18cd51677fb6944317f3209b11b94d28

Sharing

Copy URL

Twitter E-mail

General

Target

18cd51677fb6944317f3209b11b94d28
Size

72KB
MD5

18cd51677fb6944317f3209b11b94d28
SHA1

7e8f9c59752365ac88b6c1added3765047f5863c
SHA256

52cfe43debf34b64f8f12f33bbc9e808dab4871c504172ba1368b8a79d73fc90
SHA512

18d07db2a90974021253a8ad11da2b74f5455585cf61717ba2a164cecb8fcfee1392af7f809318a3132917033d36ec29fae3e040c83687211a6d842340f4bc12
SSDEEP

1536:XmRSqKWQaI7xgHaFDujsxP3udhscFhwK8e0cg6YGF/YhhATllDU:X/Z2HcujsxPSscFhayYyYcTllDU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18cd51677fb6944317f3209b11b94d28

Files

18cd51677fb6944317f3209b11b94d28
.exe windows:1 windows x86 arch:x86

9543ecb8accce0a5b06ddad793073851

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

adsldpc

SchemaGetObjectCount
SortAndRemoveDuplicateOIDs
ADsSetSearchPreference
ReallocADsMem
LdapGetDn
ADsSetObjectAttributes
ConvertSidToU2Trustee
LdapMakeSchemaCacheObsolete
ADSICloseDSObject
LdapFirstEntry
LdapReadAttribute2
ADSIFreeColumn
ADSICreateDSObject
ADsObject
LdapcSetStickyServer
AdsTypeToLdapTypeCopyGeneralizedTime
ADsEnumClasses
LdapSearchInitPage
LdapTypeToAdsTypeUTCTime
AdsTypeToLdapTypeCopyDNWithBinary
ADSIDeleteDSObject
LdapAttributeFree
LdapValueFreeLen
LdapOpenObject2
IsGCNamespace
ADsGetLastError
LdapFirstAttribute
ADSIGetNextRow
AdsTypeToLdapTypeCopyDNWithString
LdapCreatePageControl
SchemaClose
SchemaGetStringsFromStringTable
BuildADsPathFromLDAPPath
FindSearchTableIndex

kernel32

GetFirmwareEnvironmentVariableA
WriteConsoleOutputCharacterA
LocalFileTimeToFileTime
GetLocaleInfoW
EnumSystemCodePagesW
TryEnterCriticalSection
_lwrite
GetNumaHighestNodeNumber
GetStartupInfoW
VirtualAlloc
GetNumberFormatA
CancelWaitableTimer
FlushViewOfFile
LocalAlloc
PeekNamedPipe
GetComputerNameExW
_hwrite
GetShortPathNameA
SetConsoleLocalEUDC
LZCloseFile
HeapCreate
CreateFileA
RemoveLocalAlternateComputerNameW
LoadLibraryA
GetConsoleKeyboardLayoutNameA
GetTapeParameters
EnumDateFormatsA
GetConsoleHardwareState
SetComputerNameExA
ReadConsoleOutputW
SetFileApisToOEM
GetUserGeoID

odbc32

SQLProceduresW
SQLGetTypeInfoW
SQLColAttributeW
VFreeErrors
SQLGetTypeInfoA
SQLParamOptions
SQLGetDescRec
SQLSetCursorNameA
SQLCancel
ValidateErrorQueue
SQLDescribeCol
SQLForeignKeys
PostODBCComponentError
SQLAllocEnv
SQLPrimaryKeys
CursorLibLockStmt
SQLGetDescRecW
SQLProcedures
SQLTablePrivilegesW
SQLGetConnectOptionA
SQLNumParams
SQLExecDirect
VRetrieveDriverErrorsRowCol
SQLTables
SQLCloseCursor
SQLTablesA
SQLDriversA
SQLNativeSqlW
SQLNumResultCols
CloseODBCPerfData
SQLTablesW
SQLEndTran
SQLColAttributeA
SQLDriverConnectA

gdi32

GdiSwapBuffers
CheckColorsInGamut
ClearBrushAttributes
GetBrushOrgEx
Arc
GetCharWidthW
GetMapMode
CreateFontIndirectExA
GetTextMetricsW
GetGraphicsMode
GetWinMetaFileBits
FrameRgn
GetGlyphOutline
SetSystemPaletteUse
SetMetaRgn
DdEntry3
GetBitmapBits
FillPath
GetTextExtentPointA
CreateMetaFileA
CloseMetaFile
GetPath
EngStretchBlt
CreateBitmap
GetFontAssocStatus
StretchDIBits
CLIPOBJ_cEnumStart
GdiInitSpool
CreateBitmapIndirect
DdEntry13
EngLoadModule

mprddm

DDMAdminPortEnum
DDMAdminPortDisconnect
DDMAdminPortGetInfo
DDMDisconnectInterface
IfObjectLoadPhonebookInfo
DDMGetIdentityAttributes
DDMAdminPortReset
RasAcctProviderStartAccounting
IfObjectNotifyOfReachabilityChange
DDMSendUserMessage
IfObjectInitiatePersistentConnections
DDMAdminConnectionClearStats
IfObjectSetDialoutHoursRestriction
RasAcctProviderFreeAttributes
DDMAdminInterfaceConnect
DDMConnectInterface
DDMServicePostListens
DDMAdminConnectionEnum
DDMAdminServerGetInfo
DDMRegisterConnectionNotification
RasAcctProviderInterimAccounting
DDMAdminPortClearStats
RasAcctProviderTerminate
RasAuthProviderFreeAttributes
DDMServiceInitialize
RasAuthProviderAuthenticateUser
RasAuthProviderTerminate
RasAcctProviderStopAccounting
RasAcctProviderInitialize

rasman

RasGetBuffer
RasGetConnectionUserData
RasBundleClearStatistics
RasRpcGetInstalledProtocols
RasPortListen
RasGetDevConfigEx
RasPortRetrieveUserData
RasPortReceive
RasSecurityDialogSend
RasSetConnectionParams
RasGetConnectionParams
RasReferenceRasman
RasConnectionGetStatistics
RasPortSetProtocolCompression
RasRegisterPnPEvent
RasPortSetFraming
RasBundleGetPort
RasBundleClearStatisticsEx
RasDeviceGetInfo
RasRpcConnect
RasGetDeviceName
RasGetNumPortOpen
RasGetInfo
RasProtocolEnum
RasGetUserCredentials
RasSetPortUserData
RasLinkGetStatistics
RasBundleGetStatisticsEx
RasRpcEnumConnections
RasSendCreds
RasStartRasAutoIfRequired
RasSetRouterUsage
RasPortSend
RasFreeBuffer
RasPortGetBundledPort
RasSetAddressDisable
RasGetConnectInfo
RasPortReserve
RasRegisterPnPHandler
RasCompressionSetInfo
RasPortConnectComplete

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9543ecb8accce0a5b06ddad793073851

Headers

File Characteristics

Imports

adsldpc

kernel32

odbc32

gdi32

mprddm

rasman

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 26KB - Virtual size: 220KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 26KB - Virtual size: 220KB

.rsrc
Size: 4KB - Virtual size: 4KB