ff31173e46645cffe5bae4de1b23ca84bb5cd0464cba1df1951a1150b5b01ede

Sharing

Copy URL Twitter E-mail

General

Target

ff31173e46645cffe5bae4de1b23ca84bb5cd0464cba1df1951a1150b5b01ede
Size

49KB
MD5

54f8d1c52424af8a39b244b595a40eed
SHA1

28694e140ae7fb7e6cd3d16ee0c96cf526bdb6eb
SHA256

ff31173e46645cffe5bae4de1b23ca84bb5cd0464cba1df1951a1150b5b01ede
SHA512

81bc1f932f4ec9815ce70694283d456495e6f3a29089810278731afc82edda1820240bda6dbde56e05e1d831e48d1430b44ef454368198d3a41ac7f7642b5b1f
SSDEEP

1536:qWQORS9zPQBeW412s1d6RDP97CGNuusU:qWQORgPQBeWk1diD1iF

Score

N/A

Malware Config

Signatures

Files

ff31173e46645cffe5bae4de1b23ca84bb5cd0464cba1df1951a1150b5b01ede
.exe windows x86

7af84af5481f59216648d39dd2be6ced

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CmdBatNotification
SetComputerNameW
DebugBreakProcess
GlobalAlloc
CreateFileMappingW
UnlockFileEx
InitializeCriticalSectionAndSpinCount
IsBadStringPtrA
GetProcAddress
GetModuleHandleW
DosDateTimeToFileTime
VirtualAlloc
CreateProcessInternalA
VDMOperationStarted
GetConsoleAliasesA
SetConsoleDisplayMode
LoadLibraryA
AllocateUserPhysicalPages
PulseEvent
ExpandEnvironmentStringsW
GetConsoleMode
lstrcatW
_lopen
WriteConsoleW
GlobalGetAtomNameW
BaseFlushAppcompatCache
EnumResourceTypesA
Module32NextW
BackupWrite
EnumSystemCodePagesW
GetStartupInfoA

sqlunirl

_SetICMProfile_@8
_GetDiskFreeSpaceEx_@16
_EnumDependentServices_@24
_DefDlgProc_@16
_LookupPrivilegeName_@16
_PostThreadMessage_@16
_ShellExecuteEx_@4
_DefFrameProc_@20
_GetClassLong_@8
_RegSetValueEx_@24
_CreateNamedPipe_@32
__hwrite_@12
_MapVirtualKey_@8
_GetEnhMetaFile_@4
_tsystem
_GetCharWidth_@16
_GetKeyboardLayoutName_@4
newMultiByteFromWideCharSize
_CommDlg_OpenSave_GetSpec@12
_CreateMutex_@12
_FindNextFile_@8
_UpdateResource_@24
_CreateAcceleratorTable_@8
newMultiByteFromWideChar
_AddAtom_@4
_CreateColorSpace_@4

ntdll

RtlGenerate8dot3Name
wcsncpy
RtlDeregisterWaitEx
RtlDestroyHeap
ZwCreateSection
_chkstk
NtQueryDirectoryFile
RtlQueryInformationActiveActivationContext
NtTranslateFilePath
RtlAddAccessAllowedObjectAce
ZwCreateSymbolicLinkObject
NtSetDefaultHardErrorPort
RtlPrefixString
RtlGetLengthWithoutLastFullDosOrNtPathElement
ZwSetSecurityObject
RtlCreateAcl
wcschr
NtPrivilegeCheck
NtInitiatePowerAction
ZwQueryMutant
NtSetSystemInformation
NtSetTimerResolution
NtEnumerateSystemEnvironmentValuesEx
NtOpenProcessTokenEx
ZwClearEvent
ZwReplyWaitReplyPort
NtDuplicateObject
RtlIntegerToChar
NtContinue
RtlSetDaclSecurityDescriptor
ZwQueryAttributesFile
RtlAddAccessDeniedAceEx

ntmarta

AccProvHandleGrantAccessRights
AccProvHandleGetAllRights
AccProvGrantAccessRights
AccProvIsObjectAccessible
AccProvGetCapabilities
AccRewriteSetEntriesInAcl
AccFreeIndexArray
AccRewriteGetHandleRights
EventGuidToName
AccProvGetTrusteesAccess
AccProvHandleRevokeAccessRights
AccGetExplicitEntries
AccRewriteGetExplicitEntriesFromAcl
AccProvGetAllRights
AccLookupAccountName
AccRewriteGetNamedRights
AccProvHandleGetAccessInfoPerObjectType
AccProvGetOperationResults
AccProvHandleIsObjectAccessible
AccConvertAccessMaskToActrlAccess
AccConvertAclToAccess
AccConvertSDToAccess
AccProvHandleGetTrusteesAccess
AccProvHandleRevokeAuditRights
AccProvRevokeAccessRights
AccProvSetAccessRights

imagehlp

RemovePrivateCvSymbolic
MapFileAndCheckSumW
SymGetSymFromAddr64
SymGetLinePrev64
MapFileAndCheckSumA
ImageDirectoryEntryToData
RemoveRelocations
StackWalk
SymLoadModule64
SymGetTypeInfo
SplitSymbols
SymUnloadModule
ImageLoad
SymGetModuleInfoW64
SymRegisterFunctionEntryCallback64
FindExecutableImageEx
SymEnumerateSymbols64
ImageRemoveCertificate
SymGetLinePrev
SymFromAddr
FindDebugInfoFile
SymGetLineFromAddr64
BindImageEx
FindDebugInfoFileEx
ImageGetCertificateData
SymGetSymPrev
UnDecorateSymbolName
SymEnumerateModules64
SymGetOptions

sqlwoa

_LoadBitmap@8
AllocConvertMultiSZNameToA
ConvertMultiSZNameToW
_GetProp@8
_LoadCursor@8
newWideCharFromMultiByte
_CreateDialogIndirectParam@20
_GetWindowLong@8
_GetModuleFileName@12
_SendDlgItemMessage@20
_SetDlgItemText@12
_PostMessage@16
_GetDlgItemText@16
_TextOut@20
_LoadIcon@8
_LoadString@16
newMultiByteFromWideChar
_CommDlg_OpenSave_GetFolderPath@12
_GetVersionEx@4
_PeekMessage@20
_trename
_WinHelp@16
_GetTextExtentPoint32@16
_ExtTextOut@32
_tsystem

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7af84af5481f59216648d39dd2be6ced

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

sqlunirl

ntdll

ntmarta

imagehlp

sqlwoa

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 2KB