b111f5122dbdd1fd7118c68950ae8392bfab6ca69d8370608958fd6e9749a3a3

Sharing

Copy URL Twitter E-mail

General

Target

b111f5122dbdd1fd7118c68950ae8392bfab6ca69d8370608958fd6e9749a3a3
Size

184KB
MD5

650588720fac599d323d29a6728c2bf0
SHA1

a4bfba8591cdac9e68ffbc8e0607c1c79ae1493a
SHA256

b111f5122dbdd1fd7118c68950ae8392bfab6ca69d8370608958fd6e9749a3a3
SHA512

162d1d67b8e981de43320d3ad1783f9d94b1abea4a411dd25f94474264c12ac5cd959d1f5c8609fbf49998ed625edb563b34daa01bc840152f0a3d67bf4cd627
SSDEEP

3072:XHA9mzx9QhK2v51LBPA53obg8FHh+EzUDVFV6AZNyTRsiPbiYELYVh:XVd9QhK27LBPA53ob5HhDzMVFPXysID5

Score

N/A

Malware Config

Signatures

Files

b111f5122dbdd1fd7118c68950ae8392bfab6ca69d8370608958fd6e9749a3a3
.exe windows x86

4e64b5993cf722f12bdb74b26cd32e86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ora805

kputac
kpughndl
kpudtch
oclose
oexec
oparse
osnttc
kghfrh
kpuatch
kpusattr
oerhms
ocom
kghfre
kghalo
kghini
kghgrw
kghfrf
slgtd
kzsrdep
oopen
olog
kzsrenc
kpummgnls
kpugattr
kpucia
kpummealloc
ologof
kpusebf
kghalf
kpummini
oexn
kpuauth
kpufhndl
kpupin
kpuinit
kpummpin
ofen
orol
obndrv
ttcpie
odessp
obndra
odescr
odefin
oexfet

xa80

ord14

core40

ord136
ord309
ord185
ord190
ord311
ord312
ord308
ord310
ord86
ord82
ord205
ord97
ord57
ord206
ord315
ord316
ord150
ord148
ord60
ord85
ord40
ord87
ord44
ord156
ord155

nlsrtl33

ord3
ord6
ord2
ord117
ord175
ord201
ord203
ord67
ord112
ord224
ord287
ord222
ord231
ord244
ord4
ord358
ord143
ord247
ord131
ord58
ord130
ord11
ord288
ord110
ord116
ord210
ord237
ord215
ord159
ord233
ord172

pls805

peflcc_CloseCache
peflic_InitCache
peflload
peflunload
pextproc
peflinit

nl80

nlstdgg
nlstdstp

ncr80

sncrswntgad
ncrsta2msg

ns80

nsbfree
nsgetcinfo
nsballoc

ni80

nioqsn
nioqwa
nioqbr
nioqts
nioqrs
nioqrc

sqllib80

sqlld2

msvcrt

strncpy
_setjmp3
exit
strncmp
sprintf
atoi
fflush
vfprintf
fclose
ctime
time
fread
tolower
_iob
localtime
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
fopen
vsprintf
longjmp

kernel32

GetCurrentProcessId

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e64b5993cf722f12bdb74b26cd32e86

Headers

File Characteristics

Imports

ora805

xa80

core40

nlsrtl33

pls805

nl80

ncr80

ns80

ni80

sqllib80

msvcrt

kernel32

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 42KB - Virtual size: 41KB

.tls Size: 512B - Virtual size: 12B

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 42KB - Virtual size: 41KB

.tls
Size: 512B - Virtual size: 12B