59c9ff11f83abb08f45803ed6bb3e14c

Sharing

Copy URL Twitter E-mail

General

Target

59c9ff11f83abb08f45803ed6bb3e14c
Size

134KB
MD5

59c9ff11f83abb08f45803ed6bb3e14c
SHA1

a9e550bfc2bb1527d272d18912ace0d3e21347a0
SHA256

fe7ad9ba6eebbd14ed3c490c9f55783102b127ea2414a9e7267a1dcb77feda8e
SHA512

1db9c906385e8948faf6d09313b1abd84270865c33b3917bf30a1b440a4737ede73ce038404617a527e66a54eef77941f86b227b82dd4b93752808bd622b0859
SSDEEP

3072:7dsYt90jnI8WxQWvkFBJ4xGlBLD/9iqS/rN6He1AuYeFTnBS:7d1D0XWMV4sBLp5SjNse1AuYe9n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59c9ff11f83abb08f45803ed6bb3e14c

Files

59c9ff11f83abb08f45803ed6bb3e14c
.exe windows:5 windows x86 arch:x86

106c195d980f77544aabce816fa0b838

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlsrv32

SQLCancel
SQLGetData
BCP_sendrow
SQLGetInfoW
SQLPrepareW
ConfigDriverW
SQLMoreResults
SQLSpecialColumnsW
SQLStatisticsW
BCP_bind
SQLNumResultCols
SQLTablePrivilegesW
SQLAllocHandle
SQLForeignKeysW
SQLSetConnectAttrW
SQLSetEnvAttr
SQLSetCursorNameW
BCP_colptr
SQLGetDiagRecW
SQLGetDescRecW
ConnectDlgProc
LibMain
BCP_control
SQLEndTran
BCP_moretext
SQLPutData
SQLSetPos
SQLNumParams
SQLNativeSqlW
SQLTablesW
SQLGetDiagFieldW
SQLBulkOperations
FinishDlgProc
SQLDescribeParam
SQLExecDirectW
SQLColAttributeW
WizDatabaseDlgProc
SQLCopyDesc
SQLGetConnectAttrW
BCP_collen
SQLSetDescFieldW
SQLPrimaryKeysW
SQLSetConnectOptionW
SQLDescribeColW
SQLSetScrollOptions

winscard

SCardForgetCardTypeA
SCardLocateCardsByATRA
SCardAddReaderToGroupA
SCardSetCardTypeProviderNameA
SCardIntroduceReaderW
SCardListReadersA
SCardGetAttrib
SCardForgetReaderGroupA
SCardAccessNewReaderEvent
g_rgSCardT0Pci
SCardGetStatusChangeA
SCardTransmit
SCardListReaderGroupsA
SCardGetCardTypeProviderNameW
SCardIntroduceReaderA
SCardRemoveReaderFromGroupW
SCardFreeMemory
SCardEndTransaction
SCardIntroduceCardTypeA
SCardLocateCardsA
SCardConnectA
SCardLocateCardsW
SCardForgetReaderGroupW
SCardListReaderGroupsW
g_rgSCardT1Pci
SCardReconnect
SCardGetCardTypeProviderNameA
SCardIntroduceReaderGroupW
g_rgSCardRawPci
SCardForgetReaderW
ClassInstall32
SCardForgetCardTypeW
SCardRemoveReaderFromGroupA
SCardConnectW
SCardAccessStartedEvent

wldap32

ldap_err2stringA
ldap_search_sA
ldap_start_tls_sA
ldap_delete_ext_sA
ldap_stop_tls_s
ldap_modify_ext_s
ldap_get_values_lenA
ldap_parse_sort_controlA
ldap_search_stA
ldap_search_extW
ldap_controls_freeW
ldap_explode_dn
ber_peek_tag
ldap_simple_bind
ldap_value_free_len
ldap_parse_page_control
ldap_bind
LdapUTF8ToUnicode
ldap_conn_from_msg
ldap_create_page_controlA
ldap_count_values
ldap_deleteA
ldap_search_ext_sW
ldap_init
ldap_search_init_pageA
ldap_sslinit
LdapGetLastError
ldap_parse_referenceW
ldap_delete
ldap_modify_sW
ldap_search_sW
ldap_search_extA
ldap_create_vlv_controlA
ldap_next_attributeW
ldap_rename_extA
cldap_openA
ldap_set_optionW

kernel32

LZCloseFile
GetMailslotInfo
GetACP
IsBadWritePtr
WaitNamedPipeW
SetCriticalSectionSpinCount
InvalidateConsoleDIBits
DebugActiveProcessStop
EnumCalendarInfoA
SetThreadExecutionState
LoadLibraryA
VerLanguageNameW
HeapCreate
GetSystemDirectoryA
CancelTimerQueueTimer
GetDevicePowerState
GetTickCount
DeleteFileA
DuplicateConsoleHandle
SetCommMask
GlobalAddAtomA
WriteConsoleOutputA
LocalAlloc
OpenFile
GetNumaNodeProcessorMask
GetStartupInfoW
GlobalAlloc
VirtualAlloc
SearchPathA
ConvertDefaultLocale
SetUnhandledExceptionFilter
GetCurrencyFormatW
InitializeSListHead
Heap32ListNext
SetProcessPriorityBoost

crypt32

CryptBinaryToStringW
CryptMsgVerifyCountersignatureEncoded
CryptSignAndEncodeCertificate
I_CryptGetAsn1Decoder
CryptMsgOpenToDecode
CryptImportPKCS8
CryptInitOIDFunctionSet
CertOpenSystemStoreW
I_CryptTouchLruEntry
CertEnumSystemStoreLocation
CertSetCTLContextProperty
CertIsRDNAttrsInCertificateName
CertFindSubjectInSortedCTL
CryptBinaryToStringA
CertFindCertificateInStore
CertEnumPhysicalStore
CertGetEnhancedKeyUsage
CryptDecryptMessage
CertNameToStrW
RegEnumValueU
RegQueryInfoKeyU
CertVerifyRevocation
CryptStringToBinaryA
CryptMsgDuplicate
CertFindCertificateInCRL
CertDuplicateCertificateChain
CryptExportPKCS8

adsldpc

BuildADsParentPathFromObjectInfo2
?SetFSlashDisabler@CLexer@@QAEXH@Z
ADsCreateDSObject
LdapcSetStickyServer
IsGCNamespace
AllocADsMem
LdapAddExtS
ReallocADsStr
UnMarshallLDAPToLDAPSynID
ADsExecuteSearch
BuildLDAPPathFromADsPath2
LdapSearchAbandonPage
LdapParseResult
LdapSearch
ConvertSidToU2Trustee
SchemaGetClassInfoByIndex
ADSIGetFirstRow
LdapTypeToAdsTypeDNWithBinary
SchemaGetPropertyInfoByIndex
ReadPagingSupportedAttr
FreeADsMem
SchemaGetPropertyInfo
SchemaGetClassInfo
ADsObject
?SetExclaimnationDisabler@CLexer@@QAEXH@Z
ADsGetColumn
ADsAbandonSearch
LdapGetSubSchemaSubEntryPath
LdapCloseObject
LdapGetDn
ADsSetSearchPreference
ChangeSeparator
SchemaClose
GetDisplayName
LdapSearchExtS
ADsHelperGetCurrentRowMessage

shlwapi

PathUnExpandEnvStringsA
SHOpenRegStream2A
PathStripToRootW
SHDeleteOrphanKeyA
SHRegEnumUSKeyW
UrlCanonicalizeW
PathCreateFromUrlA
SHRegDeleteEmptyUSKeyA
StrNCatW
PathFindSuffixArrayA
SHOpenRegStream2W
SHRegCreateUSKeyW
SHDeleteValueW
StrChrNW
PathCommonPrefixA
UrlCombineA
StrCmpIW
UrlGetPartA
PathIsSystemFolderA
PathCompactPathA
StrPBrkW
StrCmpNIA
PathFileExistsW
PathCombineA
StrIsIntlEqualW
SHDeleteKeyA
PathUnquoteSpacesA
StrRetToBSTR
SHRegSetPathA
PathRemoveExtensionW
DllGetVersion
SHRegGetPathA
PathFileExistsA
PathCombineW
UrlIsA
StrRetToBufA
UrlApplySchemeW

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

106c195d980f77544aabce816fa0b838

Headers

DLL Characteristics

File Characteristics

Imports

sqlsrv32

winscard

wldap32

kernel32

crypt32

adsldpc

shlwapi

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 18KB - Virtual size: 168KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 184B

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 18KB - Virtual size: 168KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 184B