ad0d6b0107ce5a3632809541dfc3cf66 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad0d6b0107ce5a3632809541dfc3cf66
Size

1.1MB
MD5

ad0d6b0107ce5a3632809541dfc3cf66
SHA1

5157885c90604102ba7bd1da22a5967551ef3c80
SHA256

bdcc7da53b9a61243bc3ee8fd500fc5b69a38a8d212ceb13d3665b606ef22e15
SHA512

fec29a4126bfe10d7d30fb1324c127ef5bf751af7bd2a193780c982ce10ce49cc7d69dcbea5fba68bb14ca6c6fbf1e3f9e20eafb9f130c107c373117ce5e623c
SSDEEP

24576:lV+v9iaWhqXx+5NVs8wg+R1zitN5J5tz4+:C9jWEh+5rsFVkpJD4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad0d6b0107ce5a3632809541dfc3cf66

Files

ad0d6b0107ce5a3632809541dfc3cf66
.exe windows:6 windows x86 arch:x86

ff012131a2e6d09adbb563b858c12bea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetVersion
GetCurrentThreadId
CloseHandle
CreateFileA
InitializeCriticalSection
SetFilePointer
ExitProcess
ReadFile
GetProcessHeap
VirtualAlloc
LeaveCriticalSection
VirtualFree
CopyFileExA
WriteFileGather
EnterCriticalSection
WaitForSingleObject

adsldpc

ADsAbandonSearch
ADsCreateDSObjectExt
ADsDeleteClassDefinition
ConvertSidToString
ADSIAbandonSearch
BuildLDAPPathFromADsPath
ADsEncodeBinaryData
AdsTypeToLdapTypeCopyDNWithString
ADSISetSearchPreference
ADSIExecuteSearch
ConvertSidToU2Trustee
BuildADsParentPath
ADSIGetObjectAttributes
ADsDeleteDSObject
AdsTypeFreeAdsObjects
GetDefaultServer
ADsDecodeBinaryData
ADSIGetNextRow

shell32

ILFree
FreeIconList
PickIconDlg
PrintersGetCommand_RunDLL
Options_RunDLL
ILCreateFromPath
DllGetVersion
DuplicateIcon
DAD_DragEnterEx2
RestartDialog

Sections

.text
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrcs
Size: 426KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ