aba27fe2c76b25a58234953f334d2284c59871f27bccb63fe1bfcc9c1695a14d

Sharing

Copy URL Twitter E-mail

General

Target

aba27fe2c76b25a58234953f334d2284c59871f27bccb63fe1bfcc9c1695a14d
Size

1.9MB
MD5

5a46bc29fc9e240a5bc5b59b2474b232
SHA1

8744cdeb79650d6548ff50b80d1b3e8d5101d97f
SHA256

aba27fe2c76b25a58234953f334d2284c59871f27bccb63fe1bfcc9c1695a14d
SHA512

9496b65ac614f76d598d2ad7e297e80c75a1fb3ab2ea024c377af42f67bbddea4a8742166f533a8cf43f2fde0b6db3a872a808fe8aa8b8023caceef19d1527cd
SSDEEP

49152:e0ejNMbL45kPjHeZX663PFTX7eYXKJE2eKfAXM:e0eZMbNPj+l66h9wffA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aba27fe2c76b25a58234953f334d2284c59871f27bccb63fe1bfcc9c1695a14d

Files

aba27fe2c76b25a58234953f334d2284c59871f27bccb63fe1bfcc9c1695a14d
.dll windows:6 windows x86 arch:x86

ac733a254167e242bf603c6b26532463

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\agent01\_work\62\s\_builds\src\cpp\Binaries\Release\adal.pdb

Imports

kernel32

SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCurrentThread
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
CreateFileW
WriteConsoleW
GetProcAddress
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
SetEndOfFile
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPopEntrySList
GetTickCount
SwitchToThread
AreFileApisANSI
RemoveDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
DeleteFileW
CreateDirectoryW
TryEnterCriticalSection
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
GetSystemDirectoryW
LoadLibraryW
GetVersionExW
Sleep
CreateProcessW
VerSetConditionMask
VerifyVersionInfoW
WaitForSingleObject
TerminateThread
GetExitCodeThread
GetTickCount64
ReleaseMutex
CreateMutexW
CloseHandle
OutputDebugStringW
IsDebuggerPresent
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
DuplicateHandle
ReleaseSemaphore
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FormatMessageW
LocalFree
LocalAlloc
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionEx
UnhandledExceptionFilter
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
SetThreadAffinityMask
DecodePointer

user32

RedrawWindow
SetWindowTextW
GetWindowTextW
UnregisterClassW
SetWindowsHookExW
UnhookWindowsHookEx
GetWindowTextLengthW
InvalidateRect
ClientToScreen
ScreenToClient
GetSysColor
FillRect
CharLowerW
PostQuitMessage
SetTimer
PostThreadMessageW
GetClientRect
InvalidateRgn
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
PostMessageW
LoadIconW
GetWindow
GetClassNameW
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
SetWindowPos
MoveWindow
IsChild
IsWindow
SendMessageW
RegisterWindowMessageW
GetKeyState
LoadCursorW
SetWindowLongW
GetWindowLongW
GetParent
GetDesktopWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
DestroyWindow

ole32

OleRun
CoCreateFreeThreadedMarshaler
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoUninitialize
CoCreateInstance
StringFromCLSID
CreateStreamOnHGlobal
StringFromGUID2
CoInitializeEx
CoCreateGuid

oleaut32

VariantClear
DispCallFunc
VariantCopy
OleCreateFontIndirect
SysAllocStringLen
SysAllocString
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantChangeType
SysFreeString
VariantInit
GetErrorInfo

advapi32

RegCloseKey
CryptDestroyHash
CryptSignHashW
RegGetValueW
RegOpenKeyExW
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
OpenProcessToken
GetTokenInformation
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCreateKeyExW

wininet

InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetCloseHandle
HttpOpenRequestW
InternetSetStatusCallbackW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetOpenW
InternetSetOptionW

winhttp

WinHttpOpen
WinHttpCrackUrl
WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpQueryHeaders

ncrypt

NCryptDeleteKey
NCryptFreeObject
NCryptSignHash
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider

gdi32

GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap

shell32

SHGetKnownFolderPath

shlwapi

PathFileExistsW

crypt32

CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptFindOIDInfo
CryptProtectData
CryptUnprotectData
CryptAcquireCertificatePrivateKey

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

secur32

GetUserNameExW

Exports

Exports

ADALAcquireToken
ADALAddClientCapability
ADALCreateAuthenticationContext
ADALCreateAuthenticationContextNoUI
ADALDeleteRequest
ADALDeserializeAuthenticationContext
ADALGetAccessToken
ADALGetAccessTokenExpirationTime
ADALGetAccountType
ADALGetAuthority
ADALGetClaimsChallenge
ADALGetClientSecret
ADALGetContext
ADALGetContextAtIndex
ADALGetContextCollection
ADALGetContextCollectionSize
ADALGetDisplayableUserId
ADALGetErrorCode
ADALGetErrorDescription
ADALGetFamilyName
ADALGetFormalAuthority
ADALGetGivenName
ADALGetIdTokenValue
ADALGetIsExtendedLifetimeToken
ADALGetLoginHint
ADALGetNetworkConnectionType
ADALGetOption
ADALGetPasswordChangeUrl
ADALGetPasswordExpiryDays
ADALGetRefreshToken
ADALGetRequestStatus
ADALGetResponseBody
ADALGetResponseHeader
ADALGetSuberrorCode
ADALGetTenantId
ADALGetUniqueUserId
ADALIsCapabilityPresent
ADALIsModified
ADALIsWAMUsed
ADALMigrateContextToSharedCache
ADALReleaseAuthenticationContext
ADALReleaseContextCollection
ADALRenewToken
ADALSerializeAuthenticationContext
ADALSetAccountType
ADALSetAdditionalHttpHeaders
ADALSetAdditionalQueryParams
ADALSetClaimsChallenge
ADALSetClientAssertionUsingCertificateContext
ADALSetClientAssertionUsingCertificateThumbprint
ADALSetClientSecret
ADALSetLogOptions
ADALSetNetworkConnectionType
ADALSetOption
ADALSetRedirectUri
ADALSetRefreshToken
ADALSetSilentLogonOptions
ADALSetTelemetryDispatchFunction
ADALUICancelWAM
ADALUICreateHostServiceProvider
ADALUICreateHostUIHandler
ADALUICreateHostWindow
ADALUIGetHostRequirements
ADALUIGetWebBrowser
ADALUIUseWAM
ADALUIUseWebBrowser
ADALUseClientCredential
ADALUseClientCredentialWithUserToken
ADALUseSAMLAssertion
ADALUseUsernamePassword
ADALUseWindowsAuthentication

Sections

.text
Size: 990KB - Virtual size: 989KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 594KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac733a254167e242bf603c6b26532463

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

advapi32

wininet

winhttp

ncrypt

gdi32

shell32

shlwapi

crypt32

version

secur32

Exports

Exports

Sections

.text Size: 990KB - Virtual size: 989KB

.rdata Size: 312KB - Virtual size: 312KB

.data Size: 34KB - Virtual size: 39KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 594KB - Virtual size: 596KB

.text
Size: 990KB - Virtual size: 989KB

.rdata
Size: 312KB - Virtual size: 312KB

.data
Size: 34KB - Virtual size: 39KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 594KB - Virtual size: 596KB