1ea3d5bc1731d459fbb6535c41a37e419ec63609b7d9317714964b7a2a55ea8a

Sharing

Copy URL Twitter E-mail

General

Target

1ea3d5bc1731d459fbb6535c41a37e419ec63609b7d9317714964b7a2a55ea8a
Size

129KB
MD5

0485aa407c41007ed11cf2f20f52bd41
SHA1

11cd847f6f12b7878c6467642216c03d9f44c6f9
SHA256

1ea3d5bc1731d459fbb6535c41a37e419ec63609b7d9317714964b7a2a55ea8a
SHA512

3e1fa671c1d3d7f01aa6eec64a5ad4abf96781055b976f644fba1d62cc31f0095b94b41a4e0a1a1f8171559a6c54b783a003074ac5552036001163202f0b384b
SSDEEP

3072:tRX68MqkEr7D707MG79g4bYuLF9JlZkycIg3e1UalABqzCfQ18Hs6Vc:tRK8KErD0wG79nF9xw3EUyzCoWMmc

Score

N/A

Malware Config

Signatures

Files

1ea3d5bc1731d459fbb6535c41a37e419ec63609b7d9317714964b7a2a55ea8a
.exe windows x86

1f119e42d6335da4ebb7698d2a3e91c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?SetDWORDParam@CCatalogAdmin@@QAEXPBGK@Z
?NumberOfSortProps@CCatState@@QBEIXZ
?AbortWorkItems@CWorkManager@@QAEXXZ
?ParseQueryPhrase@CQueryParser@@QAEPAVCDbRestriction@@XZ
??0CCategorizationSet@@QAE@ABV0@@Z
??0CTimeLimit@@QAE@KK@Z
?SetProperty@CDbPropBaseRestriction@@QAEHABVCDbColumnNode@@@Z
?Read@CRegAccess@@QAEPAGPBG0@Z
??1CDbContentBaseRestriction@@QAE@XZ
?PutMaxValue@CValueNormalizer@@QAEXKAAKW4VARENUM@@@Z
?QuerySdidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?GetBrowserCodepage@@YGKAAVCWebServer@@K@Z
??0CMemSerStream@@QAE@PAEK@Z
?SetLPWSTR@CStorageVariant@@QAEXPBGI@Z
?ShrinkToFit@CPhysStorage@@QAEXXZ
?FPSToPROPID@CPidConverter@@UAEJABVCFullPropSpec@@AAK@Z
?AcqPath@CQueryScanner@@QAEPAGXZ
CollectCIPerformanceData
??1CMetaDataMgr@@QAE@XZ
?_FindOrAddValueNode@CDbPropertyRestriction@@AAEPAVCDbScalarValue@@XZ
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?Next@CCatalogEnum@@QAEHXZ
?SetBSTR@CAllocStorageVariant@@QAEXPAGAAVPMemoryAllocator@@@Z
?Marshall@CNatLanguageRestriction@@QBEXAAVPSerStream@@@Z
?SetPath@CScopeAdmin@@QAEXPBG@Z
?UnMarshall@CDbPropSet@@QAEHAAVPDeSerStream@@@Z
?AddEntry@CCombinedPropertyList@@UAEXPAVCPropEntry@@H@Z
??1CDbSortSet@@QAE@XZ
?AllocAndCopyWString@CDbCmdTreeNode@@SGPAGPBG@Z
?AllocHeapAndCopy@@YGPAGPBGAAK@Z
?Cleanup@CDbColId@@QAEXXZ

ntdll

ZwQueryKey
NtInitiatePowerAction
RtlSelfRelativeToAbsoluteSD2
LdrAddRefDll
wcstoul
RtlCreateUserSecurityObject
NtQueryInformationProcess
LdrFindResourceDirectory_U
RtlNormalizeProcessParams
NtOpenIoCompletion
RtlCreateActivationContext
ZwQueryValueKey
RtlRandom
RtlImpersonateSelf
RtlFreeHeap
ZwAlertThread
ZwQuerySystemInformation
iswctype
NtDeviceIoControlFile
NtDeleteBootEntry
RtlpNtSetValueKey
RtlInterlockedPushEntrySList
RtlCompareString
ZwMapUserPhysicalPages
NtSetThreadExecutionState
iswalpha
LdrFindEntryForAddress
RtlQueryInformationActiveActivationContext
_memicmp
RtlValidAcl
RtlDetermineDosPathNameType_U
RtlNumberOfClearBits
RtlGetOwnerSecurityDescriptor
ZwUnmapViewOfSection
RtlFreeUnicodeString
RtlIdentifierAuthoritySid
RtlDestroyEnvironment
ZwQueryIntervalProfile
RtlCopySecurityDescriptor
ZwQuerySystemTime
LdrFindResourceEx_U
ZwAccessCheckAndAuditAlarm
ZwMapViewOfSection
NtCreateFile

wldap32

ldap_bind_sW
ldap_controls_free
ldap_sasl_bindW
ldap_compare_s
ldap_modrdn
ldap_bindW
ldap_parse_referenceA
ldap_modrdn2
cldap_open
ldap_modrdn_sA
ldap_bind_sA
ldap_add_ext_sA
ldap_explode_dnA
ldap_sslinitW
ldap_start_tls_sA
ldap_dn2ufnW
ldap_modifyW
ldap_search_extA
ldap_parse_result
ldap_unbind_s
ldap_modify_sW
ber_init
ldap_control_freeW
ldap_perror
ldap_memfreeW
ldap_initA
ber_scanf
ldap_get_dnW
ldap_explode_dn
ldap_controls_freeA
ldap_compare
ldap_next_attribute
ldap_parse_sort_control
ldap_initW
ldap_delete_extW
ldap_control_freeA
ldap_add_sW
ldap_check_filterA
ldap_encode_sort_controlA
ldap_connect
ldap_compare_extW
ldap_search_abandon_page
ber_alloc_t
ldap_search_init_pageA
ldap_bind_s
ldap_search_stW
ldap_simple_bindW
ldap_modify_extA
ldap_modify_ext_s
ldap_search_ext_s
ldap_rename_extA
ldap_parse_sort_controlW
ldap_parse_referenceW
ldap_modify_s
ldap_parse_page_controlW
ldap_search_st
ldap_ufn2dnW
ldap_search_ext
ldap_compare_ext_sW
ldap_modrdn2W
ldap_set_optionW
ldap_next_reference
ldap_add
ldap_rename_extW
ldap_sslinitA

kernel32

CreateJobObjectA
WriteProfileStringA
lstrcmp
MoveFileWithProgressW
WriteConsoleInputVDMA
EnterCriticalSection
SetComputerNameW
GetVersionExA
RtlMoveMemory
ReadConsoleOutputCharacterA
CreateTimerQueueTimer
DeleteCriticalSection
HeapCreate
lstrcatW
HeapLock
LeaveCriticalSection
lstrcatA
GetCurrencyFormatA
ExpungeConsoleCommandHistoryW
VirtualAlloc
TerminateJobObject
SetFilePointer
GetModuleFileNameA
WriteFileGather
LocalAlloc
AddConsoleAliasW
LoadLibraryA
GetCommProperties
GetConsoleOutputCP
RemoveLocalAlternateComputerNameW
WriteConsoleInputA
GetTimeZoneInformation
WaitCommEvent
GetStringTypeA

advapi32

WmiQueryAllDataMultipleA
RegSetValueExW
GetEffectiveRightsFromAclW
LsaGetSystemAccessAccount
GetAuditedPermissionsFromAclA
StartTraceW
SetNamedSecurityInfoA
FileEncryptionStatusA
LsaEnumeratePrivilegesOfAccount
WmiSetSingleInstanceA
ElfNumberOfRecords
RegOpenCurrentUser
SetEntriesInAclW
CryptEnumProviderTypesA
LsaSetQuotasForAccount
WmiExecuteMethodA
CreateRestrictedToken
MakeAbsoluteSD
InitializeSecurityDescriptor
RegUnLoadKeyW
RegisterServiceCtrlHandlerW
BuildImpersonateExplicitAccessWithNameW
I_ScIsSecurityProcess
CryptSignHashA
RegSetValueExA
CredIsMarshaledCredentialA
SetAclInformation
GetTrusteeTypeW
LsaOpenPolicySce
OpenBackupEventLogA
OpenEventLogA
RegSetValueW
LogonUserExA
NotifyBootConfigStatus

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f119e42d6335da4ebb7698d2a3e91c2

Headers

DLL Characteristics

File Characteristics

Imports

query

ntdll

wldap32

kernel32

advapi32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 88KB - Virtual size: 196KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1008B

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 88KB - Virtual size: 196KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1008B