cb2cdc0c40229461cfc5ba3c6f012ed4

Sharing

Copy URL Twitter E-mail

General

Target

cb2cdc0c40229461cfc5ba3c6f012ed4
Size

863KB
MD5

cb2cdc0c40229461cfc5ba3c6f012ed4
SHA1

0541fc56c6cff43c1a655c4e7f4078a5de1f5be4
SHA256

332f9e86e19961270c23ab237e1d0a8599f0a7b4d853399e802bb834d577ee69
SHA512

f097b98db4aa2e24238f3c6b629f751891b4ca2bbf67e48e46aaa5340fb42fc01b1e20466fd7d41896856384dde5ec8234d9c72e63ebae187262ba037c4a7a27
SSDEEP

12288:y777ydzeSI8Yuu8gavB/iBZhaIjK4+A4VJNj2m53xJ/0xvkIJOq7l//7Y5jqT5bd:7Evx8JViBZ5p4V/9R0WrqlP5vwNbNc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb2cdc0c40229461cfc5ba3c6f012ed4

Files

cb2cdc0c40229461cfc5ba3c6f012ed4
.exe windows:5 windows x86 arch:x86

159414ac25060991ca74938fa9f8d48d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoRegisterSurrogateEx
StgGetIFillLockBytesOnFile
HACCEL_UserUnmarshal
CLIPFORMAT_UserSize
HGLOBAL_UserFree
GetHookInterface
OleCreateMenuDescriptor
OleCreateEmbeddingHelper
StgIsStorageILockBytes
CoGetComCatalog
CoUnmarshalHresult
StringFromIID
HMETAFILEPICT_UserFree
IsEqualGUID
CoTestCancel
OleBuildVersion
CoTaskMemFree
CoReleaseServerProcess
CoCreateGuid
CoAddRefServerProcess
CoGetCallerTID
OleCreateFromFile
MonikerRelativePathTo
OleCreateDefaultHandler
CoDeactivateObject
CoGetInterceptorFromTypeInfo
CoGetProcessIdentifier
OleRegEnumVerbs
ReleaseStgMedium
CoLockObjectExternal
HMETAFILE_UserFree
CoMarshalInterThreadInterfaceInStream
StgPropertyLengthAsVariant
CoDosDateTimeToFileTime
ComPs_NdrDllCanUnloadNow
OleSave
FreePropVariantArray

ntdsapi

DsFreeSpnArrayW
DsBindW
DsServerRegisterSpnA
DsListServersInSiteW
DsListInfoForServerA
DsListServersForDomainInSiteW
DsListDomainsInSiteA
DsReplicaSyncA
DsListServersInSiteA
DsInheritSecurityIdentityA
DsClientMakeSpnForTargetServerW
DsListInfoForServerW
DsBindWithCredA
DsFreeSchemaGuidMapW
DsLogEntry
DsQuoteRdnValueW
DsFreeSchemaGuidMapA
DsFreeNameResultW
DsBindWithSpnW
DsReplicaSyncAllW
DsRemoveDsDomainW
DsReplicaAddW
DsUnBindA
DsQuoteRdnValueA
DsCrackSpn3W
DsUnBindW
DsCrackNamesW
DsReplicaGetInfo2W
DsReplicaVerifyObjectsW
DsFreeNameResultA
DsFreeDomainControllerInfoW
DsServerRegisterSpnW
DsWriteAccountSpnA
DsListRolesA
DsCrackSpn2A
DsGetDomainControllerInfoW
DsReplicaVerifyObjectsA
DsCrackNamesA
DsReplicaUpdateRefsW
DsReplicaSyncAllA
DsaopUnBind

advapi32

CryptSignHashW
AccessCheckByTypeResultList
CryptSetHashParam
CreateProcessAsUserA
RegQueryInfoKeyW
GetManagedApplicationCategories
LsaOpenSecret
CreateTraceInstanceId
AllocateLocallyUniqueId
QueryTraceA
CryptVerifySignatureA
NotifyChangeEventLog
SetUserFileEncryptionKey
AccessCheckByTypeResultListAndAuditAlarmW
GetSidSubAuthorityCount
SystemFunction008
SetFileSecurityW
SetInformationCodeAuthzLevelW
SystemFunction041
WmiDevInstToInstanceNameA
LsaSetTrustedDomainInfoByName
RegUnLoadKeyA
PrivilegeCheck
SystemFunction012
AddAuditAccessAceEx
CredReadDomainCredentialsW
SaferSetPolicyInformation
ConvertStringSidToSidA
SetSecurityDescriptorOwner
CryptHashData
EncryptionDisable
ElfDeregisterEventSource
GetTraceEnableFlags
LsaQuerySecret
ElfReadEventLogW
ConvertSecurityDescriptorToAccessA
GetEventLogInformation

kernel32

BaseFlushAppcompatCache
RtlZeroMemory
LeaveCriticalSection
EnumSystemLanguageGroupsA
ActivateActCtx
GetDriveTypeW
GetUserDefaultLCID
GetConsoleCursorMode
IsBadStringPtrW
IsDebuggerPresent
CreateNamedPipeW
EnumTimeFormatsW
GetCommandLineA
SetLastConsoleEventActive
WriteProfileSectionA
BuildCommDCBAndTimeoutsW
SetConsolePalette
ScrollConsoleScreenBufferA
IsProcessInJob
EndUpdateResourceW
LoadLibraryA
GetCurrentDirectoryW
CreateFileW
SetThreadUILanguage
IsValidCodePage
GetConsoleFontSize
OpenWaitableTimerW
lstrcpyW
VirtualAlloc
CreateMutexW
lstrlenW
VerLanguageNameA
InterlockedDecrement
GlobalDeleteAtom
IsValidLocale
GetThreadTimes
GetConsoleDisplayMode
WTSGetActiveConsoleSessionId
RemoveLocalAlternateComputerNameW
GetSystemDefaultLCID
SystemTimeToTzSpecificLocalTime
HeapReAlloc
EnterCriticalSection
_lread
InterlockedExchangeAdd
GetNumberFormatW
GetOEMCP
AddConsoleAliasW
SetThreadIdealProcessor

imagehlp

SymInitialize
UnDecorateSymbolName
SymEnumerateModules64
UnmapDebugInformation
SymUnDName64
SymGetLineNext
SymGetSymPrev
MapFileAndCheckSumA
SymGetOptions
RemovePrivateCvSymbolic
GetImageConfigInformation
SymEnumerateSymbols
SymGetLinePrev
FindExecutableImage
SymGetSymNext64
SymGetModuleInfo
SymGetSymFromName64
ImageLoad
ImagehlpApiVersionEx
EnumerateLoadedModules64
ImageEnumerateCertificates
SymSetContext
SymSetOptions
SymLoadModule
SymEnumTypes
SearchTreeForFile
SymEnumerateModules
SymGetLineFromName
SymEnumSym
SymEnumerateSymbols64
FindExecutableImageEx
MapDebugInformation
EnumerateLoadedModules
FindFileInPath
SymGetSymFromAddr
ImageRvaToSection
SymGetLineFromName64
MapAndLoad
FindDebugInfoFile
ReBaseImage
UpdateDebugInfoFile
RemovePrivateCvSymbolicEx
SymRegisterCallback64

lz32

GetExpandedNameA
LZCreateFileW
CopyLZFile
LZStart
LZClose
LZInit
LZOpenFileA
LZSeek
LZRead
LZCloseFile
LZCopy
LZDone
LZOpenFileW

jscript

DllGetClassObject

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 461KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

159414ac25060991ca74938fa9f8d48d

Headers

DLL Characteristics

File Characteristics

Imports

ole32

ntdsapi

advapi32

kernel32

imagehlp

lz32

jscript

Sections

.text Size: 184KB - Virtual size: 184KB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 461KB - Virtual size: 1.9MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 184KB - Virtual size: 184KB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 461KB - Virtual size: 1.9MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB