31d61677373c60b18677a461ef8f2c1490d068094e991ee9a4bc2f9d81ee5d26

Sharing

Copy URL

Twitter E-mail

General

Target

31d61677373c60b18677a461ef8f2c1490d068094e991ee9a4bc2f9d81ee5d26
Size

315KB
MD5

91039844f9f219c09c730928480b328a
SHA1

73299597d8334ddbd71dbe9abd96f508c49e248e
SHA256

31d61677373c60b18677a461ef8f2c1490d068094e991ee9a4bc2f9d81ee5d26
SHA512

34bdbbde22cf61a8711f888c2615a6050f8cd5aad419626a233cf57c620afea722b0a5733fa6e985d3c6ecaeccdcb5ddbd7738121277647bf7f0fc9a268f19c3
SSDEEP

6144:9UdgV09OpSso07QZy52QnBfQrWd/4io6Qq6Oho5JnL2ZJVRsNhgL:bSV07QEB+WdRBhcnLA

Score

N/A

Malware Config

Signatures

Files

31d61677373c60b18677a461ef8f2c1490d068094e991ee9a4bc2f9d81ee5d26
.exe windows x86

f87fcdbfba0ee74eda7d4218091a02eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strlen
strcmp
memcpy
longjmp
_setjmp3
fseek
ftell
fread
fclose
strcpy
exit
__p__iob
fprintf
sprintf
getenv
sscanf
malloc
free

kernel32

GetModuleHandleA
HeapCreate
EndUpdateResourceA
WideCharToMultiByte
GetNumberOfConsoleInputEvents
FindResourceA
CompareStringA
GlobalHandle
SleepEx
GetConsoleCP
PurgeComm
LocalLock
lstrcatA
GetProcessHeap
VirtualAlloc
HeapDestroy
ExitProcess
lstrlenA
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
ReadFile
HeapAlloc
WriteFile
SetFilePointer
HeapFree
DeleteFileA
GetFileSize
HeapReAlloc
FreeLibrary
LoadLibraryA
GetProcAddress
MultiByteToWideChar

winspool.drv

EndDocPrinter

user32

CloseClipboard
DdeDisconnect
SetWindowRgn
GetNextDlgTabItem
SetWindowPos
GetWindow
DdeDisconnectList
CreateMenu
UnloadKeyboardLayout
CharToOemBuffA
SetTimer
CharNextA
ValidateRgn
GetSysColorBrush
OemToCharBuffA
CreateCaret
GetForegroundWindow

gdi32

SetPixel
GetClipRgn
EndPage
IntersectClipRect

advapi32

GetOldestEventLogRecord
RegisterEventSourceA
RegConnectRegistryA
CopySid

comctl32

ImageList_Draw

wsock32

getpeername
ntohs
closesocket
WSACleanup
WSAStartup

winmm

mmioFlush
midiOutShortMsg
PlaySoundA

odbc32

SQLGetDiagField
SQLNumResultCols
SQLDescribeCol
SQLSetStmtAttr
SQLExecDirect
SQLAllocHandle
SQLPrepare
SQLBindParameter
SQLExecute
SQLRowCount
SQLFreeHandle
SQLGetData
SQLConnect
SQLDisconnect
SQLDriverConnect
SQLSetEnvAttr
SQLFetchScroll
SQLFetch

netapi32

NetWkstaGetInfo

wininet

InternetConnectA

Sections

.code
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f87fcdbfba0ee74eda7d4218091a02eb

Headers

File Characteristics

Imports

msvcrt

kernel32

winspool.drv

user32

gdi32

advapi32

comctl32

wsock32

winmm

odbc32

netapi32

wininet

Sections

.code Size: 58KB - Virtual size: 57KB

.text Size: 106KB - Virtual size: 105KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 140KB - Virtual size: 149KB

.rsrc Size: 1024B - Virtual size: 896B

.code
Size: 58KB - Virtual size: 57KB

.text
Size: 106KB - Virtual size: 105KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 140KB - Virtual size: 149KB

.rsrc
Size: 1024B - Virtual size: 896B