f6a10ce8b5a9eb8353d5323b6ef110d11fa8cfbb4fb2b7afab5d1867cfdbdbb4

Sharing

Copy URL Twitter E-mail

General

Target

f6a10ce8b5a9eb8353d5323b6ef110d11fa8cfbb4fb2b7afab5d1867cfdbdbb4
Size

730KB
MD5

f7ce8e5ea1df3c5c89bb79c418372bdb
SHA1

74c66d1f43f9ca2bd1255ccbfae6130ce7065efd
SHA256

f6a10ce8b5a9eb8353d5323b6ef110d11fa8cfbb4fb2b7afab5d1867cfdbdbb4
SHA512

7fef164b7b8f5cd4d45d9d87401c0171bfde2e0e7a7577d10a6b485ee8ef3a073fa2a21e15dbeaf5d51122eea2b17696f55139390a047d7e4b66f5110517e722
SSDEEP

6144:9e754vdrtiTDzdFRr975ajmLSJnqs2lDMRqPGpU+yyxkblPl+S2eU0QOJ1SW0:cqvdYDxrp75ayunqs2lDMoO8+e/0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6a10ce8b5a9eb8353d5323b6ef110d11fa8cfbb4fb2b7afab5d1867cfdbdbb4

Files

f6a10ce8b5a9eb8353d5323b6ef110d11fa8cfbb4fb2b7afab5d1867cfdbdbb4
.dll windows:4 windows x86 arch:x86

6d85b3135f32700935d90fe26a9d2116

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Imports

kernel32

CloseHandle
CreateEventA
CreateMutexA
DisableThreadLibraryCalls
FileTimeToSystemTime
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseMutex
SetEvent
SignalObjectAndWait
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte

ntdll

RtlAllocateHeap
_vsnprintf

secur32

AcquireCredentialsHandleA
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextA
QueryContextAttributesA
QuerySecurityPackageInfoA

ucrtbase

__acrt_iob_func
__isascii
__stdio_common_vfprintf
__stdio_common_vsprintf
_assert
_beginthreadex
_close
_ctime32
_endthread
_errno
_gmtime32
_localtime32
_read
_strdup
_stricmp
_strnicmp
_time32
_wcsdup
_write
atoi
calloc
fclose
feof
ferror
fflush
fgets
fopen
fputs
fread
free
fwrite
getenv
isalnum
isgraph
isprint
isspace
malloc
memchr
memcmp
memcpy
memmove
realloc
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncat
strncmp
strncpy
strstr
strtol
strtoul
wcscmp

user32

LoadStringA
LoadStringW

ws2_32

bind
closesocket
connect
getpeername
getsockopt
htonl
ioctlsocket
inet_addr
ntohs
recv
select
send
setsockopt
shutdown
socket
gethostbyaddr
gethostbyname
gethostname
WSAGetLastError
WSASetLastError
WSAStartup
WSACleanup
__WSAFDIsSet
freeaddrinfo
getaddrinfo
getnameinfo
inet_ntop

Exports

Exports

LdapGetLastError
LdapMapErrorToWin32
LdapUTF8ToUnicode
LdapUnicodeToUTF8
ber_alloc_t
ber_bvdup
ber_bvecfree
ber_bvfree
ber_first_element
ber_flatten
ber_free
ber_init
ber_next_element
ber_peek_tag
ber_printf
ber_scanf
ber_skip_tag
cldap_open
cldap_openA
cldap_openW
ldap_abandon
ldap_add
ldap_addA
ldap_addW
ldap_add_ext
ldap_add_extA
ldap_add_extW
ldap_add_ext_s
ldap_add_ext_sA
ldap_add_ext_sW
ldap_add_s
ldap_add_sA
ldap_add_sW
ldap_bind
ldap_bindA
ldap_bindW
ldap_bind_s
ldap_bind_sA
ldap_bind_sW
ldap_check_filterA
ldap_check_filterW
ldap_cleanup
ldap_close_extended_op
ldap_compare
ldap_compareA
ldap_compareW
ldap_compare_ext
ldap_compare_extA
ldap_compare_extW
ldap_compare_ext_s
ldap_compare_ext_sA
ldap_compare_ext_sW
ldap_compare_s
ldap_compare_sA
ldap_compare_sW
ldap_conn_from_msg
ldap_connect
ldap_control_free
ldap_control_freeA
ldap_control_freeW
ldap_controls_free
ldap_controls_freeA
ldap_controls_freeW
ldap_count_entries
ldap_count_references
ldap_count_values
ldap_count_valuesA
ldap_count_valuesW
ldap_count_values_len
ldap_create_page_control
ldap_create_page_controlA
ldap_create_page_controlW
ldap_create_sort_control
ldap_create_sort_controlA
ldap_create_sort_controlW
ldap_create_vlv_controlA
ldap_create_vlv_controlW
ldap_delete
ldap_deleteA
ldap_deleteW
ldap_delete_ext
ldap_delete_extA
ldap_delete_extW
ldap_delete_ext_s
ldap_delete_ext_sA
ldap_delete_ext_sW
ldap_delete_s
ldap_delete_sA
ldap_delete_sW
ldap_dn2ufn
ldap_dn2ufnA
ldap_dn2ufnW
ldap_encode_sort_controlA
ldap_encode_sort_controlW
ldap_err2string
ldap_err2stringA
ldap_err2stringW
ldap_escape_filter_element
ldap_escape_filter_elementA
ldap_escape_filter_elementW
ldap_explode_dn
ldap_explode_dnA
ldap_explode_dnW
ldap_extended_operation
ldap_extended_operationA
ldap_extended_operationW
ldap_extended_operation_sA
ldap_extended_operation_sW
ldap_first_attribute
ldap_first_attributeA
ldap_first_attributeW
ldap_first_entry
ldap_first_reference
ldap_free_controls
ldap_free_controlsA
ldap_free_controlsW
ldap_get_dn
ldap_get_dnA
ldap_get_dnW
ldap_get_next_page
ldap_get_next_page_s
ldap_get_option
ldap_get_optionA
ldap_get_optionW
ldap_get_paged_count
ldap_get_values
ldap_get_valuesA
ldap_get_valuesW
ldap_get_values_len
ldap_get_values_lenA
ldap_get_values_lenW
ldap_init
ldap_initA
ldap_initW
ldap_memfree
ldap_memfreeA
ldap_memfreeW
ldap_modify
ldap_modifyA
ldap_modifyW
ldap_modify_ext
ldap_modify_extA
ldap_modify_extW
ldap_modify_ext_s
ldap_modify_ext_sA
ldap_modify_ext_sW
ldap_modify_s
ldap_modify_sA
ldap_modify_sW
ldap_modrdn
ldap_modrdn2
ldap_modrdn2A
ldap_modrdn2W
ldap_modrdn2_s
ldap_modrdn2_sA
ldap_modrdn2_sW
ldap_modrdnA
ldap_modrdnW
ldap_modrdn_s
ldap_modrdn_sA
ldap_modrdn_sW
ldap_msgfree
ldap_next_attribute
ldap_next_attributeA
ldap_next_attributeW
ldap_next_entry
ldap_next_reference
ldap_open
ldap_openA
ldap_openW
ldap_parse_extended_resultA
ldap_parse_extended_resultW
ldap_parse_page_control
ldap_parse_page_controlA
ldap_parse_page_controlW
ldap_parse_reference
ldap_parse_referenceA
ldap_parse_referenceW
ldap_parse_result
ldap_parse_resultA
ldap_parse_resultW
ldap_parse_sort_control
ldap_parse_sort_controlA
ldap_parse_sort_controlW
ldap_parse_vlv_controlA
ldap_parse_vlv_controlW
ldap_perror
ldap_rename_ext
ldap_rename_extA
ldap_rename_extW
ldap_rename_ext_s
ldap_rename_ext_sA
ldap_rename_ext_sW
ldap_result
ldap_result2error
ldap_sasl_bindA
ldap_sasl_bindW
ldap_sasl_bind_sA
ldap_sasl_bind_sW
ldap_search
ldap_searchA
ldap_searchW
ldap_search_abandon_page
ldap_search_ext
ldap_search_extA
ldap_search_extW
ldap_search_ext_s
ldap_search_ext_sA
ldap_search_ext_sW
ldap_search_init_page
ldap_search_init_pageA
ldap_search_init_pageW
ldap_search_s
ldap_search_sA
ldap_search_sW
ldap_search_st
ldap_search_stA
ldap_search_stW
ldap_set_dbg_flags
ldap_set_dbg_routine
ldap_set_option
ldap_set_optionA
ldap_set_optionW
ldap_simple_bind
ldap_simple_bindA
ldap_simple_bindW
ldap_simple_bind_s
ldap_simple_bind_sA
ldap_simple_bind_sW
ldap_sslinit
ldap_sslinitA
ldap_sslinitW
ldap_start_tls_sA
ldap_start_tls_sW
ldap_startup
ldap_stop_tls_s
ldap_ufn2dn
ldap_ufn2dnA
ldap_ufn2dnW
ldap_unbind
ldap_unbind_s
ldap_value_free
ldap_value_freeA
ldap_value_freeW
ldap_value_free_len

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 4KB - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 4KB - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/107
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/123
Size: 4KB - Virtual size: 105B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d85b3135f32700935d90fe26a9d2116

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

secur32

ucrtbase

user32

ws2_32

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 343KB

.data Size: 4KB - Virtual size: 1KB

.rodata Size: 4KB - Virtual size: 1KB

.rdata Size: 28KB - Virtual size: 25KB

.buildid Size: 4KB - Virtual size: 53B

/4 Size: 60KB - Virtual size: 58KB

.bss Size: - Virtual size: 9KB

.edata Size: 8KB - Virtual size: 6KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 100KB - Virtual size: 96KB

.reloc Size: 12KB - Virtual size: 11KB

/14 Size: 4KB - Virtual size: 128B

/29 Size: 4KB - Virtual size: 3KB

/41 Size: 4KB - Virtual size: 932B

/55 Size: 4KB - Virtual size: 1KB

/67 Size: 4KB - Virtual size: 56B

/80 Size: 4KB - Virtual size: 161B

/91 Size: 4KB - Virtual size: 1KB

/107 Size: 4KB - Virtual size: 2KB

/123 Size: 4KB - Virtual size: 105B

.text
Size: 344KB - Virtual size: 343KB

.data
Size: 4KB - Virtual size: 1KB

.rodata
Size: 4KB - Virtual size: 1KB

.rdata
Size: 28KB - Virtual size: 25KB

.buildid
Size: 4KB - Virtual size: 53B

/4
Size: 60KB - Virtual size: 58KB

.bss
Size: - Virtual size: 9KB

.edata
Size: 8KB - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 100KB - Virtual size: 96KB

.reloc
Size: 12KB - Virtual size: 11KB

/14
Size: 4KB - Virtual size: 128B

/29
Size: 4KB - Virtual size: 3KB

/41
Size: 4KB - Virtual size: 932B

/55
Size: 4KB - Virtual size: 1KB

/67
Size: 4KB - Virtual size: 56B

/80
Size: 4KB - Virtual size: 161B

/91
Size: 4KB - Virtual size: 1KB

/107
Size: 4KB - Virtual size: 2KB

/123
Size: 4KB - Virtual size: 105B