6fda5da2511b0e565c59085edeff157a4fa757a5a902e207ac0dde8e1f1f2ae4

Sharing

Copy URL Twitter E-mail

General

Target

6fda5da2511b0e565c59085edeff157a4fa757a5a902e207ac0dde8e1f1f2ae4
Size

829KB
MD5

033e44ef33d7c98cec11c77ea1c38cf6
SHA1

88eb44f558117b2e1c132696e3acbb1c0bb7e80f
SHA256

6fda5da2511b0e565c59085edeff157a4fa757a5a902e207ac0dde8e1f1f2ae4
SHA512

f3716a16d7e9a985fffffc8c2358b4eb913e18fb21d5d498dc80ffbab8fab14180f82d7ec6fa6c125251b6057f039749846138402c24303ee42ae01dfdaf55bf
SSDEEP

12288:kCQC+A/BOta9+itZx5hnQdDOh9QjbpAQkfjbuO/1qujSCtPI5K94Is9gboncljqv:kC1LsQ+gZKdG9QjCDyOdqaSCtiK9enZ

Score

N/A

Malware Config

Signatures

Files

6fda5da2511b0e565c59085edeff157a4fa757a5a902e207ac0dde8e1f1f2ae4
.exe windows x86

b2f4cb84eeb320bbbac2205e9f3f3fe5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarDecFromDate
SafeArrayCopyData
VarI2FromUI8
VarUI4FromDisp
VarAdd
VarI1FromStr
OleLoadPictureFileEx
VarTokenizeFormatString
VarR4FromR8
VarI4FromDec
GetRecordInfoFromGuids
VarBstrFromUI4
VarDecFromI2
VarDecFromUI4
VarUI8FromR4
LHashValOfNameSys
DispInvoke
VarI8FromUI8
VarUI2FromR4
VarCyFromDate
VarCyFromBool
VarI1FromI8
VarUI2FromCy
VarI2FromI1
VarBstrFromI1
VarAnd
LPSAFEARRAY_Size
VarSub
VarUI1FromI4

kernel32

HeapAlloc
GetTempPathW
GetWindowsDirectoryA
GetLocaleInfoW
GetConsoleAliasesA
SetLocalPrimaryComputerNameW
SetConsoleHardwareState
BuildCommDCBW
LZClose
DosPathToSessionPathW
GetCommProperties
AddLocalAlternateComputerNameA
ReadConsoleInputExW
GetModuleHandleW
UpdateResourceW
SetCommConfig
lstrcpyA
CreateSocketHandle
SetConsoleOutputCP
CompareFileTime
DebugActiveProcess
MulDiv
SetMailslotInfo
HeapFree
GlobalHandle
LoadLibraryW
GetCurrentThread
GlobalGetAtomNameA
ReleaseSemaphore
CreateTimerQueue
SetConsoleTextAttribute
PrivCopyFileExW
GetConsoleInputWaitHandle
_lclose
GetCurrentConsoleFont

crtdll

ferror
_getw
_CIatan2
_purecall
_pwctype_dll
_daylight_dll
strpbrk
_dup2
bsearch
_mbsnset
_CIsqrt
_osminor_dll
_mbsdup
fputs

ws2_32

WSAGetOverlappedResult
getprotobyname
WSAAsyncGetProtoByNumber
WSASetLastError
WSAAsyncGetHostByName
WSApSetPostRoutine
WSALookupServiceBeginW
WSAGetQOSByName
WSAAsyncGetServByPort
WSAAsyncGetHostByAddr
recv
WSALookupServiceBeginA
WSAInstallServiceClassA
htons
WSAAsyncSelect
WSASendDisconnect
connect
WSAGetServiceClassNameByClassIdW
WSAGetServiceClassInfoW
inet_ntoa

odbctrac

TraceSQLGetCursorName
TraceSQLDriverConnectW
TraceSQLDescribeCol
TraceCloseLogFile
TraceSQLProcedureColumnsW
TraceSQLGetTypeInfoW
TraceSQLCopyDesc
TraceSQLGetConnectAttr
TraceSQLConnectW
TraceSQLColAttributes
TraceSQLDrivers
TraceSQLBulkOperations
TraceSQLTablePrivilegesW

vssapi

?CreateVssSnapshotSetDescription@@YGJU_GUID@@JPAPAVIVssSnapshotSetDescription@@@Z
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?GetCurrentVolumeCount@CVssWriter@@IBGIXZ
?GetCurrentSnapshotSetId@CVssWriter@@IBG?AU_GUID@@XZ
?OnAbortBegin@CVssJetWriter@@UAGXXZ
?SetWriterFailure@CVssWriter@@IAGJJ@Z
?InstallAlternateWriter@CVssWriter@@QAGJU_GUID@@0@Z
?OnPostSnapshot@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?Subscribe@CVssWriter@@QAGJK@Z
?OnVSSShutdown@CVssWriter@@UAG_NXZ
VssFreeSnapshotProperties
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
??1CVssWriter@@UAE@XZ
?Unsubscribe@CVssWriter@@QAGJXZ
?OnIdentify@CVssWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?OnAbortEnd@CVssJetWriter@@UAGXXZ
??0CVssWriter@@QAE@XZ
?OnPrepareSnapshotBegin@CVssJetWriter@@UAG_NXZ
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ

Sections

.text
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2f4cb84eeb320bbbac2205e9f3f3fe5

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

crtdll

ws2_32

odbctrac

vssapi

Sections

.text Size: 377KB - Virtual size: 377KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 189KB - Virtual size: 1.6MB

.rsrc Size: 161KB - Virtual size: 161KB

.reloc Size: 1024B - Virtual size: 860B

.text
Size: 377KB - Virtual size: 377KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 189KB - Virtual size: 1.6MB

.rsrc
Size: 161KB - Virtual size: 161KB

.reloc
Size: 1024B - Virtual size: 860B