb8b44b0e7b7f19a8e38dd721219
SHA512

8947ce337d848e5bdb1a81f293e164655024b6680c4aac5e4f9daa963be5e1c7887ad6f9344d716371a9a305400479d049112a871ca1982704afae6a78bf70d8
SSDEEP

12288:IBEESwEwV/Y/Y+eoKOU0aKKyFmeYMFFT9NJn73Z4zTDEmJk22gWCKhebLfpl/tw5:gECHWxgzumnq/JnTf8k224dffBN/Q

Score

N/A

Malware Config

Signatures

Files

ca2d05a44325f65ea5497b2724743f75ec23fb8b44b0e7b7f19a8e38dd721219
.exe windows x86

50bf120c89cc36806fd6e3be12b5771e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapUserPhysicalPagesScatter
FindActCtxSectionGuid
GetVolumeNameForVolumeMountPointA
SignalObjectAndWait
WritePrivateProfileStringW
SetSystemPowerState
lstrcmpA
GetConsoleAliasExesLengthW
LockFileEx
RequestDeviceWakeup
ConvertFiberToThread
InterlockedDecrement
VirtualAlloc
GetSystemPowerStatus
GlobalFindAtomA
OpenMutexA
CallNamedPipeW
GetModuleHandleA
lstrlenW
GetNumberOfConsoleMouseButtons
ExpungeConsoleCommandHistoryW
GetProcessIoCounters
LoadLibraryA
FindNextVolumeW
SuspendThread
GetCalendarInfoA
GetLogicalDriveStringsW
SetThreadUILanguage
GetVolumePathNamesForVolumeNameA
WriteConsoleW
LocalLock
FillConsoleOutputCharacterW
QueryPerformanceCounter
GetConsoleCP
lstrcpy
OpenThread
WriteConsoleInputVDMA
SwitchToFiber
GetStartupInfoA
GetPriorityClass
WideCharToMultiByte
HeapCreate
FreeEnvironmentStringsA
ReadConsoleInputExA
UpdateResourceW

wldap32

ldap_modrdn2A
ldap_add_ext_sA
ldap_first_entry
ldap_get_dnA
ldap_add_sW
ldap_parse_result
ldap_ufn2dnA
ldap_search
ldap_parse_extended_resultW
ldap_sasl_bind_sW
ldap_rename_extW
ldap_parse_resultA
ldap_search_stW
ldap_unbind
ldap_add
ldap_sslinit
ldap_delete_extW
ldap_next_entry
ldap_parse_page_controlW
ldap_get_next_page
ldap_bind
ldap_modify_s
ldap_add_sA
ldap_escape_filter_elementW
ldap_perror
ldap_addA
ldap_delete
ldap_ufn2dnW
ldap_check_filterW
ldap_compare_extA
ldap_free_controlsW
ldap_add_extW
ldap_modrdnA
ber_next_element
ldap_delete_ext_sA
ldap_get_next_page_s
LdapMapErrorToWin32
ldap_rename_ext_s
ldap_get_optionW
ldap_modrdn2_sW
ldap_compare_extW
ber_flatten
ldap_set_dbg_flags

wininet

InternetGetPerSiteCookieDecisionW
InternetSetCookieW
HttpOpenRequestW
InternetCanonicalizeUrlW
FindFirstUrlCacheEntryW
InternetCreateUrlA
SetUrlCacheEntryInfoW
InternetTimeToSystemTimeW
FtpCreateDirectoryA
FindFirstUrlCacheEntryA
CreateUrlCacheGroup
SetUrlCacheEntryGroupW
RetrieveUrlCacheEntryStreamA
InternetAlgIdToStringW
HttpSendRequestExA
FreeUrlCacheSpaceW
FtpFindFirstFileW
GetUrlCacheEntryInfoExA
InternetGetCertByURL
UnlockUrlCacheEntryFileA
InternetGetLastResponseInfoA
InternetEnumPerSiteCookieDecisionW
InternetQueryFortezzaStatus
CommitUrlCacheEntryW
UnlockUrlCacheEntryFile
DetectAutoProxyUrl
ShowClientAuthCerts
FtpRenameFileA
IsUrlCacheEntryExpiredA
InternetCrackUrlA
CommitUrlCacheEntryA
FindNextUrlCacheGroup
ReadUrlCacheEntryStream
FindFirstUrlCacheGroup
ForceNexusLookup
GetUrlCacheConfigInfoW
InternetDialA
InternetFindNextFileW
InternetErrorDlg
PrivacySetZonePreferenceW

winsta

LogonIdFromWinStationNameW
WinStationGenerateLicense
WinStationQueryInformationA
ServerLicensingGetPolicyInformationA
WinStationGetTermSrvCountersValue
WinStationWaitSystemEvent
ServerQueryInetConnectorInformationW
WinStationFreeGAPMemory
WinStationEnumerateW
_WinStationReadRegistry
WinStationIsHelpAssistantSession
WinStationInstallLicense
ServerLicensingOpenW
_WinStationCallback
WinStationEnumerateLicenses
ServerLicensingGetPolicy
WinStationActivateLicense
_WinStationShadowTarget
WinStationConnectA
_WinStationNotifyDisconnectPipe
WinStationSendWindowMessage
ServerLicensingGetAvailablePolicyIds
_WinStationCheckForApplicationName
LogonIdFromWinStationNameA
ServerLicensingDeactivateCurrentPolicy
_WinStationBreakPoint
_WinStationNotifyNewSession
_WinStationFUSCanRemoteUserDisconnect
WinStationNameFromLogonIdW
WinStationOpenServerA
ServerSetInternetConnectorStatus
_WinStationUpdateClientCachedCredentials
_WinStationBeepOpen
WinStationTerminateProcess
ServerLicensingGetPolicyInformationW
WinStationQueryInformationW
WinStationNtsdDebug
WinStationSetPoolCount
WinStationShutdownSystem

ntdll

RtlCreateSecurityDescriptor
CsrClientCallServer
ZwPlugPlayControl
RtlEnterCriticalSection
RtlSetLastWin32Error
NtSetDefaultHardErrorPort
RtlLengthSecurityDescriptor
strspn
RtlTimeToSecondsSince1980
RtlGenerate8dot3Name
ZwLoadDriver
ZwCreateJobObject
RtlInsertElementGenericTableAvl
RtlAreAllAccessesGranted
NtSetIoCompletion
KiUserApcDispatcher
RtlOemStringToUnicodeSize
_fltused
RtlConvertExclusiveToShared
RtlSizeHeap
RtlInitUnicodeStringEx
NtWriteFile
ZwOpenThread
RtlInterlockedPushEntrySList
strtoul
NtCreatePagingFile
NtRestoreKey
NtFilterToken
DbgUiIssueRemoteBreakin
LdrDisableThreadCalloutsForDll
abs
NtCreateIoCompletion
RtlNtStatusToDosErrorNoTeb
RtlNewInstanceSecurityObject
LdrUnloadDll
ZwCreateKey
_i64toa
RtlAddressInSectionTable
NtSetTimer
NtQuerySystemEnvironmentValueEx
NtSetSecurityObject

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 585KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50bf120c89cc36806fd6e3be12b5771e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wldap32

wininet

winsta

ntdll

Sections

.text Size: 181KB - Virtual size: 181KB

.rdata Size: 585KB - Virtual size: 585KB

.data Size: 99KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 181KB - Virtual size: 181KB

.rdata
Size: 585KB - Virtual size: 585KB

.data
Size: 99KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B