5f67253cd0a924aa109c506083596863e2e29f69433359b30b847d263f5cd8e9

Sharing

Copy URL Twitter E-mail

General

Target

5f67253cd0a924aa109c506083596863e2e29f69433359b30b847d263f5cd8e9
Size

380KB
MD5

e5b0e0c4e5a74aaaacb371767c1fc103
SHA1

8677577d60cbf9c639142da3a99345faf9dbc31a
SHA256

5f67253cd0a924aa109c506083596863e2e29f69433359b30b847d263f5cd8e9
SHA512

44340d56c0664e9764becc2c620140c514f180defb948ddd755794fadea3f4d47f0701de741a7f363aaad7baf064da16efcb4adfede66ec6ccbcefe7ce49f7b7
SSDEEP

6144:9fImhVyyl0Jq9A7dP5q+9dSev0/7Z1LHYd4blOiLaa6inCeh/OTh:9fIm7LllA715LdSA8V1LHHOiLaNihh/

Score

N/A

Malware Config

Signatures

Files

5f67253cd0a924aa109c506083596863e2e29f69433359b30b847d263f5cd8e9
.exe windows x86

51b74376491ae861af4d25c1f54536bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_CreateWaitableTimer_@12
_ChooseFont_@4
_NDdeGetErrorString_@12
_GetKeyNameText_@12
_GetCharWidthFloat_@16
_ObjectOpenAuditAlarm_@48
_GetModuleHandle_@4
_lstrcat_@8
_OpenEvent_@12
_EnumFontFamiliesEx_@20
ConvertMultiSZNameToW
_OpenSCManager_@12
_FindAtom_@4
_GetPrivateProfileSection_@16
_RegDeleteKey_@8
_CharUpperBuff_@8
_GetMenuString_@20
_WriteConsoleInput_@16
_EnumWindowStations_@8
_CallWindowProc@20
_LoadString@16
_GetFileSecurity_@20
_NDdeGetTrustedShare_@20
_CopyFile_@12
_SetDefaultCommConfig_@12
_LoadIcon@8
_CreateProcessAsUser_@44
_ReadConsoleInput_@16
_AccessCheckAndAuditAlarm_@44
_GetCharABCWidthsFloat_@16
_tfopen
_ObjectCloseAuditAlarm_@12
_RegOpenKeyEx_@20
_GetUnicodeRedirectionLayer@0
_GetFileAttributes_@4
_QueryDosDevice_@12
_PrivilegedServiceAuditAlarm_@20
_TextOut@20
_SetVolumeLabel_@8
_FatalAppExit_@8
_PostMessage@16

kernel32

CreateSocketHandle
FormatMessageA
OpenJobObjectW
GlobalUnfix
GetNumberOfConsoleMouseButtons
SetStdHandle
GetDriveTypeW
QueryPerformanceCounter
GetSystemInfo
GetTickCount
MultiByteToWideChar
GetCurrentThread
FindNextVolumeW
DosPathToSessionPathW
GlobalHandle
GetNamedPipeHandleStateW
GetThreadPriority
GetDiskFreeSpaceW
GetSystemWow64DirectoryW
WritePrivateProfileStringA
DelayLoadFailureHook
GetOverlappedResult
WaitNamedPipeA
ResetEvent
GetFullPathNameA
SetLastConsoleEventActive
GetEnvironmentStringsW
LeaveCriticalSection
LocalAlloc
SetConsoleCursor
ExpungeConsoleCommandHistoryW
CommConfigDialogW
FindVolumeMountPointClose
SetCalendarInfoA
OpenProcess
FatalAppExitW
GlobalSize
SwitchToFiber
GetPrivateProfileSectionA
RegisterWaitForSingleObject
VirtualAlloc
ExpandEnvironmentStringsA
GetModuleFileNameA
DeleteTimerQueueTimer
MoveFileWithProgressA
VDMConsoleOperation
WaitForDebugEvent
EnumUILanguagesW
BaseUpdateAppcompatCache
GetNumaProcessorNode
FindNextFileA
SetVolumeMountPointA
EnumLanguageGroupLocalesW
LocalHandle
EnumSystemLanguageGroupsA
LoadLibraryA
_lclose
QueryActCtxW
SetCommTimeouts
FindFirstFileW
GetUserDefaultLangID

loadperf

SetServiceAsTrustedA
BackupPerfRegistryToFileW
UnloadPerfCounterTextStringsA
InstallPerfDllA
UpdatePerfNameFilesW
RestorePerfRegistryFromFileW
LoadPerfCounterTextStringsW
InstallPerfDllW
UnloadPerfCounterTextStringsW
LoadPerfCounterTextStringsA
UpdatePerfNameFilesA
SetServiceAsTrustedW

regapi

RegWdCreateA
RegIsMachinePolicyAllowHelp
RegWinStationQuerySecurityW
RegUserConfigRename
RegCloseServer
RegCdDeleteA
RegQueryUtilityCommandList
RegWdQueryW
RegUserConfigDelete
RegUserConfigQuery
RegCdQueryW
RegCdEnumerateW
RegPdQueryW
RegWinStationQueryDefaultSecurity
RegConsoleShadowQueryW
RegWdEnumerateA
RegWinStationSetSecurityA
RegWinStationSetSecurityW
RegWinStationQueryW
RegGetUserPolicy
RegOpenServerW
RegMergeUserConfigWithUserParameters
RegPdDeleteW
RegDenyTSConnectionsPolicy
RegWinStationQueryA
RegDefaultUserConfigQueryW
RegUserConfigSet
RegPdEnumerateA
RegBuildNumberQuery
RegCdDeleteW
RegQueryOEMId
RegWinStationEnumerateW
RegPdDeleteA
RegConsoleShadowQueryA

ntdll

NtSuspendThread
RtlStringFromGUID
LdrLoadAlternateResourceModule
ZwSetLowWaitHighEventPair
RtlTimeFieldsToTime
ZwDeleteFile
NtSaveMergedKeys
NtQueryPortInformationProcess
RtlAddCompoundAce
RtlCompactHeap
strspn
NtCreateMailslotFile
RtlCopySidAndAttributesArray
RtlCheckForOrphanedCriticalSections
ZwInitiatePowerAction
RtlSetDaclSecurityDescriptor
RtlInitializeSListHead
log
RtlSetSecurityObjectEx
islower
LdrGetProcedureAddress
ZwSaveKey
NtLockProductActivationKeys
ZwUnlockFile
ZwSetLdtEntries
NtOpenKey
NtPrivilegedServiceAuditAlarm
RtlpEnsureBufferSize

msvcrt

_ismbbgraph
_CIcosh
__dllonexit
_logb
_finite
_commode
abs
__iscsym
__lc_handle
__STRINGTOLD
mbstowcs
_getcwd
putwc
_hypot
_rmdir
_wperror
fsetpos
ceil
_strerror
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_mbsncpy
_callnewh
strxfrm
_adj_fdiv_m32
isalpha
_chdir
_ismbstrail
fgetwc

user32

PostQuitMessage
DefWindowProcA
RegisterClassA

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51b74376491ae861af4d25c1f54536bb

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

kernel32

loadperf

regapi

ntdll

msvcrt

user32

Sections

.text Size: 152KB - Virtual size: 152KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 1024B - Virtual size: 515KB

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 152KB - Virtual size: 152KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 1024B - Virtual size: 515KB

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 1024B - Virtual size: 1024B