e1e4a2a257a1ca00dcf86ab60b8e585d

Sharing

Copy URL Twitter E-mail

General

Target

e1e4a2a257a1ca00dcf86ab60b8e585d
Size

1.1MB
MD5

e1e4a2a257a1ca00dcf86ab60b8e585d
SHA1

5d0a46f496b506c2162f94dee8059f1ebca085a2
SHA256

77e88fb05ca314ba350578ce8cc69e79417e2f478173c6d0cc5e1b99e8bdb076
SHA512

c6b5ec633dfeb48371f98b9ae5dc28de678f83e720e0f509157d58049c38b9adb7624ca5af043fa32ffd7ec6a6ff456406e539cc1502d0e92fdf0cf7286772ed
SSDEEP

24576:b9KCdVjn1Kg9omKaMZ1GZo/4rk7bnfjbitD/N0w6:brd7omiUIbY/eT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1e4a2a257a1ca00dcf86ab60b8e585d

Files

e1e4a2a257a1ca00dcf86ab60b8e585d
.exe windows:9 windows x86 arch:x86

ef3ccd604f3d8fb7aad67785e43164ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

SendMessageA
RegisterClassA
TranslateMessage
EndPaint
DispatchMessageA
DestroyWindow
GetMessageA
UpdateWindow
CreateWindowExA
BeginPaint
DefWindowProcA
ShowWindow

adsldpc

AdsTypeToLdapTypeCopyDNWithBinary
LdapAddS
SchemaGetObjectCount
LdapTypeToAdsTypeCopyConstruct
LdapAttributeFree
LdapSearchST
SchemaGetSyntaxOfAttribute
LdapParseResult
BuildADsParentPathFromObjectInfo
InitObjectInfo
LdapGetSyntaxOfAttributeOnServer
LdapSearchS
LdapMsgFree
ADsGetFirstRow
BuildLDAPPathFromADsPath2
ADsDeleteDSObject
ADsAbandonSearch
ADSIGetNextColumnName
ADsWriteAttributeDefinition
SchemaGetPropertyInfo
LdapGetValuesLen
SchemaAddRef
LdapCountEntries
LdapMakeSchemaCacheObsolete
SchemaClose
ReadPagingSupportedAttr
LdapResult
IsGCNamespace
LdapNextAttribute
AdsTypeFreeAdsObjects
ADSIGetPreviousRow
LdapReadAttributeFast
LdapcSetStickyServer
LdapMemFree
LdapFirstEntry
BerBvFree
SchemaIsClassAContainer
FreeObjectInfo
ADSIGetObjectAttributes
LdapGetSubSchemaSubEntryPath
GetSyntaxOfAttribute
ConvertSidToString

kernel32

GetLastError
CloseHandle
DeleteFileA
VirtualAlloc
lstrcatA
ReadFile
VirtualFree
WaitForMultipleObjects
LeaveCriticalSection
ConnectNamedPipe
FreeEnvironmentStringsA
CreateNamedPipeA
OpenEventA
GetNamedPipeInfo
GetStringTypeA
GetCurrentThreadId
HeapAlloc
SetEvent
InterlockedDecrement
ExitProcess
GetEnvironmentStringsA
HeapFree
HeapQueryInformation
GetFileTime
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
HeapCreate
InterlockedIncrement
CreateEventA
SetFilePointer
EnterCriticalSection
GetCurrentProcessId
FileTimeToLocalFileTime
CreateFileA
HeapDestroy

Sections

.text
Size: 724KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef3ccd604f3d8fb7aad67785e43164ea

Headers

DLL Characteristics

File Characteristics

Imports

user32

adsldpc

kernel32

Sections

.text Size: 724KB - Virtual size: 724KB

.data Size: 416KB - Virtual size: 415KB

.rsrc Size: 36KB - Virtual size: 3.1MB

.text
Size: 724KB - Virtual size: 724KB

.data
Size: 416KB - Virtual size: 415KB

.rsrc
Size: 36KB - Virtual size: 3.1MB