a959b4bac997d2b0f65229b06ed05990N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a959b4bac997d2b0f65229b06ed05990N.exe
Size

152KB
MD5

a959b4bac997d2b0f65229b06ed05990
SHA1

5c0717e43a011162ab66a3bd4bdbb4fee9e7dbb9
SHA256

9858605611a26b01f2331f1f28cb405dc00d2b3e29170653d91cbe84d6e511f2
SHA512

2210594a0aaf33e2024d5bf4d999f103225c53bfad16b251295d135382a0d6de5f8aad8dd95732428224d07efbe0e8e2a350c896d135b12847a0cc16460c4a16
SSDEEP

3072:atxyF+sVklaVUgMkuQ3jHKNlXdiOdjJMh283cFhm2kIQAM:atEnmlaVUL6HKrXrJd8sFhm2kIQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a959b4bac997d2b0f65229b06ed05990N.exe

Files

a959b4bac997d2b0f65229b06ed05990N.exe
.dll windows:4 windows x86 arch:x86

68c5c898db0538c6fc6a1fb3fffb20bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\buildbot\win32-comm-central-nightly\build\objdir-tb\ldap\sdks\c-sdk\ldap\libraries\libldap\nsldap32v60.pdb

Imports

kernel32

CreateMutexA
CloseHandle
WaitForSingleObject
ReleaseMutex
TlsSetValue
TlsGetValue
TlsAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
GetLastError
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetSystemTimeAsFileTime

mozcrt19

fseek
fopen
strerror
_snprintf
_errno
rewind
fgets
toupper
_strnicmp
memset
memcpy
_difftime64
malloc
fclose
calloc
realloc
strncpy
perror
isspace
isalnum
qsort
_ctime64
isdigit
islower
fflush
fputs
__iob_func
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
ftell
fread
feof
atoi
strrchr
memmove
strchr
strtok
sprintf
_time64
free
_stricmp
_write

Exports

Exports

ber_alloc
ber_alloc_t
ber_bvdup
ber_bvecfree
ber_bvfree
ber_dup
ber_err_print
ber_first_element
ber_flatten
ber_flush
ber_free
ber_get_bitstringa
ber_get_boolean
ber_get_buf_databegin
ber_get_buf_datalen
ber_get_int
ber_get_next
ber_get_next_buffer
ber_get_next_buffer_ext
ber_get_null
ber_get_option
ber_get_stringa
ber_get_stringal
ber_get_stringb
ber_get_tag
ber_init
ber_init_w_nullchar
ber_next_element
ber_peek_tag
ber_printf
ber_put_bitstring
ber_put_boolean
ber_put_enum
ber_put_int
ber_put_null
ber_put_ostring
ber_put_seq
ber_put_set
ber_put_string
ber_read
ber_reset
ber_scanf
ber_set_option
ber_skip_tag
ber_sockbuf_alloc
ber_sockbuf_free
ber_sockbuf_free_data
ber_sockbuf_get_option
ber_sockbuf_set_option
ber_special_alloc
ber_special_free
ber_stack_init
ber_start_seq
ber_start_set
ber_svecfree
ber_write
der_alloc
ldap_abandon
ldap_abandon_ext
ldap_add
ldap_add_ext
ldap_add_ext_s
ldap_add_result_entry
ldap_add_s
ldap_ber_free
ldap_bind
ldap_bind_s
ldap_build_filter
ldap_cache_flush
ldap_charray_add
ldap_charray_dup
ldap_charray_free
ldap_charray_inlist
ldap_charray_merge
ldap_charray_position
ldap_compare
ldap_compare_ext
ldap_compare_ext_s
ldap_compare_s
ldap_control_free
ldap_controls_free
ldap_count_entries
ldap_count_messages
ldap_count_references
ldap_count_values
ldap_count_values_len
ldap_create_authzid_control
ldap_create_filter
ldap_create_geteffectiveRights_control
ldap_create_passwordpolicy_control
ldap_create_passwordpolicy_control_ext
ldap_create_persistentsearch_control
ldap_create_proxiedauth_control
ldap_create_proxyauth_control
ldap_create_sort_control
ldap_create_sort_keylist
ldap_create_userstatus_control
ldap_create_virtuallist_control
ldap_delete
ldap_delete_ext
ldap_delete_ext_s
ldap_delete_result_entry
ldap_delete_s
ldap_dn2ufn
ldap_entry2html
ldap_entry2html_search
ldap_entry2text
ldap_entry2text_search
ldap_err2string
ldap_explode_dn
ldap_explode_dns
ldap_explode_rdn
ldap_extended_operation
ldap_extended_operation_s
ldap_find_control
ldap_first_attribute
ldap_first_disptmpl
ldap_first_entry
ldap_first_message
ldap_first_reference
ldap_first_searchobj
ldap_first_tmplcol
ldap_first_tmplrow
ldap_free_friendlymap
ldap_free_searchprefs
ldap_free_sort_keylist
ldap_free_templates
ldap_free_urldesc
ldap_friendly_name
ldap_get_dn
ldap_get_entry_controls
ldap_get_lang_values
ldap_get_lang_values_len
ldap_get_lderrno
ldap_get_option
ldap_get_values
ldap_get_values_len
ldap_getfilter_free
ldap_getfirstfilter
ldap_getnextfilter
ldap_init
ldap_init_getfilter
ldap_init_getfilter_buf
ldap_init_searchprefs
ldap_init_searchprefs_buf
ldap_init_templates
ldap_init_templates_buf
ldap_is_dns_dn
ldap_is_ldap_url
ldap_keysort_entries
ldap_memcache_destroy
ldap_memcache_flush
ldap_memcache_get
ldap_memcache_init
ldap_memcache_set
ldap_memcache_update
ldap_memfree
ldap_modify
ldap_modify_ext
ldap_modify_ext_s
ldap_modify_s
ldap_modrdn
ldap_modrdn2
ldap_modrdn2_s
ldap_modrdn_s
ldap_mods_free
ldap_msgfree
ldap_msgid
ldap_msgtype
ldap_multisort_entries
ldap_name2template
ldap_next_attribute
ldap_next_disptmpl
ldap_next_entry
ldap_next_message
ldap_next_reference
ldap_next_searchobj
ldap_next_tmplcol
ldap_next_tmplrow
ldap_oc2template
ldap_open
ldap_parse_authzid_control
ldap_parse_entrychange_control
ldap_parse_extended_result
ldap_parse_passwd
ldap_parse_passwordpolicy_control
ldap_parse_passwordpolicy_control_ext
ldap_parse_reference
ldap_parse_result
ldap_parse_sasl_bind_result
ldap_parse_sort_control
ldap_parse_userstatus_control
ldap_parse_virtuallist_control
ldap_parse_whoami
ldap_passwd
ldap_passwd_s
ldap_passwordpolicy_err2txt
ldap_perror
ldap_rename
ldap_rename_s
ldap_result
ldap_result2error
ldap_sasl_bind
ldap_sasl_bind_s
ldap_sasl_interactive_bind_ext_s
ldap_sasl_interactive_bind_s
ldap_search
ldap_search_ext
ldap_search_ext_s
ldap_search_s
ldap_search_st
ldap_set_filter_additions
ldap_set_lderrno
ldap_set_option
ldap_set_rebind_proc
ldap_setfilteraffixes
ldap_simple_bind
ldap_simple_bind_s
ldap_sort_entries
ldap_sort_strcasecmp
ldap_sort_values
ldap_str2charray
ldap_tmplattrs
ldap_tmplerr2string
ldap_ufn_search_c
ldap_ufn_search_ct
ldap_ufn_search_s
ldap_ufn_setfilter
ldap_ufn_setprefix
ldap_ufn_timeout
ldap_unbind
ldap_unbind_ext
ldap_unbind_s
ldap_url_parse
ldap_url_parse_no_defaults
ldap_url_search
ldap_url_search_s
ldap_url_search_st
ldap_utf8characters
ldap_utf8copy
ldap_utf8getcc
ldap_utf8isalnum
ldap_utf8isalpha
ldap_utf8isdigit
ldap_utf8isspace
ldap_utf8isxdigit
ldap_utf8len
ldap_utf8next
ldap_utf8prev
ldap_utf8strtok_r
ldap_vals2html
ldap_vals2text
ldap_value_free
ldap_value_free_len
ldap_version
ldap_whoami
ldap_whoami_s
ldap_x_calloc
ldap_x_free
ldap_x_hostlist_first
ldap_x_hostlist_next
ldap_x_hostlist_statusfree
ldap_x_malloc
ldap_x_realloc

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68c5c898db0538c6fc6a1fb3fffb20bd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

mozcrt19

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB