ef3909d3de0efcaab52c3db91d7f8a003be8e25305a6dc2d500eeec3fdccf62e

Sharing

Copy URL Twitter E-mail

General

Target

ef3909d3de0efcaab52c3db91d7f8a003be8e25305a6dc2d500eeec3fdccf62e
Size

143KB
MD5

6c7d921ce022625c425d2cd1df3578e0
SHA1

4c7ef4b563176e4b79a9e0e317cb7ccc6aaacde1
SHA256

ef3909d3de0efcaab52c3db91d7f8a003be8e25305a6dc2d500eeec3fdccf62e
SHA512

fb52718252025430d44276926d208eeb67f41ca2061d04c366ce82719c4cb7dea7a0d4450ac52852d261b9be31c51ad1a87226fe425adbc06ed41a3f06c890b4
SSDEEP

3072:E8kfMunJdVF+S7RSuKnXeOrK+6sk7vBqYe45BCzB5xQj5i9g:E8kVnJESwuKnOKK+6b7LWB5Ev

Score

N/A

Malware Config

Signatures

Files

ef3909d3de0efcaab52c3db91d7f8a003be8e25305a6dc2d500eeec3fdccf62e
.exe windows x86

1d002ec1970312dd4d5885d37d689802

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_CreateSemaphore_@16
_DlgDirSelectEx_@16
_QueryDosDevice_@12
_TranslateAccelerator@12
_CreateFont@56
_CreateDirectoryEx_@12
_FindFirstFile_@8
_GetEnhMetaFile_@4
_CreateFileMapping_@24
_CharLowerBuff_@8
_IsCharUpper_@4
_CharPrev_@8
_GetModuleHandle_@4
_GetShortPathName_@12
_MessageBoxIndirect_@4
_OpenBackupEventLog_@8
_FatalAppExit_@8
_FindWindowEx_@16
_GrayString_@36
_NDdeGetErrorString_@12
_wvsprintf_@12
_GetTextExtentPoint@16
_DialogBoxIndirectParam_@20
_ChangeServiceConfig_@44
_CharNext_@4
_CreateScalableFontResource_@16
_NDdeSetShareSecurity_@16
_BeginUpdateResource_@8
_UpdateResource_@24
_WritePrivateProfileSection_@12

wininet

FtpRenameFileW
RetrieveUrlCacheEntryFileW
InternetQueryDataAvailable
FtpRemoveDirectoryW
ShowCertificate
GopherOpenFileA
FtpPutFileA
FindNextUrlCacheGroup
InternetWriteFile
UrlZonesDetach
FtpCommandA
SetUrlCacheGroupAttributeW
InternetCombineUrlA
InternetSecurityProtocolToStringA
FtpGetFileA

odbctrac

TraceSQLGetTypeInfo
TraceSQLBindParameter
TraceSQLPrimaryKeysW
TraceSQLExecDirectW
TraceSQLTransact
TraceSQLDriverConnectW
TraceSQLGetInfoW
TraceSQLSetPos
TraceSQLGetDiagRec
TraceSQLDrivers
TraceSQLColAttributesW
TraceSQLGetStmtAttr
TraceSQLSetDescRec
TraceSQLCloseCursor
TraceSQLDisconnect
TraceSQLColumnPrivileges
TraceSQLGetDiagRecW
TraceSQLGetConnectAttrW
TraceSQLGetConnectOption
TraceSQLAllocConnect
TraceSQLTablePrivileges
TraceSQLExecDirect
TraceSQLMoreResults
TraceSQLDescribeColW
TraceSQLDataSourcesW
TraceSQLFreeConnect

msdart

?WriteUnlock@CReaderWriterLock@@QAEXXZ
?_H1@CLKRLinearHashTable@@ABEKK@Z
?IsValid@CLKRLinearHashTable@@QBE_NXZ
mpCalloc
?_RemoveThisFromGlobalList@CLKRLinearHashTable@@AAEXXZ
?ReadLock@CFakeLock@@QAEXXZ
?sm_wDefaultSpinCount@CCritSec@@1GA
?GetStatistics@CLKRLinearHashTable@@QBE?AVCLKRHashTableStats@@XZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?ReadUnlock@CLKRHashTable@@QBEXXZ
?_Unlock@CSpinLock@@AAEXXZ
?SetDefaultSpinAdjustmentFactor@CFakeLock@@SGXN@Z
?IsWin9x@CMdVersionInfo@@SAHXZ
??1CCritSec@@QAE@XZ

hhsetup

?bIsVisable@CFolder@@QAEHXZ
?AddChildFolder@CFolder@@QAEPAV1@PBGKPAKG@Z
?GetCollectionFileName@CCollection@@QAEPBDXZ
?SetVolume@CLocation@@QAEXPBD@Z
?GetLanguage@CFolder@@QAEGXZ
?GetTitleW@CFolder@@QAEPBGXZ
?SetMasterCHM@CCollection@@QAEXPBDG@Z
??4CTitle@@QAEAAV0@ABV0@@Z
?GetVisableRootFolder@CCollection@@QAEPAVCFolder@@XZ
?RemoveAll@CPointerList@@QAEXXZ
?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?GetNextLocation@CLocation@@QAEPAV1@XZ
?SetSampleLocation@CCollection@@QAEXPBD@Z
?Release@CCollection@@AAEKXZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?GetId@CTitle@@QAEPADXZ

secur32

QuerySecurityContextToken
LsaGetLogonSessionData
LsaFreeReturnBuffer
SaslGetProfilePackageW
TranslateNameW
QuerySecurityPackageInfoW
LsaRegisterPolicyChangeNotification
DecryptMessage
CredUnmarshalTargetInfo
EnumerateSecurityPackagesA
SaslInitializeSecurityContextW
SaslEnumerateProfilesW
LsaConnectUntrusted
AcquireCredentialsHandleW
SaslInitializeSecurityContextA

kernel32

ZombifyActCtx
SwitchToFiber
GlobalAlloc
GetComputerNameExA
QueryDosDeviceW
EnumerateLocalComputerNamesW
LoadLibraryW
GetConsoleWindow
MapViewOfFile
DebugSetProcessKillOnExit
RemoveDirectoryA
OutputDebugStringW
ReadConsoleInputExA
GlobalFindAtomW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d002ec1970312dd4d5885d37d689802

Headers

File Characteristics

Imports

sqlunirl

wininet

odbctrac

msdart

hhsetup

secur32

kernel32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 100KB - Virtual size: 100KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 2KB - Virtual size: 2KB