c9dc4fe59bc8f0d5c6f45a84ec09787202c1009d9a8b8c9e6d16fc8688060024

Sharing

Copy URL Twitter E-mail

General

Target

c9dc4fe59bc8f0d5c6f45a84ec09787202c1009d9a8b8c9e6d16fc8688060024
Size

386KB
MD5

5a35ab37d91953fecfaec79305e91799
SHA1

acc6eeab4c2a923035f65277f10446ee1e3d5062
SHA256

c9dc4fe59bc8f0d5c6f45a84ec09787202c1009d9a8b8c9e6d16fc8688060024
SHA512

c0462b593eca45fbab2e1f262cc1ee1d37f98fb68fb285eb10915c339eb9e822f91080ed6cf747957503774916d2e9844d3cc3f6503451e9b2e316042a0690f5
SSDEEP

12288:96jbwlBy4XuHvcC2WYtcjBfRj43jX+MfFu6:AwlByku0CJY+BfRsyv

Score

N/A

Malware Config

Signatures

Files

c9dc4fe59bc8f0d5c6f45a84ec09787202c1009d9a8b8c9e6d16fc8688060024
.exe windows x86

e405f35af21363eacd099ffd2797e06b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarUI1FromDisp
SysStringByteLen
VarDecInt
VarCyFromI1
VarDateFromI2
VarI4FromI8
VarBstrFromUI1
VarUI8FromDate
VarR8FromI2
VarCyFromR8
OleLoadPictureEx
LPSAFEARRAY_UserMarshal
VarCyFromDate
VarNumFromParseNum
VarI4FromDisp
VarDateFromDisp
VarI1FromI2
VarDateFromUI2
VarR4FromUI2
VarI2FromBool
VarDecAdd
VarCyCmpR8
VarUI4FromBool
VarUI8FromUI2
VarBoolFromR4
VarI1FromDate
VarBstrFromDate

pdh

PdhVbGetDoubleCounterValue
PdhOpenQueryH
PdhGetCounterTimeBase
PdhGetDefaultPerfCounterA
PdhGetRawCounterArrayW
PdhCalculateCounterFromRawValue
PdhEnumObjectsW
PdhEnumObjectsHW
PdhConnectMachineW
PdhEnumMachinesHA
PdhGetDefaultPerfCounterHW
PdhGetLogSetGUID
PdhGetDefaultPerfObjectHA
PdhValidatePathA
PdhEnumObjectItemsHA
PdhEnumObjectItemsA
PdhSetCounterScaleFactor
PdhOpenQueryA
PdhValidatePathW
PdhBindInputDataSourceW
PdhParseCounterPathW
PdhExpandWildCardPathA
PdhVbCreateCounterPathList
PdhMakeCounterPathA

sqlsrv32

BCP_colptr
SQLRowCount
SQLDisconnect
BCP_bind
SQLCopyDesc
SQLGetDiagRecW
BCP_readfmt
SQLSetEnvAttr
BCP_colfmt
SQLParamOptions
SQLStatisticsW
SQLSetConnectOptionW
SQLDebug
BCP_batch
SQLConnectW
SQLGetData
SQLGetConnectAttrW
BCP_setcolfmt
BCP_moretext
SQLPrepareW
SQLDriverConnectW
ConfigDriverW
SQLGetDescFieldW
SQLProceduresW
SQLSetDescRec
SQLGetFunctions

kernel32

GetPrivateProfileStringW
ExpungeConsoleCommandHistoryA
DeleteTimerQueueEx
EnumCalendarInfoExA
GetLogicalDriveStringsA
LocalCompact
ReplaceFileA
GetProcessHeap
ContinueDebugEvent
QueryMemoryResourceNotification
VirtualAlloc
GetNumaAvailableMemoryNode
MapViewOfFile
PulseEvent
QueryPerformanceCounter
GetDiskFreeSpaceA
InterlockedCompareExchange
CreateFiber
AddLocalAlternateComputerNameA
GetCurrentThreadId
GetStartupInfoW
GetSystemDefaultLCID
WaitCommEvent
SetCalendarInfoA
SetFileApisToANSI
MulDiv
GetConsoleWindow
ReadFileEx
LoadLibraryA
DeleteAtom
CreateProcessInternalA
FileTimeToDosDateTime
DefineDosDeviceW
DeleteTimerQueue
GetCurrentProcessId
GetTickCount
GetDriveTypeW
GetConsoleCursorInfo
DisconnectNamedPipe
QueryInformationJobObject
FindNextVolumeMountPointW
FatalAppExitW
SetLastError
LocalSize
VirtualProtect
ReadConsoleOutputCharacterA
GetConsoleAliasesLengthW
CreateFileMappingW
LocalHandle
IsBadReadPtr

setupapi

CM_Query_Arbitrator_Free_Size
CM_Get_Device_Interface_Alias_ExA
CM_Request_Eject_PC_Ex
pSetupSetQueueFlags
SetupCloseLog
SetupLogFileW
SetupIterateCabinetW
CM_Get_Global_State
SetupGetInfFileListA
SetupDiInstallClassExA
SetupIterateCabinetA
SetupGetSourceFileLocationW
SetupGetMultiSzFieldA
CM_Get_Class_Key_Name_ExW
SetupRemoveSectionFromDiskSpaceListA
pSetupMakeSurePathExists
SetupCopyOEMInfW
CM_Get_Res_Des_Data_Size_Ex
CM_Enumerate_EnumeratorsA
pSetupStringTableGetExtraData
SetupDiBuildDriverInfoList
CM_Open_Class_KeyA

keymgr

PRShowRestoreWizardW
PRShowRestoreWizardExW
PRShowSaveWizardExW
DllMain
CPlApplet
PRShowSaveFromMsginaW
PRShowRestoreFromMsginaW
KRShowKeyMgr

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 269KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e405f35af21363eacd099ffd2797e06b

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

pdh

sqlsrv32

kernel32

setupapi

keymgr

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 269KB - Virtual size: 768KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 512B - Virtual size: 264B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 269KB - Virtual size: 768KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 512B - Virtual size: 264B