f7bbcc1504198225a258aaba09e34def

Sharing

Copy URL Twitter E-mail

General

Target

f7bbcc1504198225a258aaba09e34def
Size

47KB
MD5

f7bbcc1504198225a258aaba09e34def
SHA1

78b04f27c7bfb00fa923c4c710298f41920a4df1
SHA256

33d04b48320d520c12f840820903a6a4e9f60a337f17a50c34f74a07c4f200b4
SHA512

c54f4ab3e4fc787fbf878cc8804b7c1dbb6ad0de7eafb126884b90671e91bcf28cc001b106f5cb273f2abe73ea0e54f40ce1de1773ff1b57d0bd691143de68ed
SSDEEP

768:CszrTW4tN2abm8LD4kYCnGqkOdetIPal1eLOp16y6miE6XU8fU9dB:vrTxb35kOdgCCgRmiE6XUYSdB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7bbcc1504198225a258aaba09e34def

Files

f7bbcc1504198225a258aaba09e34def
.exe windows:5 windows x86 arch:x86

d4c3caee018f6701adb1d0a915566579

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

adsldpc

SchemaIsClassAContainer
LdapSearchAbandonPage
ADSICloseDSObject
ADsExecuteSearch
BuildLDAPPathFromADsPath
ADSIDeleteDSObject
LdapTypeBinaryToString
ChangeSeparator
ADsDecodeBinaryData
SchemaGetPropertyInfoByIndex
AdsTypeToLdapTypeCopyConstruct
ADsSetSearchPreference
ADSICloseSearchHandle
LdapInitializeSearchPreferences
LdapReadAttribute2
SchemaGetSyntaxOfAttribute
ADsWriteClassDefinition
Component
SchemaGetStringsFromStringTable
??1CLexer@@QAE@XZ
LdapParsePageControl
SchemaGetClassInfoByIndex
ADSIFreeColumn
LdapDeleteS
FindSearchTableIndex
ADsDeleteAttributeDefinition
ADsDeleteDSObject
ADsGetObjectAttributes
LdapNextAttribute
ReadPagingSupportedAttr
FreeObjectInfo

ntmarta

AccProvIsAccessAudited
AccProvGrantAccessRights
AccProvHandleGrantAccessRights
AccProvHandleGetAccessInfoPerObjectType
AccSetEntriesInAList
AccProvHandleRevokeAccessRights
AccProvRevokeAuditRights
AccConvertAccessToSD
AccConvertAccessToSecurityDescriptor
AccGetExplicitEntries
EventNameFree
AccLookupAccountName
AccRewriteGetExplicitEntriesFromAcl
EventGuidToName
AccConvertSDToAccess
AccProvIsObjectAccessible
AccProvGetAccessInfoPerObjectType
AccRewriteGetHandleRights
AccProvHandleIsAccessAudited
AccProvGetOperationResults
AccProvSetAccessRights
AccLookupAccountTrustee
AccProvHandleGetTrusteesAccess
AccRewriteSetNamedRights
AccProvGetTrusteesAccess
AccLookupAccountSid

ieakeng

IsFavoriteItem
CanDeleteADM
ModifyAuthCode
MoveADMWindow
BToolbar_Remove
DestroyADMWindow
GetAdmWindowHandle
DoReboot
NewFolder
ErrorMessageBox
SaveADMItem
ModifyRatings
GetFavoritesMaxNumber
DisplayADMItem
GetFavoritesNumber
MoveDownFavorite
MoveUpFavorite
ShowInetcpl
CheckForDupKeys
ModifyZones
BToolbar_Edit
ProcessFavSelChange
BuildPalette
ShowADMWindow
CreateADMWindow
CheckField
SelectADMItem

kernel32

WaitNamedPipeW
GetSystemTimeAsFileTime
PulseEvent
LocalFree
BackupRead
IsBadStringPtrA
SetNamedPipeHandleState
_lwrite
GetBinaryType
CloseProfileUserMapping
GlobalFindAtomW
FindActCtxSectionStringW
MapUserPhysicalPages
CreateFileW
SetProcessWorkingSetSize
HeapFree
GetStringTypeW
TransmitCommChar
GetStdHandle
LoadLibraryA
GetUserDefaultUILanguage
GlobalAddAtomW
GetShortPathNameA
EndUpdateResourceA
GetSystemDefaultUILanguage
InitAtomTable
SetLastConsoleEventActive
GetProcessPriorityBoost
VirtualAlloc
RtlFillMemory
SetErrorMode
DebugSetProcessKillOnExit
EnumUILanguagesA
InitializeCriticalSection
ExitProcess

inseng

PurgeDownloadDirectory
DownloadFile
GetICifFileFromFile
GetICifRWFileFromFile
CheckForVersionConflict
CheckTrustEx
CheckTrust

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4c3caee018f6701adb1d0a915566579

Headers

DLL Characteristics

File Characteristics

Imports

adsldpc

ntmarta

ieakeng

kernel32

inseng

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 6KB