w2k3sp2_3959_usa_x64fre_spcd[.]iso

Sharing

Copy URL

Twitter E-mail

General

Target

w2k3sp2_3959_usa_x64fre_spcd.iso
Size

475.0MB
MD5

645a05b8ffa50c8327011978c5faf710
SHA1

6eed7cf98fdc73aa50452db2bd8c7148ee95904a
SHA256

1f211fd81a24d7a2a93642b4235f9a8bdf6769605970e53cd426799c12cf6990
SHA512

139a7acb2bfbd76702e7ba4b065e8bcb0acea42cb450001bf20d8d537c0a7e291eadc3cd62443145a5b55c5601e55fe4d8ce7abd50b5b194754bb22b576c6659
SSDEEP

12582912:XfA56RqQ4Zk/sfiLhJ1p6q5bosu5G4106fLlx+kh6sVQhnxPCP:XfAUykuiLf1IKbtsG+06DT+k7AnxPCP

Score

1^/10

Malware Config

Signatures

Files

w2k3sp2_3959_usa_x64fre_spcd.iso
.iso
AUTORUN.INF
CDLAUNCH/SHELEXEC.EXE
.exe windows x86

58ea9c226761c3223961c1747a2795cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetModuleHandleA
GetOEMCP
SetHandleCount
GetFileType
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapFree
HeapAlloc
VirtualAlloc
GetProcAddress
LoadLibraryA

shell32

ShellExecuteA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 823B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 886B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
READMESP.HTM
SRSP2.CMD
SUPPORT/SYMBOLS/SYMBOLS.CAB
.cab
SUPPORT/SYMBOLS/SYMBOLS.CAT
SUPPORT/SYMBOLS/SYMBOLS.INF
SUPPORT/TOOLS/DCDIAG.EXE
.exe windows x64

6f7ed5b51741daa675d503373dc29aec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_stricmp
iswxdigit
_vsnprintf
___mb_cur_max_func
_snwprintf
_purecall
??2@YAPEAX_K@Z
_vsnwprintf
??3@YAXPEAX@Z
__CxxFrameHandler
time
towupper
towlower
_ltow
_wtoi
mbstowcs
wcstol
wcscspn
wcstombs
realloc
free
_wtoi64
wcsstr
printf
wcstoul
atoi
memcpy
memset
vswprintf
fflush
fwprintf
_wfopen
_fcloseall
malloc
wcsncpy
memmove
wcschr
_onexit
__dllonexit
__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__wgetmainargs
__winitenv
_wcsnicmp
putchar
_wcsicmp
swprintf
_iob
fputws
wprintf
__C_specific_handler
sprintf
setlocale
iswspace
iswprint
qsort
exit
_cexit
_exit
_c_exit
_XcptFilter
_atoi64
memcmp

kernel32

DeleteCriticalSection
GetComputerNameExW
CompareFileTime
__chkstk
Sleep
lstrlenW
GetComputerNameW
WideCharToMultiByte
LeaveCriticalSection
ResetEvent
SetEvent
EnterCriticalSection
TlsSetValue
TlsGetValue
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InitializeCriticalSection
FileTimeToLocalFileTime
GetComputerNameExA
CreateFileW
WriteFile
CreateEventW
WaitForSingleObject
GetConsoleScreenBufferInfo
FileTimeToSystemTime
HeapFree
LoadLibraryExW
ExpandEnvironmentStringsW
LocalFree
LocalAlloc
MultiByteToWideChar
GetStdHandle
GetConsoleMode
GetLastError
SetConsoleMode
ReadConsoleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetConsoleOutputCP
SetThreadUILanguage
GetTimeZoneInformation
GetProcessHeap
SystemTimeToFileTime
GetSystemTime
LocalSize
LocalReAlloc
CompareStringW
TlsAlloc
SetLastError
CreateThread
WaitForMultipleObjects
CloseHandle
GetSystemDefaultLangID
RaiseException
FormatMessageW
SystemTimeToTzSpecificLocalTime

user32

wsprintfW

netapi32

DsRoleGetPrimaryDomainInformation
I_NetLogonControl2
NetUserSetInfo
NetUserGetInfo
NetApiBufferFree
DsGetDcNameW
DsRoleFreeMemory
NetRemoteTOD

ntdsapi

DsMakeSpnW
DsWriteAccountSpnW
DsReplicaSyncAllW
DsReplicaAddW
DsListRolesW
DsReplicaSyncW
DsReplicaGetInfoW
DsIsMangledDnW
DsUnBindW
DsCrackNamesW
DsFreeNameResultW
DsBindWithSpnW
DsReplicaGetInfo2W
DsReplicaFreeInfo

wldap32

ord145
ord12
ord167
ord127
ord157
ord69
ord14
ord118
ord21
ord77
ord29
ord224
ord122
ord191
ord41
ord27
ord147
ord140
ord133
ord26
ord36
ord135
ord18
ord16
ord206
ord79
ord142
ord208
ord13
ord203
ord73

rpcrt4

UuidFromStringW
NdrClientCall2
RpcBindingSetAuthInfoExA
RpcBindingSetAuthInfoA
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
RpcErrorEndEnumeration
RpcErrorGetNextRecord
RpcErrorStartEnumeration
RpcStringFreeW
UuidToStringW

ws2_32

WSACleanup
WSAStartup
inet_addr
WSASetLastError
getaddrinfo
freeaddrinfo
getnameinfo
WSALookupServiceBeginW
WSAGetLastError
WSALookupServiceNextW
inet_ntoa
WSALookupServiceEnd

dnsapi

DnsUpdateTest_W
DnsQuery_W
DnsRecordListFree
DnsQueryConfig
DnsValidateName_W
DnsNameCompare_W
DnsQueryConfigAllocEx
DnsFreeConfigStructure
DnsFlushResolverCacheEntry_W

mpr

WNetGetResourceInformationW
WNetCancelConnection2W
WNetAddConnection2W

iphlpapi

IcmpCloseHandle
IcmpCreateFile
GetIpAddrTable
IcmpSendEcho2

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
VariantChangeType
VariantInit
SysFreeString
SysAllocString

ole32

CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoQueryProxyBlanket
CoInitializeEx
CoInitialize
CoUninitialize

msvcp60

?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@AEBV12@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBAHAEBV12@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPEBGXZ@4GB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@AEBV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBGAEBV?$allocator@G@1@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@PEBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@PEBG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KAEBV12@_K@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBAHPEBG@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA?AV12@_K0@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2_KB
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KG_K@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAX_K@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAG_K@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@AEBV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@PEBG@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@_K0@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA_KPEBG_K@Z

advapi32

GetAce
OpenEventLogW
GetNumberOfEventLogRecords
ReadEventLogW
ImpersonateLoggedOnUser
LogonUserW
RevertToSelf
GetLengthSid
AllocateAndInitializeSid
LookupAccountSidW
CloseEventLog
EqualSid
IsValidSid
FreeSid
LsaFreeMemory
LsaClose
LsaEnumerateAccountsWithUserRight
LsaOpenPolicy
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegConnectRegistryW
LsaQueryTrustedDomainInfoByName
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
LsaQueryInformationPolicy
StartServiceW
ControlService
EnumDependentServicesW
LsaSetSecret
LsaOpenSecret
RegOpenKeyExW
RegEnumKeyExW
ConvertSidToStringSidW

ntdll

RtlInitUnicodeString
RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
RtlGetDaclSecurityDescriptor
RtlLengthSid
RtlIpv6AddressToStringA

Sections

.text
Size: 595KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SUPPORT/TOOLS/DEPLOY.CAB
.cab
SUPPORT/TOOLS/FASTWIZ.EXE
.exe windows x64

a897912c923f1ba4e229dcaf314e6cde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
GetModuleFileNameA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GlobalFree
GetProcAddress
GlobalLock
GlobalAlloc
FreeResource
LockResource
CloseHandle
SizeofResource
FindResourceA
ReadFile
RtlCopyMemory
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
RtlZeroMemory
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LoadResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalUnlock

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongPtrA
GetWindowLongPtrA
CallWindowProcA
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SUPPORT/TOOLS/GBUNICNV.EXE
.exe windows x64

1193834a54e02f66a249b663ecff1a23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comdlg32

GetOpenFileNameA

mfc42

ord4378
ord5074
ord5737
ord5718
ord6060
ord3058
ord3252
ord3371
ord4824
ord3240
ord3375
ord3061
ord3175
ord3055
ord4092
ord4093
ord4087
ord3173
ord4381
ord4992
ord4779
ord3926
ord659
ord6891
ord1063
ord852
ord822
ord2529
ord1436
ord1469
ord2912
ord2407
ord2598
ord6448
ord4375
ord1792
ord4750
ord5670
ord2413
ord5595
ord6818
ord4703
ord5719
ord4027
ord2764
ord4798
ord2682
ord2074
ord6820
ord3943
ord5493
ord1749
ord5690
ord2471
ord2154
ord5706
ord3544
ord4997
ord3753
ord665
ord1447
ord5694
ord4730
ord5254
ord5415
ord5086
ord6445
ord1791
ord4761
ord5709
ord4780
ord5731
ord337
ord4567
ord2385
ord2325
ord2398
ord2343
ord4483
ord984
ord525
ord6773
ord2673
ord6890
ord1289
ord1122
ord4446
ord1505
ord1506
ord1595
ord5729
ord3477
ord2426
ord5624
ord1392
ord4201
ord6078
ord2527
ord2571
ord4845
ord6819
ord4608
ord626
ord1124
ord1040
ord5048
ord5238
ord3771

msvcrt

_commode
_fmode
__set_app_type
??1type_info@@UEAA@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
wcsstr
wcschr
memmove
strstr
strchr
_strlwr
fwrite
fopen
fread
fclose
_mbscmp
_CxxThrowException
memcpy
__argc
__argv
__CxxFrameHandler
_setmbcp

kernel32

WideCharToMultiByte
MultiByteToWideChar
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrcpyA
FindFirstFileA
FindClose
lstrlenA
SetUnhandledExceptionFilter

user32

AppendMenuA
SendMessageA
GetSystemMenu
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
wsprintfA
DrawIcon

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SUPPORT/TOOLS/HFDEPLOY.HTM
SUPPORT/TOOLS/REPADMIN.EXE
.exe windows x64

4a1938602f71ae39b15a7d05345ca68c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__wgetmainargs
__winitenv
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_getch
toupper
fwrite
__dllonexit
fread
_wfopen
strncmp
fwprintf
_iob
_vsnprintf
memset
_wcsicmp
_itow
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_stricmp
_atoi64
iswprint
iswspace
setlocale
_onexit
fclose
calloc
wcsncpy
_wtol
sprintf
towlower
wcstoul
tolower
wprintf
_wtoi
wcsstr
atol
atoi
swscanf
swprintf
_snwprintf
realloc
qsort
wcstol
_vsnwprintf
free
exit
malloc
_wcsnicmp
memmove
wcschr
memcpy
_local_unwind

advapi32

RegCloseKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
RegConnectRegistryW
ConvertSidToStringSidW
FreeSid
AllocateAndInitializeSid
LookupAccountSidA

kernel32

GetSystemDefaultLangID
MultiByteToWideChar
SetThreadUILanguage
GetConsoleScreenBufferInfo
GetTimeZoneInformation
RaiseException
__chkstk
LoadLibraryA
GetProcAddress
FreeLibrary
CompareStringW
SetLastError
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
LoadLibraryW
lstrcpynW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetConsoleOutputCP
LocalFree
LocalAlloc
GetModuleHandleA
GetConsoleMode
GetStdHandle
GetLastError
SetConsoleMode
ReadConsoleW
CompareFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
FormatMessageW

ntdsapi

DsReplicaGetInfo2W
DsReplicaSyncAllW
DsBindW
DsBindWithSpnW
DsUnBindW
DsReplicaAddW
DsReplicaModifyW
DsReplicaDelW
DsReplicaUpdateRefsW
DsReplicaConsistencyCheck
DsReplicaSyncW
DsReplicaVerifyObjectsW
DsIsMangledDnW
DsReplicaGetInfoW
DsUnBindA
DsReplicaFreeInfo
DsIsMangledRdnValueW
DsCrackNamesW
DsFreeNameResultW

wldap32

ord122
ord147
ord97
ord191
ord34
ord38
ord21
ord36
ord72
ord136
ord203
ord127
ord167
ord133
ord54
ord304
ord310
ord309
ord301
ord179
ord300
ord311
ord94
ord46
ord73
ord12
ord155
ord27
ord135
ord16
ord50
ord206
ord77
ord142
ord41
ord79
ord35
ord224
ord140
ord26
ord208
ord13
ord157
ord118
ord18
ord45
ord14
ord145
ord231
ord29
ord37

netapi32

DsRoleFreeMemory
NetApiBufferFree
DsGetDcNameW
DsRoleGetPrimaryDomainInformation

secur32

GetComputerObjectNameW

user32

wsprintfW
LoadStringW

rpcrt4

I_RpcGetExtendedError
RpcSsGetContextBinding
RpcBindingSetOption
NdrClientCall2
RpcBindingSetAuthInfoExA
RpcStringFreeA
I_RpcExceptionFilter
RpcBindingFromStringBindingA
RpcBindingFree
RpcStringBindingComposeA
RpcStringFreeW
UuidToStringW
UuidFromStringW

ws2_32

inet_ntoa
ntohl

crypt32

CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CryptDecodeObject
CertFindExtension

certcli

CAFreeCertTypeProperty
CAGetCertTypeProperty
CAFindCertTypeByName
CACloseCertType

dnsapi

DnsValidateName_W

mpr

WNetAddConnection2W
WNetCancelConnection2W

msvcp60

??0_Lockit@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ

ntdll

RtlLengthSid

Sections

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SUPPORT/TOOLS/SPDEPLOY.HTM
SUPPORT/TOOLS/SUPPORT.CAB
.cab
SUPPORT/TOOLS/SUPTOOLS.MSI
.msi
SUPPORT/TOOLS/SUP_PRO.CAB
.cab
SUPPORT/TOOLS/SUP_SRV.CAB
.cab
WINDOWSSERVER2003.WINDOWSXP-KB914961-SP2-X64-ENU.EXE
.exe windows x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0b:5b:40:55:24:b6:2d:6d:d2:a7:55:ae:cd:07:d4:b1:7c:c3:38:66
Signer

Actual PE Digest

0b:5b:40:55:24:b6:2d:6d:d2:a7:55:ae:cd:07:d4:b1:7c:c3:38:66

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

18/02/2007, 20:29
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 350.9MB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58ea9c226761c3223961c1747a2795cd

Headers

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 823B

.data Size: 4KB - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 886B

.reloc Size: 1024B - Virtual size: 752B

6f7ed5b51741daa675d503373dc29aec

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

netapi32

ntdsapi

wldap32

rpcrt4

ws2_32

dnsapi

mpr

iphlpapi

oleaut32

ole32

msvcp60

advapi32

ntdll

Sections

.text Size: 595KB - Virtual size: 595KB

.data Size: 15KB - Virtual size: 41KB

.pdata Size: 24KB - Virtual size: 23KB

.rsrc Size: 98KB - Virtual size: 97KB

a897912c923f1ba4e229dcaf314e6cde

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 48KB - Virtual size: 47KB

.data Size: 1024B - Virtual size: 7KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

1193834a54e02f66a249b663ecff1a23

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 1008B

.rsrc Size: 9KB - Virtual size: 9KB

4a1938602f71ae39b15a7d05345ca68c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 823B

.data
Size: 4KB - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 886B

.reloc
Size: 1024B - Virtual size: 752B

.text
Size: 595KB - Virtual size: 595KB

.data
Size: 15KB - Virtual size: 41KB

.pdata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 98KB - Virtual size: 97KB

.text
Size: 48KB - Virtual size: 47KB

.data
Size: 1024B - Virtual size: 7KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 1008B

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 274KB - Virtual size: 274KB

.data
Size: 9KB - Virtual size: 364KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 62KB - Virtual size: 61KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

0b:5b:40:55:24:b6:2d:6d:d2:a7:55:ae:cd:07:d4:b1:7c:c3:38:66
Signer

18/02/2007, 20:29
Valid: false

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 68KB

.rsrc
Size: 350.9MB - Virtual size: 2KB