e18977a8ba13e36ab8a85e10dad2bc8db34447cced6129ecdd202bd31be07926

Sharing

Copy URL Twitter E-mail

General

Target

e18977a8ba13e36ab8a85e10dad2bc8db34447cced6129ecdd202bd31be07926
Size

866KB
MD5

6cca287c0d6abb6a5e5b7348395138b6
SHA1

47916825dccf8a8d2fe6b980f1e0825887b9ed31
SHA256

e18977a8ba13e36ab8a85e10dad2bc8db34447cced6129ecdd202bd31be07926
SHA512

26143c54e3ddeeb13d74b23e05876e43d63d607eb5fcac96329899e3938e56f327ea267d43e8c047232925f1922bcbc36aa0dcd635afbec15af88d163c9ed157
SSDEEP

24576:rhM1z4COaM2BAE2bQaW76TP4O8KVFKuPG:rhM+CLVBAE2bZbX8GPG

Score

N/A

Malware Config

Signatures

Files

e18977a8ba13e36ab8a85e10dad2bc8db34447cced6129ecdd202bd31be07926
.exe windows x86

02b13d0e16eb0ceb7d4bc333bfb32518

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

regapi

RegSAMUserConfig
RegConsoleShadowQueryW
RegWdCreateW
RegWinStationSetSecurityA
RegCdQueryW
RegCdEnumerateA
RegGetTServerVersion
RegWinStationCreateA
RegPdEnumerateW
RegUserConfigDelete
RegPdCreateW
RegGetMachinePolicy
RegWinStationQueryEx
RegPdCreateA
RegWdDeleteA
RegGetMachinePolicyEx
RegMergeUserConfigWithUserParameters
RegWinStationQueryValueW
RegCdCreateW
RegWinStationQueryA
RegWinStationDeleteW
RegWinStationQuerySecurityA
RegCdDeleteA
RegDefaultUserConfigQueryW
RegWdEnumerateW
RegBuildNumberQuery
RegPdQueryA
RegWinStationQuerySecurityW
WaitForTSConnectionsPolicyChanges
RegWinStationEnumerateA
RegOpenServerW
RegIsTServer
RegCdEnumerateW
RegUserConfigSet
RegDefaultUserConfigQueryA
RegUserConfigRename
RegPdDeleteA
RegWinStationQueryW
RegWdEnumerateA
RegWdQueryW

odbccp32

SQLSetConfigMode
SQLWriteFileDSN
SelectTransDlg
SQLInstallTranslatorW
SQLWritePrivateProfileString
SQLGetAvailableDriversW
SQLRemoveDSNFromIni
SQLGetPrivateProfileStringW
SQLGetInstalledDriversW
SQLGetTranslator
SQLRemoveDefaultDataSource
SQLRemoveDriver
SQLWriteDSNToIni
SQLLoadDriverListBox
SQLInstallDriverExW
SQLWriteFileDSNW
SQLCreateDataSourceExW
SQLRemoveTranslatorW
SQLRemoveTranslator
SQLInstallODBCW
SQLGetInstalledDrivers
ODBCCPlApplet
SQLGetAvailableDrivers
SQLLoadDataSourcesListBox
SQLReadFileDSNW
SQLInstallTranslatorExW
SQLCreateDataSourceEx
SQLInstallTranslator
SQLPostInstallerError
SQLRemoveDSNFromIniW
SQLValidDSN
SQLRemoveDriverW
SQLCreateDataSource
SQLGetPrivateProfileString
SQLInstallerError
SQLPostInstallerErrorW
SQLWriteDSNToIniW
SQLInstallDriverW
SQLInstallODBC
SQLValidDSNW

ntdsapi

DsReplicaUpdateRefsA
DsIsMangledRdnValueA
DsListServersInSiteW
DsFreeDomainControllerInfoW
DsGetSpnA
DsReplicaSyncAllA
DsCrackSpnW
DsBindWithSpnW
DsMapSchemaGuidsW
DsCrackSpn2W
DsListServersForDomainInSiteW
DsCrackUnquotedMangledRdnA
DsWriteAccountSpnW
DsCrackUnquotedMangledRdnW
DsQuoteRdnValueW
DsaopBindWithSpn
DsMakePasswordCredentialsA
DsFreeSchemaGuidMapA
DsQuoteRdnValueA
DsBindWithSpnA
DsListServersInSiteA
DsAddSidHistoryW
DsaopExecuteScript
DsRemoveDsServerA
DsReplicaDelW
DsReplicaSyncW
DsBindA
DsCrackSpnA
DsGetDomainControllerInfoA
DsReplicaAddW
DsUnquoteRdnValueA
DsReplicaGetInfoW

dssenh

CPEncrypt
CPDuplicateHash
CPReleaseContext
CPDecrypt
CPGetProvParam
CPGetUserKey
CPDestroyHash
CPDeriveKey
CPImportKey
CPExportKey
CPSetProvParam
CPVerifySignature
CPGetHashParam
CPDestroyKey
CPSetHashParam
CPSetKeyParam
CPSignHash
CPGenRandom
CPAcquireContext
CPCreateHash
CPGenKey
CPHashData
CPGetKeyParam
CPDuplicateKey
CPHashSessionKey

opengl32

glPixelTransferf
glMaterialfv
glNormal3dv
glFogiv
glGetPointerv
glVertex3s
wglMakeCurrent
GlmfCloseMetaFile
glTexCoord2dv
glColor4ui
glPolygonMode
glEvalCoord2dv
glMap1d
glPixelTransferi
glMap2f
glColor3bv
glColor4f
glRectsv
glTexCoord2s
glTexCoord1dv
glEvalMesh2
glTexCoord2f
glSelectBuffer
glMultMatrixf
glVertex4fv
glRasterPos4f
glInterleavedArrays
glColor3s
glCopyTexImage2D
glEvalCoord1f
glColor3fv
glFinish
glBindTexture
glEnable
wglGetPixelFormat
glNormal3b
wglGetProcAddress
glGetTexParameteriv

kernel32

SetMessageWaitingIndicator
QueryActCtxW
GetProfileStringA
LZSeek
lstrcpy
VirtualUnlock
GlobalHandle
GetNamedPipeHandleStateA
GetFileTime
SetTimeZoneInformation
LoadLibraryA
SetEnvironmentVariableA
ReplaceFileA
LocalAlloc
CompareStringW
GetWindowsDirectoryW
SetComputerNameExW
GetSystemTimeAsFileTime
WaitCommEvent
HeapCompact
EnumSystemCodePagesA
FillConsoleOutputAttribute
IsDBCSLeadByte
FindNextVolumeMountPointW
GetCommConfig
GetLocaleInfoW
WriteTapemark
HeapCreate
GetConsoleCommandHistoryLengthW
VirtualAlloc
LZClose
DisconnectNamedPipe
SetCommState

tapiperf

OpenTapiPerformanceData
CloseTapiPerformanceData
CollectTapiPerformanceData

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02b13d0e16eb0ceb7d4bc333bfb32518

Headers

DLL Characteristics

File Characteristics

Imports

regapi

odbccp32

ntdsapi

dssenh

opengl32

kernel32

tapiperf

Sections

.text Size: 321KB - Virtual size: 321KB

.rdata Size: 294KB - Virtual size: 294KB

.data Size: 512B - Virtual size: 1.6MB

.rsrc Size: 248KB - Virtual size: 248KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 321KB - Virtual size: 321KB

.rdata
Size: 294KB - Virtual size: 294KB

.data
Size: 512B - Virtual size: 1.6MB

.rsrc
Size: 248KB - Virtual size: 248KB

.reloc
Size: 1024B - Virtual size: 1024B