cd4b627ef857d3c01700f3f8655ca9090f14b647961446b13b338eceb27bc1bb

Sharing

Copy URL Twitter E-mail

General

Target

cd4b627ef857d3c01700f3f8655ca9090f14b647961446b13b338eceb27bc1bb
Size

870KB
MD5

a75eed785507653e502c6548154cbc51
SHA1

845b600f12fde33f1e7a78f269f06b774e45a0c3
SHA256

cd4b627ef857d3c01700f3f8655ca9090f14b647961446b13b338eceb27bc1bb
SHA512

18acaf2fd03aeda74012fef8fa9219abd5633f9f0f01c3a5020a614bd4b937a9d12caafd65c571ba89f39861d1ba8472c6c0dd92aade824b1a2bd3ba32dc2077
SSDEEP

24576:Vt/pGT/YGoNg57gncYlvd92n2LfTfvqV22H:VtRGTVSg5ccOr2GfA2a

Score

N/A

Malware Config

Signatures

Files

cd4b627ef857d3c01700f3f8655ca9090f14b647961446b13b338eceb27bc1bb
.exe windows x86

f03e83069f188c9462338d5314848879

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ldap_rename_extW
ldap_extended_operationW
ldap_modrdn2W
ldap_escape_filter_elementA
ldap_set_dbg_flags
ldap_dn2ufnW
ldap_add_extA
ldap_simple_bindW
ldap_rename_ext
ldap_controls_free
LdapGetLastError
ldap_search
ldap_delete_ext_sA
ldap_count_values_len
ldap_simple_bind_sW
ber_bvecfree
ldap_compare_ext_sA
ldap_deleteA
ldap_escape_filter_element
ldap_delete_ext_sW
ldap_cleanup
ldap_parse_extended_resultA
ldap_add_ext_sW
ldap_searchW
ldap_compare_ext_sW
ldap_check_filterW
ldap_unbind_s
ldap_set_optionW
ldap_modrdn_sA
ldap_extended_operationA
ldap_first_entry
ber_alloc_t
ldap_set_dbg_routine
ldap_create_vlv_controlW
ldap_create_vlv_controlA
ldap_delete_extW
ldap_delete_sA

gdi32

GetTextExtentPoint32W
GetFontAssocStatus
EnumICMProfilesA
EnumFontsW
GetTextExtentPoint32A
DdEntry37
EngPaint
GetStretchBltMode
DdEntry49
PolyPolygon
RemoveFontResourceExW
DdEntry5
CreateFontIndirectW
SetEnhMetaFileBits
GdiConvertBitmapV5
GetDIBColorTable
CreateFontIndirectA
EngStrokePath
CreateRoundRectRgn
EngDeletePath
Polygon
SetMetaRgn
SelectFontLocal
GetGlyphIndicesW
PlayMetaFile
GetTextFaceA
CreateCompatibleBitmap
SetRelAbs
AbortDoc
HT_Get8BPPMaskPalette
ExtFloodFill
GetTextCharset
DdEntry21
ResizePalette
FONTOBJ_pxoGetXform
CreatePatternBrush
DdEntry2
RectVisible
ExtTextOutW
GdiGetCharDimensions
EngUnicodeToMultiByteN
GdiEntry10
GdiEntry6
GetGlyphOutlineA
ResetDCW
GdiStartDocEMF
StartFormPage
GetRegionData
XLATEOBJ_cGetPalette
SetBitmapDimensionEx
GetEnhMetaFileDescriptionW
DdEntry19
GdiAddFontResourceW
GdiDeleteSpoolFileHandle
DdEntry8
EudcLoadLinkW
SetWindowExtEx
EngBitBlt
GetCharWidthFloatA
EngGetCurrentCodePage
WidenPath
RemoveFontResourceTracking
AddFontResourceExW
BRUSHOBJ_pvGetRbrush

msvcirt

?stossc@streambuf@@QAEXXZ
?read@istream@@QAEAAV1@PADH@Z
??_7ios@@6B@
??5istream@@QAEAAV0@AAI@Z
??_Estreambuf@@UAEPAXI@Z
?oct@@YAAAVios@@AAV1@@Z
?dec@@YAAAVios@@AAV1@@Z
??0strstream@@QAE@PADHH@Z
??_Gistream@@UAEPAXI@Z
?overflow@strstreambuf@@UAEHH@Z
??_7ostrstream@@6B@
?cin@@3Vistream_withassign@@A
?pcount@ostrstream@@QBEHXZ
??5istream@@QAEAAV0@PAD@Z
?tellp@ostream@@QAEJXZ
??1ostrstream@@UAE@XZ
?setmode@ofstream@@QAEHH@Z
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
?seekg@istream@@QAEAAV1@J@Z
?flush@@YAAAVostream@@AAV1@@Z
?attach@ofstream@@QAEXH@Z
?eatwhite@istream@@QAEXXZ
??_Dstdiostream@@QAEXXZ
?unlockc@ios@@KAXXZ
?setrwbuf@stdiobuf@@QAEHHH@Z
?lockbuf@ios@@QAAXXZ
??0istrstream@@QAE@ABV0@@Z
??4istream@@IAEAAV0@PAVstreambuf@@@Z
??_Gostrstream@@UAEPAXI@Z
??0iostream@@IAE@XZ
??1exception@@UAE@XZ
?get@istream@@IAEAAV1@PADHH@Z
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
??_Distream_withassign@@QAEXXZ
??0istrstream@@QAE@PADH@Z
??0ofstream@@QAE@XZ
??0ofstream@@QAE@HPADH@Z
?get@istream@@QAEAAV1@PAEHD@Z
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
?pcount@strstream@@QBEHXZ
??4stdiostream@@QAEAAV0@AAV0@@Z
?close@filebuf@@QAEPAV1@XZ
?precision@ios@@QAEHH@Z
??_Estrstream@@UAEPAXI@Z

kernel32

UnmapViewOfFile
CloseConsoleHandle
GetTapeParameters
LocalAlloc
FlushInstructionCache
WriteConsoleOutputCharacterA
GetNumaAvailableMemoryNode
GetNumberFormatA
GetComputerNameExA
InterlockedPushEntrySList
LoadLibraryA
GetTapePosition
GetPrivateProfileSectionA
GetCurrentThread
_lread
GlobalGetAtomNameA
BuildCommDCBA
QueueUserWorkItem
CallNamedPipeW
GetEnvironmentStringsW
GetHandleContext
ReadFileScatter
RemoveLocalAlternateComputerNameA
QueryPerformanceCounter
VirtualAlloc
GetPrivateProfileSectionNamesA
GetPrivateProfileStructW
SetConsoleScreenBufferSize
GetSystemTimeAdjustment
CreateJobSet
GetSystemWow64DirectoryA
SetTermsrvAppInstallMode
GetNumaHighestNodeNumber
WritePrivateProfileStructA

ntdll

RtlCutoverTimeToSystemTime
RtlVerifyVersionInfo
RtlSetDaclSecurityDescriptor
NtSystemDebugControl
ZwPowerInformation
RtlGetOwnerSecurityDescriptor
NtPrivilegedServiceAuditAlarm
NtSetQuotaInformationFile
NtQuerySecurityObject
RtlDeleteTimer
ZwEnumerateBootEntries
ZwReadFile
_strcmpi
RtlIpv4StringToAddressA
RtlRealPredecessor
NtOpenEventPair
ZwLoadKey
RtlSplay
ZwDeleteBootEntry
NtSetTimer
NtFsControlFile
ZwSetSystemEnvironmentValueEx
NtModifyBootEntry
NtCreateWaitablePort
abs
ZwReplyPort
ZwEnumerateSystemEnvironmentValuesEx
NtDeleteFile
ZwSetQuotaInformationFile
NtImpersonateThread
ZwEnumerateKey
NtSetSecurityObject
ZwQueryTimer
NtConnectPort
NtDeleteAtom
DbgSetDebugFilterState
fabs
RtlLocalTimeToSystemTime

wsnmp32

SnmpGetVb
SnmpCleanup
SnmpSetRetry
SnmpGetTranslateMode
SnmpListen
_SnmpSetAgentAddress@4
SnmpStrToOid
SnmpGetPduData
SnmpGetRetransmitMode
SnmpSendMsg
SnmpRegister
_SnmpConveyAgentAddress@4
SnmpStrToContext
SnmpOidToStr
SnmpCountVbl
SnmpDuplicatePdu
SnmpDecodeMsg
SnmpCreateSession
SnmpOidCopy
SnmpDuplicateVbl
SnmpFreePdu
SnmpFreeDescriptor
SnmpRecvMsg
SnmpGetTimeout
SnmpOidCompare
SnmpEntityToStr
SnmpDeleteVb
SnmpFreeContext
SnmpEncodeMsg
SnmpGetRetry
SnmpGetVendorInfo
SnmpSetRetransmitMode
SnmpCreateVbl
SnmpOpen
SnmpSetTranslateMode
SnmpFreeEntity
SnmpSetPduData
SnmpCreatePdu
SnmpGetLastError
SnmpContextToStr

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f03e83069f188c9462338d5314848879

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

gdi32

msvcirt

kernel32

ntdll

wsnmp32

Sections

.text Size: 143KB - Virtual size: 143KB

.rdata Size: 320KB - Virtual size: 320KB

.data Size: 512B - Virtual size: 1.8MB

.rsrc Size: 405KB - Virtual size: 405KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 143KB - Virtual size: 143KB

.rdata
Size: 320KB - Virtual size: 320KB

.data
Size: 512B - Virtual size: 1.8MB

.rsrc
Size: 405KB - Virtual size: 405KB

.reloc
Size: 1024B - Virtual size: 1024B