c9ca3d71e6d59af3c1e75cba9518cb8a8bb8580eb8e4f1b12230892755ca3cd8

Sharing

Copy URL Twitter E-mail

General

Target

c9ca3d71e6d59af3c1e75cba9518cb8a8bb8580eb8e4f1b12230892755ca3cd8
Size

70KB
MD5

5dd2a4874baab690871a7eb77572bd70
SHA1

418a72f07b60ab04236a9f4f45bf09aadfd3d8a8
SHA256

c9ca3d71e6d59af3c1e75cba9518cb8a8bb8580eb8e4f1b12230892755ca3cd8
SHA512

0eba690cdc5253f7f40e603a4882a51eb9c1672829d25d1a867fe7c9118159d986be5e9781e8e8f2b97b11ad2a2c714f56d8aab4f1ba470382ec2770f36c64b8
SSDEEP

1536:J/8wRaBf+jN4F45hlKucx++j3ggXq7WHEa:J/8wwf+jN4FEwLx++jQga7

Score

N/A

Malware Config

Signatures

Files

c9ca3d71e6d59af3c1e75cba9518cb8a8bb8580eb8e4f1b12230892755ca3cd8
.exe windows x86

65819714b9d0011ed4a9535dbd373029

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cfgmgr32

CM_Get_Res_Des_Data_Ex
CM_Free_Res_Des_Handle
CM_Get_Parent
CM_Get_Device_Interface_List_Size_ExW
CM_Get_DevNode_Status_Ex
CM_Free_Log_Conf_Handle
CM_Get_First_Log_Conf_Ex
CM_Set_HW_Prof_Flags_ExW
CM_Get_Parent_Ex
CM_Open_DevNode_Key_Ex
CM_Get_DevNode_Registry_Property_ExW
CM_Get_HW_Prof_Flags_ExW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Get_Child
CM_Get_Device_ID_ExW

advapi32

GetSidSubAuthority
UnregisterIdleTask
BuildSecurityDescriptorW
RegQueryMultipleValuesA
RegFlushKey
InitializeSecurityDescriptor
ProcessTrace
LogonUserA
QueryServiceStatus
RegOpenKeyA
TraceMessage
LsaOpenPolicy
LsaLookupSids
GetServiceDisplayNameW
StartServiceCtrlDispatcherW
RegSetValueExA
DuplicateToken
RegQueryMultipleValuesW
SetTokenInformation
CryptImportKey

kernel32

GetLastError
EnumResourceTypesA
GetNumberFormatA
GetConsoleCP
GetDiskFreeSpaceA
VirtualProtect
FlushFileBuffers
GetThreadPriority
GetFileAttributesW
GetPrivateProfileSectionW
EscapeCommFunction
GetProfileSectionW
VirtualAlloc
ReleaseMutex
SetThreadLocale
FoldStringW
SetVDMCurrentDirectories
InterlockedExchangeAdd

imm32

ImmGetGuideLineW
ImmGetIMEFileNameW
ImmSetCompositionFontW
ImmEnumRegisterWordW
ImmNotifyIME
ImmGetHotKey
ImmGetCompositionStringW
ImmConfigureIMEW
ImmGetDefaultIMEWnd
ImmGetConversionStatus
ImmUnlockIMCC
ImmIsIME
ImmSetHotKey
ImmSetCandidateWindow
ImmAssociateContext
ImmGetContext
ImmGetImeMenuItemsW
ImmLockIMC
ImmGetCompositionFontW
ImmGetOpenStatus
ImmEscapeW
ImmGetCandidateListW
ImmRegisterWordW
ImmCreateContext
ImmGetProperty
ImmGetIMCCSize
ImmRequestMessageW
ImmSetOpenStatus

rpcrt4

RpcCancelThreadEx
RpcServerUseProtseqEpW
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
RpcAsyncInitializeHandle
I_RpcSend
UuidToStringW
CStdStubBuffer_DebugServerRelease
RpcMgmtSetCancelTimeout
RpcBindingSetAuthInfoA
RpcBindingInqAuthClientW
RpcBindingToStringBindingW
NdrMesTypeEncode2
NdrCorrelationInitialize
RpcStringBindingComposeA
NdrConvert2

ulib

?IsValueSet@ARGUMENT@@QAEEXZ
?Initialize@FSTRING@@QAEPAVWSTRING@@PAGK@Z
??1ARRAY@@UAE@XZ
??0STREAM_MESSAGE@@QAE@XZ
?QueryNumber@WSTRING@@QBEEPAJKK@Z
?GetPattern@ARGUMENT@@QAEPAVWSTRING@@XZ
?Strupr@WSTRING@@QAEPAV1@XZ
??0OBJECT@@IAE@XZ
?IsGuidVolName@PATH@@QAEEXZ
?QueryResourceString@BASE_SYSTEM@@SAEPAVWSTRING@@KPBDZZ
?FillAndReadByte@BYTE_STREAM@@AAEEPAE@Z
?ResetBit@BITVECTOR@@QAEXKK@Z
?Initialize@BYTE_STREAM@@QAEEPAVSTREAM@@K@Z
?Usage@PROGRAM@@UBEXXZ
?Initialize@LIST@@QAEEXZ
?QueryClassId@OBJECT@@QBEKXZ
?Initialize@WSTRING@@QAEEPBDK@Z
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
?Get_Standard_Error_Stream@@YGPAVSTREAM@@XZ
?SetName@PATH@@QAEEPBVWSTRING@@@Z
??1PATH_ARGUMENT@@UAE@XZ
?Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z
??0LIST@@QAE@XZ
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
??1BITVECTOR@@UAE@XZ
?QueryStream@FSN_FILE@@QAEPAVFILE_STREAM@@W4STREAMACCESS@@K@Z
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
?Initialize@MULTIPLE_PATH_ARGUMENT@@QAEEPADEE@Z

odbc32

PostODBCComponentError
PostODBCError
VRetrieveDriverErrorsRowCol
LockHandle
CursorLibTransact
CursorLibLockDesc
SearchStatusCode
ValidateErrorQueue
CursorLibLockDbc
SQLGetDiagRecA
VFreeErrors
CursorLibLockStmt

Sections

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 12KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65819714b9d0011ed4a9535dbd373029

Headers

DLL Characteristics

File Characteristics

Imports

cfgmgr32

advapi32

kernel32

imm32

rpcrt4

ulib

odbc32

Sections

.idata Size: 2KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 4KB

.text Size: 12KB - Virtual size: 157KB

INIT Size: 15KB - Virtual size: 15KB

.idata Size: 24KB - Virtual size: 102KB

.data Size: 6KB - Virtual size: 71KB

.rsrc Size: 1024B - Virtual size: 552B

.reloc Size: 1024B - Virtual size: 40B

.idata
Size: 2KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 157KB

INIT
Size: 15KB - Virtual size: 15KB

.idata
Size: 24KB - Virtual size: 102KB

.data
Size: 6KB - Virtual size: 71KB

.rsrc
Size: 1024B - Virtual size: 552B

.reloc
Size: 1024B - Virtual size: 40B