28b4b8d8a0e3580c894d6b3d5d4ce19a2925bd9b4bca75d4e93d75b3782cc04a

Sharing

Copy URL Twitter E-mail

General

Target

28b4b8d8a0e3580c894d6b3d5d4ce19a2925bd9b4bca75d4e93d75b3782cc04a
Size

657KB
MD5

625affeee508437e315b5e0fc7f7bf58
SHA1

db29606228aca95bbc4f44329e50dacdccd08741
SHA256

28b4b8d8a0e3580c894d6b3d5d4ce19a2925bd9b4bca75d4e93d75b3782cc04a
SHA512

bf3a4456406bfed66a51374a2eeee2a81e78b1ef2113b2df9df9237c109c3b543b51eb5803b76cc39a674ad6660f9b6257210f68115c24b861c3c56f3fa07d6b
SSDEEP

12288:cqoqvIiz6paZbrdVW2vh5oFnH8zB2izwE5uFemFBq7aJOtqUSAUkZp+S:kMIo6gZbrdVW25y9czBDzSLGagtqUSA7

Score

N/A

Malware Config

Signatures

Files

28b4b8d8a0e3580c894d6b3d5d4ce19a2925bd9b4bca75d4e93d75b3782cc04a
.exe windows x86

fdbdde9f213f507adfb329f88fdbb7ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

FindNextFileA
GetCommProperties
WaitForSingleObjectEx
GetACP
ConvertDefaultLocale
GlobalDeleteAtom
FindAtomW
EndUpdateResourceA
GetFileType
EnumSystemLocalesW
SystemTimeToFileTime
MultiByteToWideChar
EnumResourceNamesA
EnumResourceTypesA
ChangeTimerQueueTimer
Thread32Next
InterlockedExchangeAdd
InterlockedDecrement
GetAtomNameW
CreateMutexW
GetSystemTime
EnumSystemCodePagesA
ReplaceFileW
LocalCompact
GetVolumeInformationA
GetProfileIntA
FatalExit
CreateSemaphoreA
ProcessIdToSessionId
ResetEvent
GetFileAttributesA
GetCPInfoExW
VirtualAlloc
SetMailslotInfo

secur32

QuerySecurityPackageInfoW
QuerySecurityContextToken
LsaConnectUntrusted
LsaGetLogonSessionData
LsaLogonUser
LsaCallAuthenticationPackage
DecryptMessage
ApplyControlToken
LsaDeregisterLogonProcess
LsaFreeReturnBuffer
DeleteSecurityContext
GetUserNameExW
TranslateNameW
LsaRegisterLogonProcess
LsaLookupAuthenticationPackage
AcceptSecurityContext
EnumerateSecurityPackagesW
GetComputerObjectNameW
EncryptMessage
InitializeSecurityContextW
AcquireCredentialsHandleW
FreeContextBuffer
InitSecurityInterfaceW
LsaUnregisterPolicyChangeNotification
LsaRegisterPolicyChangeNotification
FreeCredentialsHandle
QueryContextAttributesW

advapi32

GetExplicitEntriesFromAclW
CryptSignHashA
CryptDestroyHash
SystemFunction007
OpenBackupEventLogW
GetSecurityDescriptorOwner
CreateProcessWithLogonW
WmiQueryAllDataW
ObjectCloseAuditAlarmA
SetKernelObjectSecurity
SystemFunction041
NotifyBootConfigStatus
GetCurrentHwProfileW
LsaLookupNames
IsValidAcl
CryptEnumProvidersA
TreeResetNamedSecurityInfoW
RegDisablePredefinedCache
SystemFunction008
GetFileSecurityW

winspool.drv

SetPrinterW
GetPrintProcessorDirectoryW
EnumPrintersA
DeviceCapabilitiesW
EnumPrinterDriversW
SetPrinterDataW
EndPagePrinter
DeletePrinterConnectionW
AbortPrinter
DocumentPropertiesW
EnumFormsW
EnumMonitorsA
OpenPrinterA

iphlpapi

GetIfEntry
FlushIpNetTable
UnenableRouter
NotifyAddrChange
GetIpForwardTable
SendARP
InternalGetIfTable
GetIpNetTable
InternalCreateIpNetEntry
AllocateAndGetIpAddrTableFromStack
GetIcmpStatistics
GetIpAddrTable
GetUdpStatistics
InternalSetTcpEntry
GetInterfaceInfo
InternalGetIpForwardTable
InternalCreateIpForwardEntry
DeleteIpForwardEntry
GetTcpTable

ole32

OleTranslateAccelerator
CLIPFORMAT_UserSize
PropVariantCopy
CoSwitchCallContext
HBITMAP_UserFree
GetHGlobalFromStream
OleRegEnumFormatEtc
MonikerRelativePathTo
CoDisableCallCancellation
RevokeDragDrop
CoMarshalHresult
CoFreeUnusedLibraries

odbc32

ValidateErrorQueue
CursorLibTransact
VFreeErrors
CursorLibLockDbc
PostODBCComponentError
CursorLibLockDesc
CursorLibLockStmt
PostODBCError
SQLNativeSql
VRetrieveDriverErrorsRowCol
LockHandle
SearchStatusCode

Sections

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 317KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdbdde9f213f507adfb329f88fdbb7ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

secur32

advapi32

winspool.drv

iphlpapi

ole32

odbc32

Sections

.data Size: 4KB - Virtual size: 3KB

.text Size: 17KB - Virtual size: 361KB

.bss Size: 317KB - Virtual size: 564KB

.rdata Size: 274KB - Virtual size: 369KB

.rsrc Size: 43KB - Virtual size: 42KB

.reloc Size: 1024B - Virtual size: 204B

.data
Size: 4KB - Virtual size: 3KB

.text
Size: 17KB - Virtual size: 361KB

.bss
Size: 317KB - Virtual size: 564KB

.rdata
Size: 274KB - Virtual size: 369KB

.rsrc
Size: 43KB - Virtual size: 42KB

.reloc
Size: 1024B - Virtual size: 204B