f9248bf634386b438d6fc17a59c3ab2a508da3530736705f5adb27e8edff1752

Sharing

Copy URL Twitter E-mail

General

Target

f9248bf634386b438d6fc17a59c3ab2a508da3530736705f5adb27e8edff1752
Size

164KB
MD5

6ee9bdbfafb5562db905fed93b29f310
SHA1

1be301bd368089bfd16331301f72c0d7a20aad55
SHA256

f9248bf634386b438d6fc17a59c3ab2a508da3530736705f5adb27e8edff1752
SHA512

5446e413a7d4c94ee6d129b0c821ebf4dbc9ba78b35da987a67f5b3ca639f3cbb08554e854d3dc7f075327a40bfc8bde6389256ff7401ffb75c7cf94d82d38bf
SSDEEP

3072:Z3O6NmmZvnDwHa5IcMbzbYmhwI40VU7wC0BsBMW8Ath3iL:ZfQmt865IF1hI0m0ySAtsL

Score

N/A

Malware Config

Signatures

Files

f9248bf634386b438d6fc17a59c3ab2a508da3530736705f5adb27e8edff1752
.exe windows x86

d47c3bd346e20f47a806a753d8bdf126

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

odbc32

ord142
ord43
ord44
ord145
ord147
ord48
ord49
ord150
ord152
ord153
ord154
ord29
ord155
ord156
ord58
ord59
ord160
ord61
ord162
ord63
ord64
ord165
ord166
ord167
ord68
ord69
ord170
ord72
ord24
ord26
ord28

usp10

ScriptStringXtoCP
ScriptStringOut
ScriptStringGetOrder
ScriptStringGetLogicalWidths
ScriptRecordDigitSubstitution
ScriptPlace
ScriptLayout
ScriptJustify
ScriptItemize
ScriptIsComplex
ScriptGetProperties
ScriptGetLogicalWidths
ScriptStringValidate

winfax

FaxSetJobW
FaxSetGlobalRoutingInfoW
FaxSetPortW
FaxRegisterServiceProviderW
FaxRegisterRoutingExtensionW
FaxOpenPort
FaxInitializeEventQueue
FaxGetRoutingInfoW
FaxGetConfigurationW
FaxFreeBuffer
FaxEnumRoutingMethodsW
FaxEnumGlobalRoutingInfoW
FaxEnableRoutingMethodW
FaxCompleteJobParamsW
FaxClose
FaxSetLoggingCategoriesW
FaxPrintCoverPageW

kernel32

ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
MultiByteToWideChar
GetSystemInfo
VirtualProtect
WritePrivateProfileStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetModuleFileNameA
HeapAlloc
VirtualAlloc
LCMapStringW
LCMapStringA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
LoadLibraryA
IsBadWritePtr
HeapReAlloc
GetProcAddress

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d47c3bd346e20f47a806a753d8bdf126

Headers

File Characteristics

Imports

odbc32

usp10

winfax

kernel32

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 24KB - Virtual size: 341KB

.tls Size: 4KB - Virtual size: 24B

.rsrc Size: 8KB - Virtual size: 36KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 24KB - Virtual size: 341KB

.tls
Size: 4KB - Virtual size: 24B

.rsrc
Size: 8KB - Virtual size: 36KB