cebd1e8788ba7c7dd11dc69f6cc450cad3ecc241d707c021db7e41eb95083a90

Sharing

Copy URL Twitter E-mail

General

Target

cebd1e8788ba7c7dd11dc69f6cc450cad3ecc241d707c021db7e41eb95083a90
Size

391KB
MD5

8c2ea0dae6b1357266249c1f68326ace
SHA1

577db7a857ac9414eb6eaedfc7b11dc1140db32c
SHA256

cebd1e8788ba7c7dd11dc69f6cc450cad3ecc241d707c021db7e41eb95083a90
SHA512

075b758fb824c2b0ef851b92acf6be7c1d93b3e25b129453a558e7eef160e750a22f42eb18925b22f6da29df987609e2e12ec54e0093b30fa73439cc802bca55
SSDEEP

6144:xCYja+JE/8fy3dc+E80ur6/kQyci1/WfBlsHIL95Io1zL3/dbvLkTJ+AKVS1Qne:pCUfKqqr6qc7rsHq9B1PFEJ7lQne

Score

N/A

Malware Config

Signatures

Files

cebd1e8788ba7c7dd11dc69f6cc450cad3ecc241d707c021db7e41eb95083a90
.exe windows x86

c0ad18aac4e000de01498f8d20b422dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

t2embed

_TTRunValidationTests@8
_TTGetEmbeddingType@8
TTRunValidationTests
_TTEnableEmbeddingForFacename@8
TTLoadEmbeddedFont
_TTGetEmbeddedFontInfo@28
_TTLoadEmbeddedFont@40
TTRunValidationTestsEx
_TTEmbedFontFromFileA@52
TTEmbedFont
TTGetEmbeddingType
_TTDeleteEmbeddedFont@12
TTIsEmbeddingEnabledForFacename
TTEmbedFontFromFileA
TTIsEmbeddingEnabled
_TTIsEmbeddingEnabledForFacename@8
TTCharToUnicode
_TTEmbedFont@44
_TTCharToUnicode@24
TTGetEmbeddedFontInfo
_TTIsEmbeddingEnabled@8
TTEnableEmbeddingForFacename
TTGetNewFontName
TTDeleteEmbeddedFont
TTEmbedFontEx

advapi32

LsaQuerySecret
LsaSetInformationPolicy
SaferiCompareTokenLevels
BuildExplicitAccessWithNameW
CommandLineFromMsiDescriptor
WmiQueryAllDataMultipleW
BackupEventLogA
SaferiRecordEventLogEntry
ConvertStringSecurityDescriptorToSecurityDescriptorW
CredpConvertTargetInfo
WmiExecuteMethodA
StopTraceW
QueryAllTracesW
InitiateSystemShutdownW
TraceEventInstance
GetNamedSecurityInfoW
RegEnumValueA
ElfDeregisterEventSource
CryptDestroyHash
GetNamedSecurityInfoExW
OpenEncryptedFileRawA
ObjectDeleteAuditAlarmA
WriteEncryptedFileRaw
ConvertSecurityDescriptorToStringSecurityDescriptorA
LsaSetInformationTrustedDomain
OpenTraceA
ElfBackupEventLogFileA
ObjectCloseAuditAlarmW
ConvertStringSidToSidA
SystemFunction006
LsaAddAccountRights
GetNumberOfEventLogRecords

kernel32

CmdBatNotification
SetThreadUILanguage
GetCommTimeouts
GetVersion
GetCommState
FreeEnvironmentStringsA
ChangeTimerQueueTimer
GetOverlappedResult
GetConsoleAliasW
LoadLibraryExW
GetConsoleCommandHistoryA
DnsHostnameToComputerNameA
GetFileSize
FindFirstVolumeMountPointA
TerminateJobObject
EnumTimeFormatsA
GetEnvironmentStringsW
BaseDumpAppcompatCache
GetDiskFreeSpaceExW
CreateDirectoryExW
FindResourceA
SetCurrentDirectoryW
RegisterWowBaseHandlers
PrepareTape
DeleteVolumeMountPointA
LocalLock
SystemTimeToTzSpecificLocalTime
GetQueuedCompletionStatus
GetProcessPriorityBoost
CancelTimerQueueTimer
LZInit
GetCurrentThread
FindNextVolumeA
GetProfileStringW
GetSystemDefaultLCID
SetStdHandle
GetConsoleKeyboardLayoutNameA
LoadLibraryA
EnumCalendarInfoExA
SetLocaleInfoA
SetConsoleCursorInfo
Module32FirstW
GetThreadPriorityBoost
GetLogicalDriveStringsW
DebugActiveProcess
SetThreadContext
CreateEventA
ReadProcessMemory
GetTimeFormatW
RegisterConsoleOS2
FillConsoleOutputAttribute
CompareFileTime
ReplaceFile
BeginUpdateResourceW
GlobalGetAtomNameA
EnumSystemLanguageGroupsW
GetTempFileNameA
GetPrivateProfileIntA
GetEnvironmentStrings
GetCompressedFileSizeW
GetThreadContext
FindCloseChangeNotification
GetPrivateProfileStructA
VirtualAlloc
CreateSocketHandle
LocalAlloc
GetLogicalDrives
GetTimeFormatA
InitializeSListHead
FindActCtxSectionStringW
LZRead
GetCurrencyFormatW
QueryPerformanceCounter
SetConsoleHardwareState
SetThreadLocale
SetLocaleInfoW
SetMailslotInfo
BaseCleanupAppcompatCacheSupport

sqlunirl

_lstrcat_@8
_SendMessageCallback_@24
_RegDeleteKey_@8
_MapVirtualKey_@8
_OpenDesktop_@16
_RegQueryValue_@16
_LoadBitmap@8
_SetDefaultCommConfig_@12
_GetNamedPipeHandleState_@28
_OpenFile_@12
_RegQueryInfoKey_@48
_CharLower@4
_WriteProfileString_@12
_RegQueryMultipleValues_@20
_SHFileOperation_@4
__lcreat_@8
_GetOpenFileName@4
_SetFileAttributes_@8
_RegRestoreKey_@12
_FindAtom_@4
_CreateDialogParam_@20
_CreateAcceleratorTable_@8
_PrintDlg_@4
_DrawTextEx_@24
_WritePrivateProfileString_@16
_DialogBoxIndirectParam_@20

samlib

SamLookupDomainInSamServer
SamRemoveMemberFromAlias
SamGetDisplayEnumerationIndex
SamConnect
SamSetInformationAlias
SamSetInformationDomain
SamTestPrivateFunctionsDomain
SamiOemChangePasswordUser2
SamLookupNamesInDomain
SamQueryInformationDomain
SamRemoveMemberFromGroup
SamiSetBootKeyInformation
SamCreateGroupInDomain
SamOpenDomain
SamFreeMemory
SamConnectWithCreds
SamiSetDSRMPasswordOWF
SamAddMemberToAlias
SamRemoveMemberFromForeignDomain
SamSetInformationUser
SamCreateAliasInDomain
SamiChangePasswordUser
SamChangePasswordUser3
SamQueryInformationGroup
SamOpenUser
SamDeleteAlias
SamQueryInformationAlias
SamGetAliasMembership
SamEnumerateDomainsInSamServer
SamEnumerateUsersInDomain
SamChangePasswordUser2
SamiSetDSRMPassword
SamEnumerateAliasesInDomain
SamGetMembersInGroup
SamGetCompatibilityMode

activeds

PropVariantToAdsType2
ADsDecodeBinaryData
ADsGetLastError
ConvertSecurityDescriptorToSecDes
ADsSetLastError
AdsTypeToPropVariant
DllGetClassObject
AllocADsStr
AllocADsMem
FreeADsMem
SecurityDescriptorToBinarySD
ADsEncodeBinaryData
ADsGetObject
ADsBuildVarArrayInt
ConvertSecDescriptorToVariant
FreeADsStr
PropVariantToAdsType
ReallocADsMem
ADsFreeEnumerator
AdsFreeAdsValues
AdsTypeToPropVariant2
ADsOpenObject
ADsBuildVarArrayStr
ReallocADsStr
ADsEnumerateNext
ADsBuildEnumerator
BinarySDToSecurityDescriptor

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0ad18aac4e000de01498f8d20b422dc

Headers

DLL Characteristics

File Characteristics

Imports

t2embed

advapi32

kernel32

sqlunirl

samlib

activeds

Sections

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 1KB - Virtual size: 592KB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 1KB - Virtual size: 592KB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 1024B - Virtual size: 1024B