d72858386c4b1998b390c09ff2802446

General

Target

d72858386c4b1998b390c09ff2802446
Size

1.1MB
MD5

d72858386c4b1998b390c09ff2802446
SHA1

b7100c97700cce0050fb1dee55a91822018f984c
SHA256

9423ecbd0e2a75f25dfcf53436167a7db14c2c88f769ee2877902e215abb8e33
SHA512

c42dcb5b3852a7fd8dc4de05e16af62448748ab2f9ba3046bc536041a855db935be46e35ea8da96d4158fc763d9066d559e7e65806fe64ace743a37807aed9a5
SSDEEP

24576:4ubb74IPFIjosWtx6YzsD2TfNwHV4RjOmRf/fiCOYOBiVy:4qIItJTfuV4RjOEyDYQiVy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d72858386c4b1998b390c09ff2802446

Files

d72858386c4b1998b390c09ff2802446
.exe windows:3 windows x86 arch:x86

3e2a4513550a4a69f87373add51f59eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advpack

TranslateInfString
IsNTAdmin
RebootCheckOnInstall
GetVersionFromFile
RegSaveRestoreOnINF
NeedRebootInit
DelNodeRunDLL32

adsldpc

FreeADsStr
ADsDeleteClassDefinition
GetDisplayName
FindEntryInSearchTable
ADsCreateClassDefinition
ADSICloseSearchHandle
ADSIExecuteSearch
BuildLDAPPathFromADsPath
ADsGetLastError
AdsTypeToLdapTypeCopyGeneralizedTime
ADSICreateDSObject
ADsObject
ADsGetColumn
BuildLDAPPathFromADsPath2

kernel32

InitializeSListHead
InterlockedDecrement
GetSystemTimes
DeleteFileA
HeapAlloc
GetProcessHeap
VirtualAlloc
InterlockedCompareExchange
HeapReAlloc
HeapFree
InterlockedPushEntrySList
ExitProcess
WaitForMultipleObjects
GetLocalTime
VirtualFree
InterlockedIncrement
CloseHandle
DosDateTimeToFileTime
InterlockedExchange
InterlockedCompareExchange
GetSystemInfo

odbc32

VFreeErrors
SQLSetPos
SQLSetConnectOption
SQLConnectA
SQLSetConnectAttrA
SQLCloseCursor
SQLGetConnectAttrA
SQLProcedureColumns
SQLSetParam
SQLNativeSqlA
SQLSetConnectAttr
SQLFreeHandle
SQLTablePrivileges
SQLEndTran
SQLGetCursorNameA
SQLGetFunctions
SQLRowCount
SQLSetCursorNameA
CursorLibLockDbc
VRetrieveDriverErrorsRowCol
SQLStatisticsA
SQLGetConnectOptionA
SQLBindParameter
SQLCopyDesc
CursorLibTransact
SQLGetDescField
SQLExtendedFetch
SQLSetEnvAttr
SQLSetStmtAttr
SQLColAttribute
SQLSpecialColumnsA
SQLError
SQLSetDescRec
SQLSetStmtOption

Sections

.text
Size: 668KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 313KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e2a4513550a4a69f87373add51f59eb

Headers

DLL Characteristics

File Characteristics

Imports

advpack

adsldpc

kernel32

odbc32

Sections

.text Size: 668KB - Virtual size: 668KB

.data Size: 147KB - Virtual size: 146KB

.rsrc Size: 313KB - Virtual size: 3.4MB

.text
Size: 668KB - Virtual size: 668KB

.data
Size: 147KB - Virtual size: 146KB

.rsrc
Size: 313KB - Virtual size: 3.4MB