ca8eb5d699668f1c5cbdd63d575cff30a2ca3bf622c14752b1ee3ad9525cf307

Sharing

Copy URL Twitter E-mail

General

Target

ca8eb5d699668f1c5cbdd63d575cff30a2ca3bf622c14752b1ee3ad9525cf307
Size

297KB
MD5

78d334619761c11f7136825580d8ddce
SHA1

9ebc6955460e45f8070a3a49b45b74da280b2cbe
SHA256

ca8eb5d699668f1c5cbdd63d575cff30a2ca3bf622c14752b1ee3ad9525cf307
SHA512

85b1ba1397eb3440f336db67ed51fc9cd4d307b84180a2ca9f1fa8f122a638c5494d3baa70892f3042f72d21b00025c70dcc7709773eafb565a884e61e7ef4eb
SSDEEP

3072:/i23yII0sqfyY/axyXQwD5R2vqL2ITT1vOT4TjJVuu9rnPSJOZG:BIVq6Y/rDCqLfVvOE9g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca8eb5d699668f1c5cbdd63d575cff30a2ca3bf622c14752b1ee3ad9525cf307

Files

ca8eb5d699668f1c5cbdd63d575cff30a2ca3bf622c14752b1ee3ad9525cf307
.exe windows:5 windows x86 arch:x86

6607f7286c184b53216155760cc22010

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dsget.pdb

Imports

msvcrt

_iob
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
free
??2@YAPAXI@Z
?terminate@@YAXXZ
_wcsicmp
_exit
_c_exit
wcscat
wcsstr
wcsncpy
wcscpy
_vsnwprintf
wcschr
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_controlfp
wcscmp
_vsnprintf
memmove
setlocale
_setmode
iswdigit
_wtoi
_wtol
_itow
fgetwc
fread
wcslen
??3@YAXPAX@Z
fputwc

advapi32

GetSidIdentifierAuthority
GetExplicitEntriesFromAclW
EqualSid
GetSidSubAuthority
GetSidSubAuthorityCount
LookupAccountSidW
ConvertStringSidToSidW
AllocateAndInitializeSid
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
IsValidSid
GetLengthSid
FreeSid
ConvertSidToStringSidW

kernel32

GetDateFormatW
SystemTimeToFileTime
HeapAlloc
GetProcessHeap
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetThreadUILanguage
FileTimeToSystemTime
GetTickCount
HeapReAlloc
GetFileType
WriteFile
WriteConsoleW
GetCommandLineW
GetConsoleCP
LockResource
LoadResource
HeapFree
ReadConsoleW
SetConsoleMode
GetConsoleMode
GetStdHandle
LocalAlloc
LocalFree
GetModuleHandleW
GetLastError
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageW
lstrlenW
SetLastError
lstrcmpiW
FindResourceW
lstrcpyW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
StringFromGUID2

oleaut32

VariantChangeType
SysStringByteLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantClear
SysStringLen
SysAllocStringLen
VariantInit
SysFreeString
SysAllocString

user32

wsprintfW
LoadStringW

activeds

ord15
ord9
ord20
ord7
ord13

crypt32

CryptProtectData
CryptUnprotectData

ntdsapi

DsBindW
DsCrackNamesW
DsUnBindW
DsFreeNameResultW

netapi32

DsGetDcNameW
NetApiBufferFree

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 233KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6607f7286c184b53216155760cc22010

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

oleaut32

user32

activeds

crypt32

ntdsapi

netapi32

Sections

.text Size: 55KB - Virtual size: 54KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 233KB - Virtual size: 361KB

.text
Size: 55KB - Virtual size: 54KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 233KB - Virtual size: 361KB