22f8adec9fbde0c77a242a0a37215636

Sharing

Copy URL Twitter E-mail

General

Target

22f8adec9fbde0c77a242a0a37215636
Size

405KB
MD5

22f8adec9fbde0c77a242a0a37215636
SHA1

8d43b173d04279be0dd3075a4592f9ba8fd6b107
SHA256

e59f85ad71f32c79b3a58626e286e2d57c4cb542684bcfab1cc01fd95cd18b28
SHA512

0b5b4ac9f5b290228097c165da538d2efe45c847bcb1d0fa421c2412bc141b29773fa4f8de5f29952ad80d28bbc29f4d9af8ad54caa07cc6328c3fed00439144
SSDEEP

6144:6ZhrAfQWmmfVQ44ASuUpWq+9UhbNwij+kFWEU9n35RMTC5dV+mC2dmi:EAW/4DSuUk2hB3HURn35RM92Qi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22f8adec9fbde0c77a242a0a37215636

Files

22f8adec9fbde0c77a242a0a37215636
.exe windows:5 windows x86 arch:x86

a4862502e921669a9124f216154a87c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ntdsapi

DsReplicaModifyW
DsUnquoteRdnValueA
DsRemoveDsServerA
DsMakeSpnW
DsAddSidHistoryA
DsQuoteRdnValueA
DsListRolesA
DsCrackNamesW
DsBindA
DsaopUnBind
DsListServersInSiteW
DsReplicaFreeInfo
DsListServersForDomainInSiteW
DsReplicaSyncAllA
DsaopBindWithCred
DsReplicaVerifyObjectsW
DsFreeSpnArrayW
DsReplicaUpdateRefsW
DsBindWithSpnA
DsCrackSpn2W
DsReplicaModifyA
DsFreePasswordCredentials
DsClientMakeSpnForTargetServerW
DsRemoveDsDomainA
DsCrackNamesA
DsReplicaVerifyObjectsA
DsFreeSpnArrayA
DsaopBindWithSpn
DsReplicaDelW
DsBindWithSpnW

avifil32

AVIStreamOpenFromFileA
AVISaveA
AVIStreamReadFormat
AVIFileGetStream
EditStreamCut
AVIStreamAddRef
EditStreamClone
AVIBuildFilterW
AVIFileInfoW
AVIFileCreateStreamA
AVISaveVA
AVIFileAddRef
AVIStreamRelease
EditStreamPaste
IID_IAVIEditStream
DllGetClassObject
AVIStreamGetFrameClose
AVIMakeCompressedStream
AVIFileCreateStream
AVIPutFileOnClipboard
IID_IAVIStream
AVIFileWriteData
IID_IAVIFile

winmm

PlaySoundA
mmioStringToFOURCCW
mmioSeek
waveOutGetErrorTextA
PlaySound
auxSetVolume
auxGetDevCapsA
waveInClose
mciSendStringW
auxGetDevCapsW
mixerGetLineControlsA
SendDriverMessage
mixerGetNumDevs
waveInGetNumDevs
midiOutGetErrorTextW
mciLoadCommandResource
midiInGetErrorTextW
CloseDriver
mixerClose
mmioSetInfo
aux32Message
midiOutReset
OpenDriver

kernel32

InterlockedExchangeAdd
HeapCreate
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
SetMessageWaitingIndicator
_lwrite
SetFirmwareEnvironmentVariableW
CreateNamedPipeW
EnumResourceTypesW
GetCurrencyFormatA
HeapSetInformation
GetModuleHandleW
VirtualAlloc
GetShortPathNameA
RtlFillMemory
GetCurrentProcessId
GetProcAddress
SetFilePointer
LoadLibraryA
GetGeoInfoA
PeekConsoleInputW
SetFileShortNameW
VerifyVersionInfoW
GetCommandLineA
SleepEx
CreateFileMappingA
lstrcmpA
FatalAppExitA
CreateDirectoryA
CreateFiberEx
HeapSummary
RegisterWaitForInputIdle

mapi32

OpenStreamOnFile
UlFromSzHex@4
DllCanUnloadNow
MNLS_WideCharToMultiByte@32
OpenTnefStream@28
OpenIMsgOnIStg@44
SzFindLastCh@8
GetTnefStreamCodepage
MAPIOpenFormMgr@8
HrIStorageFromStream@16
PRProviderInit
MNLS_lstrcmpW@8
MAPIAllocateMore@12
cmc_logon
MNLS_lstrlenW@4
FBadRow@4
__ValidateParameters@8
ScUNCFromLocalPath@12
FreeProws@4
UNKOBJ_COFree@8
MAPIOpenLocalFormContainer@4
CreateTable@36
MAPIReadMail
FBadProp@4
DeregisterIdleRoutine@4
ScMAPIXFromCMC
OpenTnefStreamEx@32

advapi32

ElfReadEventLogA
ChangeServiceConfig2A
ReadEncryptedFileRaw
AddAce
LookupSecurityDescriptorPartsA
IsTokenRestricted
CloseTrace
SetEntriesInAclW
SystemFunction010
CredEnumerateW
DuplicateEncryptionInfoFile
AccessCheckByTypeAndAuditAlarmW
SetFileSecurityW
WriteEncryptedFileRaw
CreateProcessWithLogonW
GetFileSecurityA
CredpDecodeCredential
QueryTraceA
SystemFunction012
DuplicateTokenEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4862502e921669a9124f216154a87c6

Headers

File Characteristics

Imports

ntdsapi

avifil32

winmm

kernel32

mapi32

advapi32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 151KB - Virtual size: 570KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 512B - Virtual size: 444B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 151KB - Virtual size: 570KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 512B - Virtual size: 444B