c9f6c928806550149a8543614e8d657bd01dbc83ed4280a1e4bf78947ceb8e20

Sharing

Copy URL

Twitter E-mail

General

Target

c9f6c928806550149a8543614e8d657bd01dbc83ed4280a1e4bf78947ceb8e20
Size

872KB
MD5

6eae2af4946fea0d0a32c635ef4bf8c0
SHA1

e504e48b3790dd48e4ad5b223cc087c2b04683f6
SHA256

c9f6c928806550149a8543614e8d657bd01dbc83ed4280a1e4bf78947ceb8e20
SHA512

de6e26ebbb1ccfa8befe887aba751d48633123d889513fe150910d218a68e346945fa4763cc86fca13d758ee107bae0f71b6cbe52809496da625982caae5a760
SSDEEP

24576:mF6hlZWVfFdl5YpZxmLHGug6aKolVc52X:G6hrmF6mLHGuxOQ52X

Score

N/A

Malware Config

Signatures

Files

c9f6c928806550149a8543614e8d657bd01dbc83ed4280a1e4bf78947ceb8e20
.exe windows x86

069c6b4175440e6e92e305aca8d8047c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlsrv32

SQLPutData
BCP_control
SQLSetScrollOptions
SQLDescribeColW
SQLColumnsW
SQLGetEnvAttr
SQLDisconnect
SQLSetCursorNameW
SQLFreeHandle
BCP_columns
SQLGetCursorNameW
SQLExecDirectW
SQLSetConnectOptionW
SQLFetch
SQLSetDescFieldW
SQLSetConnectAttrW
ConfigDSNW
BCP_init
SQLTablePrivilegesW
WizDSNDlgProc
WizLanguageDlgProc
SQLGetConnectAttrW
SQLMoreResults
SQLGetFunctions
BCP_collen
SQLGetTypeInfoW
WizIntSecurityDlgProc
BCP_writefmt
SQLForeignKeysW
SQLProceduresW
BCP_sendrow
SQLDescribeParam
SQLCancel
SQLCopyDesc
SQLGetDescRecW
SQLCloseCursor
SQLSetPos
SQLSetDescRec
SQLBrowseConnectW
SQLColumnPrivilegesW
SQLTablesW
SQLGetDescFieldW
SQLGetDiagFieldW

crtdll

vswprintf
iswspace
_daylight_dll
scanf
_lseek
__argv_dll
ctime
_pgmptr_dll
_strnextc
clock
_chmod
_fileno
??2@YAPAXI@Z
_fcloseall
_tzset
strcat
__iscsym
signal
rand
_amsg_exit
_fcvt
_ecvt
_mbsnbcat
_ismbcl2
_memicmp
tolower
fputc
_close
_open_osfhandle
wcscpy
fputs
_toupper
ferror
fopen
_clearfp
iswalnum
fflush
_strrev
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_ftol
_msize
__threadhandle
strncpy

user32

LoadStringW
UnhookWindowsHook
IMPGetIMEW
UserHandleGrantAccess
GetClassInfoW
BroadcastSystemMessage
UserRealizePalette
AnyPopup
EnumDisplaySettingsExW
LoadImageA
DrawCaptionTempA
CharNextExA
UnhookWindowsHookEx
CtxInitUser32
DlgDirSelectComboBoxExA
UnhookWinEvent
GetWindowRect
GetWindowInfo
SendIMEMessageExA
SendDlgItemMessageA
PostMessageA
WinHelpW
DdeGetLastError
wsprintfA
LoadStringA
GetUserObjectInformationW
CallWindowProcW
IMPSetIMEW
SetProgmanWindow
CountClipboardFormats
DdeReconnect
OpenDesktopA
SetProcessWindowStation
InflateRect
SetWindowWord
DefMDIChildProcA
MessageBoxIndirectW
ChangeDisplaySettingsExW

kernel32

RegisterConsoleIME
GetConsoleMode
EscapeCommFunction
AddRefActCtx
DeleteVolumeMountPointW
GetVolumePathNameW
CreateMailslotW
SetNamedPipeHandleState
ResumeThread
FreeResource
LoadLibraryA
EnumDateFormatsA
WriteConsoleOutputA
MoveFileExA
OpenMutexA
FileTimeToLocalFileTime
VirtualAlloc
SetProcessWorkingSetSize
GetProcessAffinityMask
UTUnRegister
OpenFileMappingW
LocalFree
DeleteCriticalSection
IsValidLocale
GetProfileStringA
GetConsoleAliasesLengthW
FormatMessageA
DeleteTimerQueueTimer
SetFilePointerEx
ReadConsoleInputExA
GlobalFindAtomA
IsWow64Process
BaseCleanupAppcompatCacheSupport
InitializeCriticalSection

msi

MsiGetProductInfoA
MsiApplyPatchA
MsiGetUserInfoW
MsiConfigureProductA
MsiGetActiveDatabase
MsiEnumComponentQualifiersW
MsiQueryProductStateW
MsiGetPropertyA
MsiDoActionA
MsiViewGetErrorW
MsiConfigureFeatureFromDescriptorA
MsiUseFeatureA
MsiInstallProductA
MsiProvideComponentA
MsiDatabaseIsTablePersistentA
MsiViewClose
MsiIsProductElevatedA
MsiPreviewBillboardA
MsiGetFileSignatureInformationA
MsiQueryFeatureStateW
MsiSummaryInfoSetPropertyA
MsiProvideComponentFromDescriptorW
MsiGetFeatureStateW
MsiRecordSetStringA
MsiVerifyPackageA
MsiDatabaseGetPrimaryKeysW
MsiConfigureFeatureA
MsiGetFeatureInfoA
MsiGetFeatureUsageW
MsiUseFeatureExW
MsiEnableUIPreview
MsiDeleteUserDataA
MsiOpenPackageW

vssapi

?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareSnapshotEnd@CVssJetWriter@@UAG_N_N@Z
?Uninitialize@CVssJetWriter@@QAGXXZ
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?SetWriterFailure@CVssWriter@@IAGJJ@Z
?OnPostRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?AreComponentsSelected@CVssWriter@@IBG_NXZ
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnThawEnd@CVssJetWriter@@UAG_N_N@Z
?Subscribe@CVssWriter@@QAGJK@Z
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?OnAbortBegin@CVssJetWriter@@UAGXXZ
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPostSnapshot@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnVSSShutdown@CVssWriter@@UAG_NXZ
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?GetCurrentVolumeCount@CVssWriter@@IBGIXZ
?GetCurrentSnapshotSetId@CVssWriter@@IBG?AU_GUID@@XZ
?OnIdentify@CVssWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?GetCurrentVolumeArray@CVssWriter@@IBGPAPBGXZ
IsVolumeSnapshotted
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?Unsubscribe@CVssWriter@@QAGJXZ
?OnFreezeEnd@CVssJetWriter@@UAG_N_N@Z
??0CVssJetWriter@@QAE@XZ
?IsPathAffected@CVssWriter@@IBG_NPBG@Z
?OnFreezeBegin@CVssJetWriter@@UAG_NXZ

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 231KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

069c6b4175440e6e92e305aca8d8047c

Headers

DLL Characteristics

File Characteristics

Imports

sqlsrv32

crtdll

user32

kernel32

msi

vssapi

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 295KB - Virtual size: 295KB

.data Size: 231KB - Virtual size: 1.6MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 295KB - Virtual size: 295KB

.data
Size: 231KB - Virtual size: 1.6MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B