33f528de5954e767c47f3e4326cd88f6

Sharing

Copy URL Twitter E-mail

General

Target

33f528de5954e767c47f3e4326cd88f6
Size

74KB
MD5

33f528de5954e767c47f3e4326cd88f6
SHA1

6b26739ddb146d2e22d288f08e849f759f29f0f8
SHA256

7dff98f62a3bd56387432aa7f58bef3896f4a991fe49fd9940636bbb2aae80fb
SHA512

b5c30ef3c0c28d6fa9ad7b2a975fa19157e739d4ffc90b2074be9cccd49d7dbb8afa0c65466b0c6b5d1c50a2290c367d07f492a12e0d7483cf60e0d9b860a087
SSDEEP

1536:xTRuLvCpddL0zFuosjWIUl/Ch8RcyZHqjPuxn3FmkkRP/:xTp/05u1S1J7ZHQP2FmkkRP/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33f528de5954e767c47f3e4326cd88f6

Files

33f528de5954e767c47f3e4326cd88f6
.exe windows:1 windows x86 arch:x86

b2a1556ee752d4d64fc2dfa2bf4ec24f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsMapSchemaGuidsA
DsIsMangledRdnValueW
DsReplicaSyncA
DsClientMakeSpnForTargetServerW
DsFreeSpnArrayW
DsReplicaVerifyObjectsA
DsReplicaSyncAllA
DsReplicaUpdateRefsW
DsListRolesW
DsRemoveDsDomainW
DsaopBindWithCred
DsBindWithSpnW
DsCrackNamesA
DsClientMakeSpnForTargetServerA
DsCrackSpn2W
DsRemoveDsServerA
DsaopBindWithSpn
DsFreeNameResultA
DsListInfoForServerW
DsRemoveDsServerW

msvcirt

??_Gofstream@@UAEPAXI@Z
??0filebuf@@QAE@ABV0@@Z
??1strstream@@UAE@XZ
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
?attach@ofstream@@QAEXH@Z
?openprot@filebuf@@2HB
?x_curindex@ios@@0HA
??_Eistream_withassign@@UAEPAXI@Z
??Bios@@QBEPAXXZ
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
?pcount@ostrstream@@QBEHXZ
??4ostrstream@@QAEAAV0@ABV0@@Z
?close@ifstream@@QAEXXZ
?adjustfield@ios@@2JB
??0strstreambuf@@QAE@XZ

user32

MessageBoxW
SendNotifyMessageW
DefMDIChildProcA
CharLowerBuffA
EnumDisplayDevicesA
UserHandleGrantAccess
CreateDialogIndirectParamAorW
GetWindowModuleFileNameA
GetMenuState
CallNextHookEx
DrawTextExW
UnregisterMessagePumpHook
GrayStringW
CreateIconFromResource
InsertMenuA
FindWindowA
GetRawInputDeviceInfoW
EnumPropsExW
SetParent
UnhookWindowsHookEx
DdeSetQualityOfService

kernel32

GlobalFindAtomW
ExitProcess
ReadConsoleOutputCharacterA
EnumResourceNamesA
GetLocaleInfoW
CreateMutexA
LCMapStringW
GetEnvironmentStringsW
WaitForDebugEvent
LoadLibraryExA
IsValidLanguageGroup
LoadLibraryA
VirtualAlloc
GetUserGeoID
RaiseException
SetupComm
CreateRemoteThread
VerifyVersionInfoA
GetConsoleCP
DuplicateHandle
SwitchToFiber
GetTapeStatus
SetCurrentDirectoryA
CreateDirectoryExA
IsDBCSLeadByteEx
WriteConsoleOutputAttribute
lstrlen

userenv

ExpandEnvironmentStringsForUserA
CreateEnvironmentBlock
GetProfileType
FreeGPOListA
RsopLoggingEnabled
GetAppliedGPOListA
ProcessGroupPolicyCompletedEx
RsopAccessCheckByType
ProcessGroupPolicyCompleted
LoadUserProfileA
UnregisterGPNotification
RefreshPolicyEx
UnloadUserProfile
GetDefaultUserProfileDirectoryW
FreeGPOListW
ForceSyncFgPolicy
WaitForUserPolicyForegroundProcessing
GetGPOListA
RsopResetPolicySettingStatus
DeleteProfileA
RsopSetPolicySettingStatus
GetProfilesDirectoryW
GetNextFgPolicyRefreshInfo
GetUserProfileDirectoryA

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2a1556ee752d4d64fc2dfa2bf4ec24f

Headers

File Characteristics

Imports

ntdsapi

msvcirt

user32

kernel32

userenv

Sections

.text Size: 66KB - Virtual size: 66KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 137KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 137KB

.rsrc
Size: 1KB - Virtual size: 1KB