b3ddca2f9cb5dabcd60d20b96fce85100b4b36c0b9f293e45b468498653f95f3N

Sharing

Copy URL

Twitter E-mail

General

Target

b3ddca2f9cb5dabcd60d20b96fce85100b4b36c0b9f293e45b468498653f95f3N
Size

71KB
MD5

a2a9ac706f30e05c7a8ea0a66c3db990
SHA1

28727c3926d0710744f4da267f60886553c539fd
SHA256

b3ddca2f9cb5dabcd60d20b96fce85100b4b36c0b9f293e45b468498653f95f3
SHA512

2951fabf795864cc6e167d791108abdb62c3db1778649797e662aa76de510605b82292cc70479ed28e073bcf1359c530d5302ba9842fffbea975185424bcf3df
SSDEEP

1536:nNzjEddir74RefZTny/DoI77zOWRIpU9YiAwzEsnvElt1sozdtRu8FYuJ0ofmq:NsdrBP7nFRIpU2mEssjq80Kz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/adsldp.dll

Files

b3ddca2f9cb5dabcd60d20b96fce85100b4b36c0b9f293e45b468498653f95f3N
.cab
adsldp.dll
.dll windows:5 windows x86 arch:x86

0ca50869886fb3456ae96dfbf45d03a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adsldp.pdb

Imports

msvcrt

_except_handler3
malloc
_adjust_fdiv
_initterm
free
_wtoi64
wcstok
swscanf
_wtol
_ltow
_itow
swprintf
_wcslwr
wcsstr
_wcsnicmp
qsort
wcschr
wcscpy
wcscmp
_wcsicmp
wcscat
wcsncpy
_purecall
wcslen
sprintf

activeds

ord3
ord31
ord25
ord22
ord26
ord27
ord28
ord16
ord12
ord17
ord18
ord15
ord14
ord7

adsldpc

AdsTypeToLdapTypeCopyDNWithString
LdapTypeToAdsTypeUTCTime
LdapTypeToAdsTypeGeneralizedTime
LdapTypeToAdsTypeDNWithBinary
LdapTypeToAdsTypeDNWithString
LdapTypeFreeLdapModList
ReadPagingSupportedAttr
LdapValueFreeLen
UnMarshallLDAPToLDAPSynID
LdapNextAttribute
LdapAttributeFree
LdapFirstAttribute
LdapTypeFreeLdapModObject
LdapModifyExtS
ReadSecurityDescriptorControlType
ReadServerSupportsIsADControl
LdapAddExtS
LdapDeleteS
AdsTypeFreeAdsObjects
AdsTypeToLdapTypeCopyConstruct
LdapTypeToAdsTypeCopyConstruct
LdapDeleteExtS
LdapcSetStickyServer
BerEncodingQuotaControl
LdapRenameExtS
LdapModDnS
GetLDAPTypeName
LdapInitializeSearchPreferences
AdsTypeToLdapTypeCopyDNWithBinary
MapLDAPTypeToADSType
MapADSTypeToLDAPType
ADsSetObjectAttributes
ADsGetObjectAttributes
ADsDeleteDSObject
ADsCreateDSObjectExt
ADsSetSearchPreference
ADsExecuteSearch
ADsAbandonSearch
ADsCloseSearchHandle
ADsGetFirstRow
ADsGetNextRow
ADsGetPreviousRow
ADsGetColumn
ADsGetNextColumnName
ADsFreeColumn
ADsEnumAttributes
ADsCreateAttributeDefinition
ADsWriteAttributeDefinition
ADsDeleteAttributeDefinition
ADsEnumClasses
ADsCreateClassDefinition
ADsWriteClassDefinition
ADsDeleteClassDefinition
LdapcKeepHandleAround
LdapGetSyntaxIdOfAttribute
BuildADsPathFromParent
ADsHelperGetCurrentRowMessage
AdsTypeToLdapTypeCopyGeneralizedTime
AdsTypeToLdapTypeCopyTime
LdapSearchInitPage
BuildADsParentPathFromObjectInfo2
LdapSearchExtS
LdapNextEntry
LdapGetNextPageS
LdapGetDn
?SetFSlashDisabler@CLexer@@QAEXH@Z
LdapMemFree
IsGCNamespace
GetDefaultServer
LdapOpenObject2
LdapReadAttributeFast
BuildADsPathFromLDAPPath2
BuildADsParentPath
GetDisplayName
??0CLexer@@QAE@XZ
?InitializePath@CLexer@@QAEJPAG@Z
InitObjectInfo
??1CLexer@@QAE@XZ
?SetAtDisabler@CLexer@@QAEXH@Z
Component
PathName
?GetNextToken@CLexer@@QAEJPAGPAK@Z
SchemaGetObjectCount
SchemaGetPropertyInfoByIndex
SchemaGetClassInfoByIndex
SchemaAddRef
SchemaGetPropertyInfo
SchemaOpen
SchemaGetClassInfo
LdapModifyS
LdapReadAttribute
LdapAddS
SchemaClose
FindEntryInSearchTable
intcmp
FindSearchTableIndex
SortAndRemoveDuplicateOIDs
LdapOpenObject
LdapSearchS
LdapCountEntries
LdapFirstEntry
LdapGetValues
LdapCloseObject
LdapMsgFree
LdapValueFree
SchemaGetStringsFromStringTable
LdapGetSyntaxOfAttributeOnServer
SchemaGetSyntaxOfAttribute
BuildLDAPPathFromADsPath2
LdapMakeSchemaCacheObsolete
LdapGetSubSchemaSubEntryPath
LdapGetSchemaObjectCount
LdapTypeFreeLdapObjects
ADsObject
FreeObjectInfo
LdapCacheAddRef
LdapSearchAbandonPage
LdapTypeCopyConstruct
LdapTypeBinaryToString

wldap32

ord54
ord12
ord53

netapi32

NetApiBufferFree

ole32

CoCreateInstance
CoTaskMemFree
StringFromGUID2
CLSIDFromString
IIDFromString
StringFromCLSID
CreatePointerMoniker

advapi32

SystemFunction041
RegSetValueExW
RegOpenKeyExW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegQueryValueExW
RegEnumKeyExW
SystemFunction040
RegCloseKey

kernel32

LeaveCriticalSection
LoadLibraryW
GetLastError
GetProcAddress
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
EnterCriticalSection
DisableThreadLibraryCalls
FormatMessageW
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
CloseHandle
lstrlenW
RaiseException
LocalAlloc
LocalFree
CompareStringW
GetTickCount
InterlockedDecrement
InterlockedIncrement
SetLastError
GetSystemDirectoryW

user32

wsprintfW

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantCopyInd
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
LoadRegTypeLi
DispInvoke
SetErrorInfo
CreateErrorInfo
VariantClear
DispGetIDsOfNames
SysFreeString

ntdll

RtlInitUnicodeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ca50869886fb3456ae96dfbf45d03a8

Headers

File Characteristics

PDB Paths

Imports

msvcrt

activeds

adsldpc

wldap32

netapi32

ole32

advapi32

kernel32

user32

oleaut32

ntdll

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 150KB

.data Size: 15KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 151KB - Virtual size: 150KB

.data
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB