ed0ce0a8b57abdd016baeb191de9b003507727c5f1eed1f4c18914e1438f3054

Sharing

Copy URL Twitter E-mail

General

Target

ed0ce0a8b57abdd016baeb191de9b003507727c5f1eed1f4c18914e1438f3054
Size

230KB
MD5

6bc59fa0c79b0f5506cd2fb5081e88c0
SHA1

44c712763e83fd68ee1324afe75bb7a4f61dc228
SHA256

ed0ce0a8b57abdd016baeb191de9b003507727c5f1eed1f4c18914e1438f3054
SHA512

f563e2e668b87ea60e122956741ce63b0ab09877e7d055eb4f15c53a1f7bc924eaf807e51e5f8b27aa2765e215e8ceaf34f461621317b6259d0d5ff29e56a982
SSDEEP

6144:DQvSbCa12YnOeYTya+iEo9/GnCmEPq2ii7z9jphmOc:Uvla1XOeI+iEote3EPviM9jpi

Score

N/A

Malware Config

Signatures

Files

ed0ce0a8b57abdd016baeb191de9b003507727c5f1eed1f4c18914e1438f3054
.exe windows x86

64fab5a726401c65e364a8e543ae2683

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasman

RasSetDeviceConfigInfo
RasReferenceRasman
RasGetNumPortOpen
RasGetConnectionUserData
RasRpcDisconnectServer
RasRefConnection
RasPortReceiveEx
RasSetAddressDisable
RasSetConnectionParams
RasPortFree
RasPortSetInfo
RasGetBuffer
RasLinkGetStatistics
RasRegisterRedialCallback
IsRasmanProcess
RasPortSend

oleaut32

VarDecFromR8
VARIANT_UserUnmarshal
VarUI2FromDisp
VarDateFromUI2
VarR4FromUI1
VarUI4FromCy
VarUI4FromR8
VarDateFromR4
VarBoolFromR4
SafeArrayGetDim
VarBoolFromDisp
VarParseNumFromStr
VarBstrFromI2
SystemTimeToVariantTime
VarDateFromUdate
VarBstrFromR4
OleLoadPicture
VarUI4FromI2
VarNumFromParseNum

msvcrt

_mbsnbcoll
iswlower
remove
_mbsbtype
_mbscmp
_putws
__getmainargs
_stat
__p__commode
__p__fmode
_ismbbprint
__p__winmajor
memmove
__set_app_type
exit

utildll

IsPartOfDomain
RegGetNetworkServiceName
GetUnknownString
DateTimeString
InitializeAnonymousUserCompareList
TestUserForAdmin
CalculateDiffTime
HaveAnonymousUsersChanged
CachedGetUserFromSid
CalculateElapsedTime
StrConnectState
InstallModem
StrSdClass
GetSystemMessageW
GetSystemMessageA
WinEnumerateDevices
NetworkDeviceEnumerate
QueryCurrentWinStation
StrSystemWaitReason
EnumerateMultiUserServers
ConfigureModem
RegGetNetworkDeviceName
StrProcessState

hhsetup

?AddChildFolder@CFolder@@QAEPAV1@PBDKPAKG@Z
?GetTitle@CFolder@@QAEPADXZ
?GetOrder@CFolder@@QAEKXZ
?AddChildFolder@CFolder@@QAEPAV1@PBGKPAKG@Z
?SetId@CTitle@@QAEXPBD@Z
?Open@CCollection@@QAEKPBG@Z
??1CTitle@@QAE@XZ
?AddTitle@CCollection@@QAEPAVCTitle@@PBG0000GIPAVCLocation@@PAKH0@Z
?AddChildFolder@CFolder@@QAEKPAV1@@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBDG@Z
?FindLocation@CCollection@@QAEPAVCLocation@@PBGPAI@Z
?GetTitle@CLocation@@QAEPADXZ
?SetId@CLocation@@QAEXPBG@Z
?HandleTitle@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetVersion@CCollection@@QAEKXZ
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?SetTitle@CLocation@@QAEXPBG@Z

odbcjt32

SQLGetTypeInfoW
LoginDialogProc
OpenDirHook
SQLFreeStmt
SQLSetDescFieldW
SQLGetInfoW
SQLPutData
SQLFreeConnect
InitializeLoginDialog
SQLGetCursorNameW
SQLExtendedFetch
SQLProceduresW
SQLConnectW
SQLGetConnectAttrW

shell32

SHGetMalloc

kernel32

WriteConsoleW
CreateFileW
ClearCommError
GetProcessId
CreateConsoleScreenBuffer
LoadLibraryW
GetUserDefaultLCID
GetEnvironmentStringsA
GlobalFindAtomA
GetAtomNameA
FindNextVolumeMountPointW
GetWindowsDirectoryW
BeginUpdateResourceA
GetLocaleInfoA
WritePrivateProfileStringW

user32

MessageBoxW
EndDialog

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64fab5a726401c65e364a8e543ae2683

Headers

File Characteristics

Imports

rasman

oleaut32

msvcrt

utildll

hhsetup

odbcjt32

shell32

kernel32

user32

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 84KB - Virtual size: 83KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 84KB - Virtual size: 83KB

.rsrc
Size: 5KB - Virtual size: 4KB