06a29cb992fdd4c6bdf807df43a974ed

Sharing

Copy URL Twitter E-mail

General

Target

06a29cb992fdd4c6bdf807df43a974ed
Size

174KB
MD5

06a29cb992fdd4c6bdf807df43a974ed
SHA1

0f88c0cd3c3e82695f8086b020db7b065e44d32f
SHA256

2ac7885d6b3c555f74fffab866bf354e8b633789d15a6cd146dad376272a3783
SHA512

a7e4902c0619b67cc71f1d17659873a9eea1eebeffb56e60466e574822f497f2f6b361726be0fcdcf3beaea5068033fe4e125afe38cabaeae3f8279fb934f4a4
SSDEEP

3072:ehMgM3BcuxyMbisAqczF1HaCUxZeHb+nC3+fqYvBtsvJyQBDodCrWcNp2YHoP:ePuxyMbisencxZeHb+nCOfqYAvFB0dgQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06a29cb992fdd4c6bdf807df43a974ed

Files

06a29cb992fdd4c6bdf807df43a974ed
.exe windows:5 windows x86 arch:x86

73a35ae57ddeed7e5d26cbf8501fefd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsBindW
DsCrackSpn3W
DsCrackNamesW
DsFreeNameResultW
DsUnBindW
DsIsMangledDnW

shlwapi

PathIsUNCServerShareW
PathAppendW

dsprop

ADsPropCreateNotifyObj
ADsPropSetHwnd
ADsPropGetInitInfo
ADsPropShowErrorDialog
ADsPropSendErrorMessage
ADsPropSetHwndWithTitle
FindSheet

cryptui

CryptUIDlgSelectCertificateW
CryptUIDlgViewCertificateW

kernel32

GetLastError
VirtualAlloc

ntdll

RtlSubAuthorityCountSid
RtlInitUnicodeString
RtlNtStatusToDosError
RtlSubAuthoritySid
NtQuerySystemTime
RtlIdentifierAuthoritySid

version

GetFileVersionInfoW

apphelp

SetPermLayers

shell32

SHGetFolderPathW

crypt32

CertCloseStore
CryptFindOIDInfo
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertFindCertificateInStore
CertAddCertificateContextToStore
CertDuplicateStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertSaveStore
CryptDecodeObject
CertEnumSystemStore
CertControlStore
CertGetNameStringW
CertOpenStore
CryptQueryObject
CertDeleteCertificateFromStore

gdi32

SetTextColor
SetBkColor
GetDeviceCaps
GetTextExtentPoint32W
CreateFontIndirectW
DeleteObject
CreateBitmap
CreatePatternBrush

user32

RegisterWindowMessageW
SetFocus
GetWindowThreadProcessId
SendMessageW
SetScrollRange
DefWindowProcW
IsWindowEnabled
GetDlgCtrlID
LoadStringW
GetWindowRect
GetParent
GetSystemMetrics
MoveWindow
DestroyWindow
SetWindowLongW
CheckDlgButton
MessageBeep
SetWindowPos
GetDC
SetWindowContextHelpId
SetDlgItemTextW
SetForegroundWindow
ScreenToClient
DialogBoxParamW
EnableWindow
GetSysColorBrush
PostMessageW
CheckRadioButton
MessageBoxW
SendDlgItemMessageW
wsprintfW
SetScrollPos
GetWindow
EndPaint
RegisterClipboardFormatW
BeginPaint
SetCursor
MapDialogRect
OffsetRect
MessageBoxA
FindWindowExW
MapWindowPoints
InflateRect
GetDesktopWindow
EndDialog
GetWindowTextW
ShowWindow
DestroyIcon
CreateWindowExW
SystemParametersInfoW
RegisterClassW
LoadCursorW
GetDlgItemTextW
FrameRect
SetWindowTextW
SetScrollInfo
IsDlgButtonChecked
IsWindow
DrawIcon
GetWindowTextLengthW
GetWindowLongW
LoadIconW
CallWindowProcW
GetScrollInfo
DrawFocusRect
WinHelpW
ScrollWindow
ReleaseDC
GetSysColor
GetClientRect
UpdateWindow
LoadBitmapW
GetDlgItem

ole32

CoCreateInstance
StringFromIID
CoGetApartmentID
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
ReleaseStgMedium
StringFromCLSID
CoGetInterfaceAndReleaseStream

dnsapi

DnsNameCompareEx_W

advapi32

RegQueryValueExW
LsaQueryTrustedDomainInfoByName
LsaClose
LsaDelete
LsaLookupSids
LsaOpenTrustedDomain
AllocateAndInitializeSid
LsaQueryForestTrustInformation
InitializeSecurityDescriptor
RevertToSelf
LsaFreeMemory
LsaCreateTrustedDomainEx
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
RegCloseKey
LsaOpenTrustedDomainByName
LsaOpenPolicy
GetLengthSid
LsaRetrievePrivateData
IsValidSid
CryptReleaseContext
SystemFunction041
RegCreateKeyExW
CryptAcquireContextW
RegOpenKeyExW
OpenServiceW
GetSidSubAuthorityCount
MakeSelfRelativeSD
RegSetValueExW
CryptGenRandom
LsaNtStatusToWinError
GetSecurityDescriptorDacl
EqualSid
SetNamedSecurityInfoW
SetEntriesInAclW
OpenSCManagerW
LogonUserW
BuildTrusteeWithSidW
EqualPrefixSid
GetNamedSecurityInfoW
GetSecurityDescriptorLength
InitializeAcl
BuildTrusteeWithObjectsAndSidW
GetSidIdentifierAuthority
RegDeleteKeyW
LsaSetTrustedDomainInfoByName
GetSidSubAuthority
LsaQueryTrustedDomainInfo
LsaQueryInformationPolicy
GetSidLengthRequired
LsaSetForestTrustInformation
QueryServiceStatus
GetSecurityDescriptorControl
CloseServiceHandle
SystemFunction040
FreeSid
GetExplicitEntriesFromAclW

credui

CredUIInitControls
CredUIParseUserNameW

Sections

.text
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73a35ae57ddeed7e5d26cbf8501fefd6

Headers

DLL Characteristics

File Characteristics

Imports

ntdsapi

shlwapi

dsprop

cryptui

kernel32

ntdll

version

apphelp

shell32

crypt32

gdi32

user32

ole32

dnsapi

advapi32

credui

Sections

.text Size: 512B - Virtual size: 400B

.rsrc Size: 78KB - Virtual size: 78KB

.idata Size: 6KB - Virtual size: 5KB

.rdata Size: 12KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 28B

.data Size: 75KB - Virtual size: 848KB

.text
Size: 512B - Virtual size: 400B

.rsrc
Size: 78KB - Virtual size: 78KB

.idata
Size: 6KB - Virtual size: 5KB

.rdata
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 28B

.data
Size: 75KB - Virtual size: 848KB