52d3a60b635b39e7a985ef65f62abe17

Sharing

Copy URL Twitter E-mail

General

Target

52d3a60b635b39e7a985ef65f62abe17
Size

1.1MB
MD5

52d3a60b635b39e7a985ef65f62abe17
SHA1

4444179e55a5411c4348cbf024b1d92b343903a6
SHA256

77e02d9ff3317d61c7e6c1adc1ee01513ede3c6691f5fd6e7c656a13a13c6666
SHA512

00df445950f15e2e32d9d3881d52a2758488f9aa607fc299f35d39309f619c6096ffefc5adc820c0b4a8cd55d609fd98255f5dfad8613456e136c0889b310c91
SSDEEP

24576:HKLnDSubfSMDRo5POKzkzjmJOYcqLIVdeKT7gnsxGYS7LlMBm5o:HKLnD3SOeOaEj3Jxwx4m5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52d3a60b635b39e7a985ef65f62abe17

Files

52d3a60b635b39e7a985ef65f62abe17
.exe windows:2 windows x86 arch:x86

865b009b6f03d1f4d9d214bef07a6a2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

adsldpc

LdapSearchInitPage
LdapReadAttribute2
LdapSearch
ADSIGetPreviousRow
LdapMemFree
LdapAddExtS
LdapOpenObject
SortAndRemoveDuplicateOIDs
UnMarshallLDAPToLDAPSynID
LdapInitializeSearchPreferences
LdapGetDn
LdapTypeBinaryToString
BerBvFree
LdapMsgFree
LdapTypeFreeLdapObjects
LdapControlsFree
LdapTypeToAdsTypeDNWithString
AdsTypeFreeAdsObjects
ConvertSidToString
LdapParsePageControl
ADSIOpenDSObject
LdapCrackUserDNtoNTLMUser2
LdapModifyS
ADsEnumClasses
ADSIAbandonSearch
LdapTypeCopyConstruct
ChangeSeparator
ADSICreateDSObject
ADsDecodeBinaryData
BuildLDAPPathFromADsPath2
LdapGetSyntaxOfAttributeOnServer
SchemaGetStringsFromStringTable
SchemaGetPropertyInfoByIndex
LdapGetNextPageS
ADSISetSearchPreference
ADsCreateAttributeDefinition
SchemaGetClassInfo
ADSICloseDSObject
SchemaClose
AdsTypeToLdapTypeCopyDNWithString
LdapTypeToAdsTypeGeneralizedTime

user32

DispatchMessageA
TranslateMessage
DefWindowProcA
GetMessageA
RegisterClassA
CreateWindowExA
EndPaint
DestroyWindow
UpdateWindow
SendMessageA
BeginPaint
ShowWindow

kernel32

SetEvent
ExitProcess
HeapFree
CreateEventA
HeapSize
SystemTimeToFileTime
CloseHandle
CreateNamedPipeA
CreateFileA
InterlockedIncrement
SetFilePointer
WaitForMultipleObjects
GetSystemTime
GetStringTypeExA
EnterCriticalSection
lstrcpynA
HeapCreate
ConnectNamedPipe
GetCurrentThreadId
VirtualFree
GetFileAttributesA
InterlockedDecrement
HeapAlloc
InterlockedExchange
GetLastError
ReadFile
lstrcatA
InitializeCriticalSectionAndSpinCount
OpenEventA
LeaveCriticalSection
DisconnectNamedPipe
VirtualAlloc
DeleteFileA
GetCurrentProcessId
WriteFile
HeapDestroy
GetFileTime

Sections

.text
Size: 729KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

865b009b6f03d1f4d9d214bef07a6a2e

Headers

DLL Characteristics

File Characteristics

Imports

adsldpc

user32

kernel32

Sections

.text Size: 729KB - Virtual size: 729KB

.data Size: 411KB - Virtual size: 411KB

.rsrc Size: 22KB - Virtual size: 3.1MB

.text
Size: 729KB - Virtual size: 729KB

.data
Size: 411KB - Virtual size: 411KB

.rsrc
Size: 22KB - Virtual size: 3.1MB