06a097ebd5ee5d6d341d778b29377efe77ab9fe6050f4de5c47b70fc5210bf4b

Sharing

Copy URL Twitter E-mail

General

Target

06a097ebd5ee5d6d341d778b29377efe77ab9fe6050f4de5c47b70fc5210bf4b
Size

2.0MB
MD5

fccc0f3e896714e18c191be0c60df7c5
SHA1

4b82fc109b36ab5918d00e0d2cbf62a4fd3d67ca
SHA256

06a097ebd5ee5d6d341d778b29377efe77ab9fe6050f4de5c47b70fc5210bf4b
SHA512

c98bdcbe971bc57bacec9cc179b7508cbb6807d997fbadb337879aa6864c0463921c79828a6e31ea51737b5966cd49ae3bc132b4dec51c378b1fbf67f7b06c2b
SSDEEP

49152:t9YtfhN3DZtOIfYHsI7eT9oNew7KAbj37Du0JIfa:jYJh5DnVAHsboDmAn3u0Wfa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06a097ebd5ee5d6d341d778b29377efe77ab9fe6050f4de5c47b70fc5210bf4b

Files

06a097ebd5ee5d6d341d778b29377efe77ab9fe6050f4de5c47b70fc5210bf4b
.dll windows:6 windows x86 arch:x86

619244c1fbb70fd7a7a318e5b8172465

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\s\_builds\src\cpp\Binaries\Release\adal.pdb

Imports

kernel32

SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCurrentThread
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
CreateFileW
WriteConsoleW
SetThreadAffinityMask
GetProcAddress
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPopEntrySList
GetTickCount
SwitchToThread
AreFileApisANSI
SetEndOfFile
RemoveDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
DeleteFileW
CreateDirectoryW
FormatMessageA
TryEnterCriticalSection
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
GetSystemDirectoryW
LoadLibraryW
GetVersionExW
Sleep
CreateProcessW
VerSetConditionMask
VerifyVersionInfoW
WaitForSingleObject
TerminateThread
GetExitCodeThread
GetTickCount64
ReleaseMutex
CreateMutexW
InitializeCriticalSectionAndSpinCount
CloseHandle
OutputDebugStringW
IsDebuggerPresent
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
DuplicateHandle
ReleaseSemaphore
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FormatMessageW
LocalFree
LocalAlloc
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionEx
UnhandledExceptionFilter
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
GetProcessAffinityMask
DecodePointer

user32

SetWindowTextW
GetWindowTextW
UnregisterClassW
SetWindowsHookExW
UnhookWindowsHookEx
GetWindowTextLengthW
GetClientRect
RedrawWindow
ScreenToClient
GetSysColor
FillRect
GetDesktopWindow
CharLowerW
PostQuitMessage
SetTimer
ClientToScreen
InvalidateRgn
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
PostMessageW
LoadIconW
GetWindow
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
SetWindowPos
MoveWindow
IsChild
IsWindow
SendMessageW
RegisterWindowMessageW
GetKeyState
LoadCursorW
SetWindowLongW
GetClassNameW
GetParent
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetWindowLongW

ole32

OleRun
CoCreateFreeThreadedMarshaler
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoUninitialize
CoCreateInstance
StringFromCLSID
CreateStreamOnHGlobal
StringFromGUID2
CoInitializeEx
CoCreateGuid

oleaut32

VariantChangeType
DispCallFunc
VariantCopy
OleCreateFontIndirect
SysAllocStringLen
SysAllocString
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysFreeString
VariantClear
VariantInit
GetErrorInfo

advapi32

RegCloseKey
CryptDestroyHash
CryptSignHashW
RegGetValueW
RegOpenKeyExW
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
OpenProcessToken
GetTokenInformation
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCreateKeyExW

wininet

InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetCloseHandle
HttpOpenRequestW
InternetSetStatusCallbackW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetSetOptionW
InternetOpenW

winhttp

WinHttpCrackUrl
WinHttpCloseHandle
WinHttpOpen
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpQueryHeaders

ncrypt

NCryptFreeObject
NCryptDeleteKey
NCryptSignHash
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider

gdi32

GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap

shell32

SHGetKnownFolderPath

shlwapi

PathFileExistsW

crypt32

CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptFindOIDInfo
CryptProtectData
CryptUnprotectData
CryptAcquireCertificatePrivateKey

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

secur32

GetUserNameExW

Exports

Exports

ADALAcquireToken
ADALAddClientCapability
ADALCreateAuthenticationContext
ADALCreateAuthenticationContextNoUI
ADALDeleteRequest
ADALDeserializeAuthenticationContext
ADALGetAccessToken
ADALGetAccessTokenExpirationTime
ADALGetAccountType
ADALGetAuthority
ADALGetClaimsChallenge
ADALGetClientSecret
ADALGetContext
ADALGetContextAtIndex
ADALGetContextCollection
ADALGetContextCollectionSize
ADALGetDisplayableUserId
ADALGetErrorCode
ADALGetErrorDescription
ADALGetFamilyName
ADALGetFormalAuthority
ADALGetGivenName
ADALGetIdTokenValue
ADALGetIsExtendedLifetimeToken
ADALGetLoginHint
ADALGetNetworkConnectionType
ADALGetOption
ADALGetPasswordChangeUrl
ADALGetPasswordExpiryDays
ADALGetRefreshToken
ADALGetRequestStatus
ADALGetResponseBody
ADALGetResponseHeader
ADALGetSuberrorCode
ADALGetTenantId
ADALGetUniqueUserId
ADALIsCapabilityPresent
ADALIsModified
ADALIsWAMUsed
ADALMigrateContextToSharedCache
ADALReleaseAuthenticationContext
ADALReleaseContextCollection
ADALRenewToken
ADALSerializeAuthenticationContext
ADALSetAccountType
ADALSetAdditionalHttpHeaders
ADALSetAdditionalQueryParams
ADALSetClaimsChallenge
ADALSetClientAssertionUsingCertificateContext
ADALSetClientAssertionUsingCertificateThumbprint
ADALSetClientSecret
ADALSetLogOptions
ADALSetNetworkConnectionType
ADALSetOption
ADALSetRedirectUri
ADALSetRefreshToken
ADALSetSilentLogonOptions
ADALSetTelemetryDispatchFunction
ADALUICancelWAM
ADALUICreateHostServiceProvider
ADALUICreateHostUIHandler
ADALUICreateHostWindow
ADALUIGetHostRequirements
ADALUIGetWebBrowser
ADALUIUseWAM
ADALUIUseWebBrowser
ADALUseClientCredential
ADALUseClientCredentialWithUserToken
ADALUseSAMLAssertion
ADALUseUsernamePassword
ADALUseWindowsAuthentication

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 573KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

619244c1fbb70fd7a7a318e5b8172465

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

advapi32

wininet

winhttp

ncrypt

gdi32

shell32

shlwapi

crypt32

version

secur32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 313KB - Virtual size: 312KB

.data Size: 34KB - Virtual size: 39KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 56KB - Virtual size: 56KB

.reloc Size: 573KB - Virtual size: 576KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 313KB - Virtual size: 312KB

.data
Size: 34KB - Virtual size: 39KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 56KB - Virtual size: 56KB

.reloc
Size: 573KB - Virtual size: 576KB