593129d30a6ecaedf172ec79dc5ab957d775018fd93cf59b9a37855d3b78d3ea

Sharing

Copy URL Twitter E-mail

General

Target

593129d30a6ecaedf172ec79dc5ab957d775018fd93cf59b9a37855d3b78d3ea
Size

235KB
MD5

70ee137fcc3c2c63ef133cb02f7accd3
SHA1

0b2882598abf12cdcced818fd3f9ea2e1519c3e3
SHA256

593129d30a6ecaedf172ec79dc5ab957d775018fd93cf59b9a37855d3b78d3ea
SHA512

7485ca3bbb9c46c77f69f9068764d07c09d368dff375b2707f42286564679ebf9ddd884474098cd9b50e63d646e2559e48e38261c9fdd61a30de7481387b2214
SSDEEP

6144:Uk6XwSfJQof4MVaG2v5i/2/6GVlMnWWeD+/8bD:UkSAe2xiO6E2n9eq/8bD

Score

N/A

Malware Config

Signatures

Files

593129d30a6ecaedf172ec79dc5ab957d775018fd93cf59b9a37855d3b78d3ea
.exe windows x86

bf66ce45ee7b615a66543b5df2fe1f4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msls31

LsFinishCurrentSubline
LssbGetPlsrunsFromSubline
LsdnResetObjDim
LsDisplaySubline
LsSetBreaking
LsdnFinishRegular
LsdnGetFormatDepth
LsExpandSubline
LsdnSkipCurTab
LsEnumSubline
LsTruncateSubline
LsQueryFLineEmpty
LsdnFinishDelete
LsdnResolvePrevTab
LsQueryLineCpPpoint
LsGetReverseLsimethods
LsGetSpecialEffectsSubline
LsdnFinishDeleteAll
LsFetchAppendToCurrentSubline
LsCreateSubline
LssbGetDurTrailInSubline
LsPointXYFromPointUV
LsdnFinishBySubline
LsDestroySubline
LsSetBreakSubline
LsCreateLine
LsGetWarichuLsimethods
LsGetMinDurBreaks
LsdnQueryPenNode

kernel32

GlobalMemoryStatus
LocalShrink
GetDriveTypeA
SetComPlusPackageInstallStatus
GetConsoleWindow
SearchPathW
GetTempPathA
CreateSemaphoreW
GetSystemTimeAsFileTime
DosPathToSessionPathA
GetPrivateProfileSectionNamesW
CreateMailslotA
SetConsoleMode
WritePrivateProfileStringW
OpenWaitableTimerA
IsBadHugeReadPtr
OpenSemaphoreW
GlobalDeleteAtom
FreeLibraryAndExitThread
GetNumberFormatW
IsBadWritePtr
GlobalLock
DebugBreakProcess
SetConsoleFont
CreateActCtxA
OutputDebugStringW
RemoveDirectoryA
GetProfileIntA
LoadLibraryW
GlobalAlloc
lstrcmpiW
_hread
SetConsoleInputExeNameW
GetTempFileNameW
TerminateJobObject

msdart

?sm_wDefaultSpinCount@CReaderWriterLock3@@1GA
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?sm_dblDfltSpinAdjFctr@CSpinLock@@1NA
?TryReadLock@CReaderWriterLock2@@QAE_NXZ
?IsWriteUnlocked@CLKRLinearHashTable@@QBE_NXZ
??4CSpinLock@@QAEAAV0@ABV0@@Z
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
MPInitializeCriticalSection
?IsReadUnlocked@CFakeLock@@QBE_NXZ
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
?IsUsable@CLKRHashTable@@QBE_NXZ
?SetDefaultSpinCount@CSmallSpinLock@@SGXG@Z
?DeleteIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?SetDefaultSpinCount@CReaderWriterLock@@SGXG@Z
?Clear@CLKRHashTable@@QAEXXZ
?IsWriteLocked@CCritSec@@QBE_NXZ
?Pop@CLockedSingleList@@QAEQAVCSingleListEntry@@XZ
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?sm_wDefaultSpinCount@CFakeLock@@1GA
?_Clear@CLKRLinearHashTable@@AAEX_N@Z
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?_RemoveThisFromGlobalList@CLKRLinearHashTable@@AAEXXZ
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?ConvertExclusiveToShared@CCritSec@@QAEXXZ
?IsReadLocked@CFakeLock@@QBE_NXZ
?GetSpinCount@CFakeLock@@QBEGXZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?ConvertExclusiveToShared@CLKRLinearHashTable@@QBEXXZ

sqlunirl

_GetEnhMetaFileDescription_@12
_GetCharABCWidthsFloat_@16
_CreateAcceleratorTable_@8
_GetToolsFilePath@16
_CreateIC_@16
_GetPrivateProfileString_@24
_GetProp@8
_InitiateSystemShutdown_@20
_PeekMessage@20
_EnumProps_@8
_AddFontResource_@4
_EnumPropsEx_@12
_GetProfileSection_@12
_ReplaceText_@4
_GetTimeFormat_@24
_QueryServiceLockStatus_@16
_GetEnvironmentVariable_@12
_GetBinaryType_@8
_SHBrowseForFolder_@4
_CharPrev_@8
_FindFirstFile_@8
AllocConvertMultiSZNameToAEx
_CopyFile_@12
_StartService_@12
_MoveFile@8
_GetCurrentDirectory_@8
_SHFileOperation_@4
_EnumResourceLanguages_@20
_ChooseColor_@4

inetcomm

MimeOleGetPropA
MimeOleCreatePropertySet
MimeOleGetBodyPropW
CreateIMAPTransport
MimeOleSMimeCapRelease
MimeOleUnEscapeStringInPlace
MimeOleAlgStrengthFromSMimeCap
MimeOleCreateMessage
EssSecurityLabelDecodeEx
MimeOleEncodeHeader
MimeOleGetInternat
EssReceiptDecodeEx
EssKeyExchPreferenceDecodeEx
MimeOleSetBodyPropA
MimeOleGetContentTypeExt
EssSignCertificateDecodeEx

wsock32

WSAIsBlocking
SetServiceW
setsockopt
WSACancelAsyncRequest
WSAAsyncGetProtoByNumber
closesocket
accept
TransmitFile
GetAddressByNameA
WSAStartup
WSARecvEx
ntohs
htons
getservbyname
WSASetBlockingHook
getprotobyname
ioctlsocket
bind
send
WEP
WSApSetPostRoutine
socket
shutdown
GetAddressByNameW
WSAAsyncGetHostByName
WSACleanup
getpeername
EnumProtocolsW
select

duser

SetGadgetBufferInfo
DUserGetRectPRID
FindGadgetMessages
GetGadgetRect
SetGadgetCenterPoint
ForwardGadgetMessage
IsStartDelete
GetStdColorPenI
RegisterGadgetMessage
DUserGetAlphaPRID
GetGadgetTicket
GetGadgetMessageFilter
BuildInterpolation
GetStdColorName

wldap32

ldap_search_ext_sA
ldap_next_entry
ber_peek_tag
ldap_extended_operationA
cldap_openA
ldap_compare_ext
ldap_create_sort_control
ldap_create_page_controlW
ldap_create_vlv_controlA

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf66ce45ee7b615a66543b5df2fe1f4e

Headers

File Characteristics

Imports

msls31

kernel32

msdart

sqlunirl

inetcomm

wsock32

duser

wldap32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 43KB - Virtual size: 42KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 3KB - Virtual size: 2KB