d10b28a3ccffc1a2bee396405c1b89638800155d1d1bcd679ae1add6b28b9b91

Sharing

Copy URL Twitter E-mail

General

Target

d10b28a3ccffc1a2bee396405c1b89638800155d1d1bcd679ae1add6b28b9b91
Size

822KB
MD5

6f4dba1e0dba3b63df4dbfba33267f4e
SHA1

babd710eff02d6cd31a8d37d886b0d13f720aca4
SHA256

d10b28a3ccffc1a2bee396405c1b89638800155d1d1bcd679ae1add6b28b9b91
SHA512

a8f33e87f4654bc8294ba816b7c234ddbc29d6ea92f2b739f93222df1f5c660aef37a6cf7b4c5fe53e9230cf0a76bbc767d7b1e4a2504be993034e7a3a59cca3
SSDEEP

24576:WyFrC8/dVP1iXXL04WQ0YOL6E8wK7ZGQcaOGv:WUC8/f1a70Zv6EM7tO

Score

N/A

Malware Config

Signatures

Files

d10b28a3ccffc1a2bee396405c1b89638800155d1d1bcd679ae1add6b28b9b91
.exe windows x86

824d6bfc0e35d5530464a6d73b67ad0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msls31

LssbFDonePresSubline
LsdnGetFormatDepth
LssbGetPlsrunsFromSubline
LsCreateContext
LsdnQueryPenNode
LsCreateSubline
LsGetWarichuLsimethods
LsdnFinishRegular
LsCompressSubline
LsdnSkipCurTab
LsEnumLine
LsExpandSubline
LsQueryTextCellDetails
LsDestroyLine
LsdnSetRigidDup
LsEnumSubline
LsDestroyContext
LsdnModifyParaEnding
LsQueryPointPcpSubline
LsFindPrevBreakSubline
LssbGetVisibleDcpInSubline
LsQueryCpPpointSubline
LsDisplayLine

sqlunirl

_GetNamedPipeHandleState_@28
_GetTempPath_@8
_SetProp@12
_ObjectCloseAuditAlarm_@12
_FindText_@4
_GetMessage_@16
_PolyTextOut_@12
_LoadLibrary@4
_ShellExecuteEx_@4
_ExtractIconEx_@20
_SetDefaultCommConfig_@12
_StartServiceCtrlDispatcher_@4
_CreateProcess_@40
newMultiByteFromWideChar
_QueryServiceLockStatus_@16
_NDdeIsValidAppTopicList_@4
_CharLower@4
_RegSaveKey_@12
__lwrite_@12
_EnumResourceNames_@16
_tfopen
_EnumProps_@8
_RegSetValueEx_@24
_BuildCommDCB_@8

clusapi

ClusterRegCreateKey
OnlineClusterResource
CloseClusterGroup
AddClusterResourceNode
MoveClusterGroup
RestoreClusterDatabase
ClusterRegGetKeySecurity
ClusterResourceTypeControl
GetClusterInformation
CreateClusterResourceType
ResumeClusterNode
ClusterResourceTypeGetEnumCount

msdart

?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?DeleteKey@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@K@Z
MPDeleteCriticalSection
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
?ConvertSharedToExclusive@CCritSec@@QAEXXZ
?IsWriteLocked@CReaderWriterLock2@@QBE_NXZ
?_ReadLockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?Push@CSingleList@@QAEXQAVCSingleListEntry@@@Z
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?RemoveTail@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?ConvertExclusiveToShared@CReaderWriterLock2@@QAEXXZ
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
?GetSpinCount@CReaderWriterLock3@@QBEGXZ
?TryReadLock@CCritSec@@QAE_NXZ
?IsReadLocked@CReaderWriterLock2@@QBE_NXZ
?IsReadUnlocked@CSpinLock@@QBE_NXZ
?TryReadLock@CSmallSpinLock@@QAE_NXZ
?NumSubTables@CLKRHashTable@@QBEHXZ
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
?DeleteRecord@CLKRHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
?SetBucketLockSpinCount@CLKRHashTable@@QAEXG@Z
?sm_dblDfltSpinAdjFctr@CSpinLock@@1NA

odbccr32

SQLEndTran
SQLMoreResults
SQLSetPos
SQLGetData
SQLCloseCursor
SQLNumParams
SQLGetStmtAttr
SQLFetch
SQLExtendedFetch
SQLBindCol
SQLSetDescRec
SQLSetDescField
SQLFreeHandle
SQLBindParameter
SQLFreeStmt

kernel32

CreateDirectoryExA
lstrcpynA
lstrcpy
SetConsoleMenuClose
GetLocaleInfoW
DeviceIoControl
BindIoCompletionCallback
SetConsoleTitleA
Process32NextW
EnumSystemGeoID
GetModuleHandleW
BaseCleanupAppcompatCacheSupport
LoadLibraryW
OpenEventW
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentThread

Sections

.text
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

824d6bfc0e35d5530464a6d73b67ad0c

Headers

DLL Characteristics

File Characteristics

Imports

msls31

sqlunirl

clusapi

msdart

odbccr32

kernel32

Sections

.text Size: 356KB - Virtual size: 356KB

.rdata Size: 162KB - Virtual size: 161KB

.data Size: 189KB - Virtual size: 1.5MB

.rsrc Size: 113KB - Virtual size: 112KB

.reloc Size: 1024B - Virtual size: 900B

.text
Size: 356KB - Virtual size: 356KB

.rdata
Size: 162KB - Virtual size: 161KB

.data
Size: 189KB - Virtual size: 1.5MB

.rsrc
Size: 113KB - Virtual size: 112KB

.reloc
Size: 1024B - Virtual size: 900B