e710c34c66987c3ce72ca1c5343da78f1192ab7d44852ac1c9158341e5feea20

Sharing

Copy URL Twitter E-mail

General

Target

e710c34c66987c3ce72ca1c5343da78f1192ab7d44852ac1c9158341e5feea20
Size

245KB
MD5

714af94a7e402ef2197d69fe145f5da0
SHA1

1831657f912d8bfc49c1a53da0fd6c07ddf10727
SHA256

e710c34c66987c3ce72ca1c5343da78f1192ab7d44852ac1c9158341e5feea20
SHA512

0d7b169a561f9aa3cd8d3c0479a221d3b3f596ce9b1a6ad3c23a5962039cfdc646e486c9291a1ee1069fd5c5a12a01ecdbef806d5803b4d26f42c1da07875e7c
SSDEEP

6144:h9TFmHapECQoWu120HOtw9O2L2qunq5eSdxvhrT:hJ0ZVPCZuxeteixZrT

Score

N/A

Malware Config

Signatures

Files

e710c34c66987c3ce72ca1c5343da78f1192ab7d44852ac1c9158341e5feea20
.exe windows x86

7e78bda234592171d1148d8498dc13e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FindFirstUrlCacheEntryExA
FtpCreateDirectoryA
UnlockUrlCacheEntryFile
FindFirstUrlCacheContainerW
HttpAddRequestHeadersW
InternetReadFile
SetUrlCacheEntryInfoW
FtpGetCurrentDirectoryA
DeleteUrlCacheContainerA
InternetCanonicalizeUrlA
IsUrlCacheEntryExpiredW
InternetClearAllPerSiteCookieDecisions

pdh

PdhVerifySQLDBA
PdhGetCounterInfoA
PdhEnumMachinesA
PdhGetDllVersion
PdhCloseQuery
PdhRemoveCounter
PdhExpandCounterPathW
PdhVbIsGoodStatus
PdhVbGetOneCounterPath
PdhCollectQueryData
PdhGetDataSourceTimeRangeH
PdhExpandCounterPathA
PdhFormatFromRawValue
PdhExpandWildCardPathA
PdhVbOpenLog
PdhCollectQueryDataEx
PdhRelogW
PdhValidatePathW
PdhGetFormattedCounterArrayW
PdhGetFormattedCounterArrayA
PdhConnectMachineW
PdhExpandWildCardPathW
PdhGetDefaultPerfCounterHA
PdhIsRealTimeQuery

ole32

OleCreateFromDataEx
PropSysAllocString
CoDeactivateObject
OleSetContainedObject
GetHGlobalFromStream
CoGetContextToken
ComPs_NdrDllRegisterProxy
StgOpenAsyncDocfileOnIFillLockBytes
OleConvertIStorageToOLESTREAM
StgCreatePropStg
OleRun

mmcbase

?GetFacility@SC@mmcerror@@ABE?AW4facility_type@12@XZ
?MMCErrorBox@@YGHII@Z
?MMCErrorBox@@YGHPBGVSC@mmcerror@@I@Z
??7SC@mmcerror@@QBEHXZ
??1CEventBuffer@@QAE@XZ
?MMCErrorBox@@YGHVSC@mmcerror@@I@Z
?SetMainThreadID@SC@mmcerror@@SGXK@Z
??BSC@mmcerror@@QBE_NXZ
?s_pDispatcher@CConsoleEventDispatcherProvider@@0PAVCConsoleEventDispatcher@@A
?LastRefReleased@CMMCStrongReferences@@SG_NXZ
?Throw@SC@mmcerror@@QAEXJ@Z
?GetStringModule@@YGPAUHINSTANCE__@@XZ
?MMCErrorBox@@YGHPBGI@Z
??0CMMCStrongReferences@@AAE@XZ
?InternalRelease@CMMCStrongReferences@@AAEKXZ
?ScFromMMC@@YG?AVSC@mmcerror@@J@Z
?Trace_@SC@mmcerror@@QBEXXZ
?FormatErrorIds@@YGXIVSC@mmcerror@@IPAG@Z
?GetCode@SC@mmcerror@@QBEJXZ
?AddRef@CMMCStrongReferences@@SGKXZ
?FatalError@SC@mmcerror@@QBEXXZ
?SetHinst@SC@mmcerror@@SGXPAUHINSTANCE__@@@Z
?Release@CMMCStrongReferences@@SGKXZ
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
??4SC@mmcerror@@QAEAAV01@ABV01@@Z
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
?Throw@SC@mmcerror@@QAEXXZ
?SCODEFromSc@@YGJABVSC@mmcerror@@@Z
?GetEventBuffer@@YGAAVCEventBuffer@@XZ
?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z

kernel32

GetConsoleFontSize
GetTickCount
QueryMemoryResourceNotification
PeekConsoleInputW
LoadLibraryW
SetTimeZoneInformation
DuplicateHandle
SetLastError
GlobalFindAtomW
SetLocaleInfoA
CloseProfileUserMapping
FindResourceExA
GetUserDefaultLCID
IsBadStringPtrW

sqlsrv32

ConfigDSNW
SQLEndTran
SQLGetStmtAttrW
WizDSNDlgProc
SQLCancel
SQLCopyDesc
SQLFetch
BCP_getcolfmt
SQLSetPos
SQLGetDescRecW
SQLSpecialColumnsW
SQLGetDiagRecW

mscms

GetColorProfileFromHandle
CreateDeviceLinkProfile
GetPS2ColorRenderingIntent
AssociateColorProfileWithDeviceA
GetPS2ColorSpaceArray
TranslateBitmapBits
GetCMMInfo
CreateProfileFromLogColorSpaceW
GetPS2ColorRenderingDictionary
InternalGetPS2CSAFromLCS
GetCountColorProfileElements
UninstallColorProfileA
IsColorProfileValid
IsColorProfileTagPresent
EnumColorProfilesA

modemui

drvSetDefaultCommConfigA
UnimodemGetDefaultCommConfig
ModemPropPagesProvider
UnimodemGetExtendedCaps
UnimodemDevConfigDialog
drvCommConfigDialogA
InvokeControlPanel
drvCommConfigDialogW
ModemCplDlgProc
drvSetDefaultCommConfigW
CountryRunOnce
drvGetDefaultCommConfigA
drvGetDefaultCommConfigW
QueryModemForCountrySettings

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e78bda234592171d1148d8498dc13e4

Headers

File Characteristics

Imports

wininet

pdh

ole32

mmcbase

kernel32

sqlsrv32

mscms

modemui

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 63KB - Virtual size: 62KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 63KB - Virtual size: 62KB

.rsrc
Size: 3KB - Virtual size: 2KB