8b32bf0e9547d8ffbc375902498226e9

Sharing

Copy URL Twitter E-mail

General

Target

8b32bf0e9547d8ffbc375902498226e9
Size

28KB
MD5

8b32bf0e9547d8ffbc375902498226e9
SHA1

e7442bacf6ece0ca5aa3539cf4230a5c2da6eafe
SHA256

12a1e281bf737d97ef912aa30915ccd84cb5eabf7aa76e1a9843a3373b887cc6
SHA512

201b80a2b14a06ff623d88ebde7b82a4e8e67708cb24b7bb7b3b37f043f5c797112b8765e2a02e87e991a5f353761ad20efb87b1c2296c35c050b570e5ca2ade
SSDEEP

384:hDWFqK1E8FSPiF7BxTWlvxwb4JdcQjUa0JdWm6C0RFwdYz16iXGF5bpvfST+A:hr6SW7svxwbFQAdItRFwFe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b32bf0e9547d8ffbc375902498226e9

Files

8b32bf0e9547d8ffbc375902498226e9
.exe windows:5 windows x86 arch:x86

286a54e0981fd25da4e95300ef14dbd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cabview

DllGetClassObject

dsprop

ADsPropSetHwndWithTitle
ADsPropGetInitInfo
FindSheet
ADsPropShowErrorDialog
ADsPropSendErrorMessage
ADsPropCreateNotifyObj
ADsPropSetHwnd

ntdsapi

DsCrackNamesW
DsBindW
DsUnBindW
DsFreeNameResultW
DsIsMangledDnW
DsCrackSpn3W

user32

RegisterClipboardFormatW
GetScrollInfo
GetSystemMetrics
SystemParametersInfoW
BeginPaint
IsWindow
DrawFocusRect
SetDlgItemTextW
CallWindowProcW
SetCursor
GetDC
MessageBoxW
GetWindowRect
GetDlgCtrlID
SetFocus
LoadCursorW
wsprintfW
ScrollWindow
SetWindowTextW
IsDlgButtonChecked
MessageBeep
DialogBoxParamW
SetWindowPos
MoveWindow
GetDlgItem
GetDlgItemTextW
CheckDlgButton
PostMessageW
DestroyIcon
FindWindowExW
ShowWindow
ScreenToClient
SetWindowLongW
LoadStringW
DestroyWindow
OffsetRect
GetDesktopWindow
GetWindowTextW
MapWindowPoints
LoadBitmapW
RegisterClassW
GetWindowTextLengthW
RegisterWindowMessageW
SetScrollRange
GetWindowThreadProcessId
ReleaseDC
MapDialogRect
SetForegroundWindow
GetWindow
EnableWindow
SetScrollInfo
GetSysColor
GetClientRect
GetWindowLongW
SetWindowContextHelpId
MessageBoxA
SendDlgItemMessageW
WinHelpW
EndDialog
GetParent
InflateRect
IsWindowEnabled
CreateWindowExW
EndPaint
DrawIcon
LoadIconW
DefWindowProcW
SendMessageW
UpdateWindow
CheckRadioButton
GetSysColorBrush
FrameRect
SetScrollPos

netapi32

DsEnumerateDomainTrustsW
DsGetDcNameW
NetpNtStatusToApiStatus
NetUserModalsGet
I_NetPathType
I_NetLogonControl2
NetpParmsQueryUserProperty
NetpParmsUserPropertyFree
NetpParmsSetUserProperty
DsGetForestTrustInformationW
NetApiBufferFree
DsMergeForestTrustInformationW

shlwapi

PathIsUNCServerShareW
PathAppendW

crypt32

CryptFindOIDInfo
CertDuplicateCertificateContext
CertSaveStore
CertControlStore
CertFindCertificateInStore
CertFreeCertificateContext
CertEnumSystemStore
CertOpenStore
CertDeleteCertificateFromStore
CertDuplicateStore
CertGetCertificateContextProperty
CertCloseStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CryptQueryObject
CertGetNameStringW
CryptDecodeObject

cryptui

CryptUIDlgViewCertificateW
CryptUIDlgSelectCertificateW

dnsapi

DnsNameCompareEx_W

shell32

SHGetFolderPathW

msvcrt

printf
_vsnwprintf
iswdigit
memmove
vswprintf
time
__CxxFrameHandler
wcspbrk
wcsstr
wcsncat
rand
_wtol
_onexit
wcschr
iswxdigit
_except_handler3
_initterm
_wcsupr
__dllonexit
wcslen
wcstoul
wcscpy
iswspace
malloc
free
swprintf
_purecall
srand
wcstok
mbstowcs
strchr
_wcsnicmp
_adjust_fdiv
_wcsicmp
wcsncpy
swscanf
wcscmp
wcscat
isalnum
wcsrchr
_wtoi
isdigit

ole32

CoTaskMemFree
StringFromIID
CoMarshalInterThreadInterfaceInStream
ReleaseStgMedium
CoTaskMemAlloc
CoGetInterfaceAndReleaseStream
StringFromCLSID
CoCreateInstance

ntdll

RtlSubAuthorityCountSid
RtlNtStatusToDosError
RtlInitUnicodeString
RtlIdentifierAuthoritySid
RtlSubAuthoritySid
NtQuerySystemTime

cmdial32

AutoDialFunc

clb

ClbAddData

advapi32

LsaOpenTrustedDomainByName
SetNamedSecurityInfoW
CryptReleaseContext
LsaLookupSids
CryptGenRandom
LsaQueryTrustedDomainInfoByName
LsaQueryForestTrustInformation
GetSidLengthRequired
GetExplicitEntriesFromAclW
LsaSetForestTrustInformation
RegCreateKeyExW
MakeSelfRelativeSD
LsaDelete
RegSetValueExW
GetSecurityDescriptorControl
EqualSid
LsaCreateTrustedDomainEx
GetSecurityDescriptorDacl
LsaOpenPolicy
RegDeleteKeyW
LsaNtStatusToWinError
ImpersonateAnonymousToken
InitializeSecurityDescriptor
QueryServiceStatus
GetNamedSecurityInfoW
EqualPrefixSid
GetSecurityDescriptorLength
OpenServiceW
GetSidSubAuthority
RegOpenKeyExW
CloseServiceHandle
InitializeAcl
FreeSid
BuildTrusteeWithSidW
LsaRetrievePrivateData
LsaQueryInformationPolicy
LsaClose
RevertToSelf
RegCloseKey
LsaOpenTrustedDomain
LsaFreeMemory
SystemFunction041
AllocateAndInitializeSid
LsaSetTrustedDomainInfoByName
OpenSCManagerW
LsaQueryTrustedDomainInfo
SetEntriesInAclW
IsValidSid
GetLengthSid
CryptAcquireContextW
BuildTrusteeWithObjectsAndSidW
GetSidSubAuthorityCount
ImpersonateLoggedOnUser
GetSidIdentifierAuthority
LogonUserW
RegQueryValueExW
SystemFunction040

credui

CredUIInitControls
CredUIParseUserNameW

gdi32

SetTextColor
CreateBitmap
DeleteObject
CreatePatternBrush
GetTextExtentPoint32W
CreateFontIndirectW
GetDeviceCaps
SetBkColor

kernel32

CreateFileW
WideCharToMultiByte
Sleep
WriteFile
GetFileSize
SystemTimeToFileTime
GetModuleHandleW
IsBadWritePtr
InterlockedIncrement
FreeLibrary
InterlockedDecrement
GetCurrentProcessId
GlobalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DnsHostnameToComputerNameW
OpenThread
TerminateProcess
SystemTimeToTzSpecificLocalTime
GetTickCount
GetSystemDirectoryW
LoadLibraryExW
LoadLibraryW
GetProcAddress
ReadFile
SetLastError
GetLastError
LocalAlloc
GetModuleFileNameW
QueryPerformanceCounter
CloseHandle
lstrcmpiW
lstrcpynW
GlobalLock
lstrlenW
lstrcpyW
GetCurrentThreadId
GetWindowsDirectoryW
IsBadReadPtr
GetDateFormatW
DisableThreadLibraryCalls
lstrcmpW
lstrlenA
GetCurrentProcess
GetSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
TzSpecificLocalTimeToSystemTime
LocalFree
VirtualAlloc
GlobalUnlock
CreateDirectoryW
GetTimeFormatW
MultiByteToWideChar
FormatMessageW

Sections

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

286a54e0981fd25da4e95300ef14dbd1

Headers

DLL Characteristics

File Characteristics

Imports

cabview

dsprop

ntdsapi

user32

netapi32

shlwapi

crypt32

cryptui

dnsapi

shell32

msvcrt

ole32

ntdll

cmdial32

clb

advapi32

credui

gdi32

kernel32

Sections

.text Size: 512B - Virtual size: 420B

.rsrc Size: 12KB - Virtual size: 11KB

.idata Size: 9KB - Virtual size: 9KB

.data Size: - Virtual size: 80KB

.rdata Size: 5KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 420B

.rsrc
Size: 12KB - Virtual size: 11KB

.idata
Size: 9KB - Virtual size: 9KB

.data
Size: - Virtual size: 80KB

.rdata
Size: 5KB - Virtual size: 4KB