f801f317d27ba8cd1fed57dc780691512bd42df86b3e65928db6704f9f0df9de

Sharing

Copy URL Twitter E-mail

General

Target

f801f317d27ba8cd1fed57dc780691512bd42df86b3e65928db6704f9f0df9de
Size

736KB
MD5

6113c48e22d3c7fb0c176832929a6f60
SHA1

08e0911fa44a9ca61988f967cf5433cfb32c8d69
SHA256

f801f317d27ba8cd1fed57dc780691512bd42df86b3e65928db6704f9f0df9de
SHA512

98f69bb0bd78d42679e8756848019bf172d6a29075fbb0044ff1ba1e0a56c93db04d0c5162cbac59d7275040e0300f9c95ced25598ec2ec9eb4f8e6c11d7c887
SSDEEP

12288:cZsrVno7Fu7eSHuAAvxlfuEZGMEOlr7rrOIpWsazPTf+F/q5nJqpLGUkc:9JoJEcAAvOEZdEOlrfrOIs5zI/qxJqoR

Score

N/A

Malware Config

Signatures

Files

f801f317d27ba8cd1fed57dc780691512bd42df86b3e65928db6704f9f0df9de
.exe windows x86

bb81de034ba9773a6caefa76019ea07d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AddAccessDeniedAce
GetFileSecurityA
CryptCreateHash
CryptEnumProvidersW
RevertToSelf
GetSecurityDescriptorSacl
StartServiceW
AddAce
RegOpenKeyExW
LockServiceDatabase
SetTokenInformation
CheckTokenMembership
GetNumberOfEventLogRecords
GetSidSubAuthority
GetAce
ImpersonateSelf
ElfDeregisterEventSource
RegDeleteValueW
RegCreateKeyA
RegSetValueExA
CreateProcessAsUserA
RegQueryValueExA
LookupPrivilegeValueW
RegSetKeySecurity

netapi32

NetSessionEnum
DsEnumerateDomainTrustsW
NetServerEnum
NetServerTransportEnum
NetUserDel
NetJoinDomain
NetShareGetInfo
NetServerSetInfo
NetGetDCName
NetShareEnum
NetServiceInstall
NetUseAdd
NetUserGetInfo
DsRoleFreeMemory
NetUserEnum
NetShareSetInfo
NetUseEnum
NetWkstaUserGetInfo

odbc32

VRetrieveDriverErrorsRowCol
CursorLibLockDbc
CursorLibLockDesc
LockHandle
SQLConnect
CursorLibTransact
PostODBCComponentError
CursorLibLockStmt
SearchStatusCode
VFreeErrors
ValidateErrorQueue
PostODBCError

msvcrt

wcslen
mktime
_setmode
__argc
div
_wcsdup
_ismbcalpha
fputc
_mbsnbcpy
_itoa
wcstod
_CIlog

kernel32

GetCommMask
GetFullPathNameA
OutputDebugStringA
GlobalHandle
FindVolumeMountPointClose
RemoveDirectoryW
WriteFile
VirtualAlloc
TlsFree
SetFileApisToOEM
WaitForMultipleObjectsEx
FormatMessageW
HeapValidate
CreateJobObjectW
QueryPerformanceCounter
CopyFileA
LoadLibraryA
DeleteVolumeMountPointW
GetEnvironmentStringsW
DeleteAtom
ExpandEnvironmentStringsA
HeapAlloc
ChangeTimerQueueTimer
GetModuleHandleW
CreateFileW
HeapSetInformation
SetHandleCount
SetCriticalSectionSpinCount
CreateMutexW

mscms

OpenColorProfileW
GetColorProfileElement
DeleteColorTransform
InternalGetPS2PreviewCRD
GetStandardColorSpaceProfileW
InternalGetPS2ColorRenderingDictionary
CloseColorProfile
GetColorDirectoryW
EnumColorProfilesA
IsColorProfileValid
InstallColorProfileW
OpenColorProfileA
TranslateBitmapBits
TranslateColors
CreateColorTransformW
UninstallColorProfileW
InternalGetPS2CSAFromLCS
EnumColorProfilesW
GetColorDirectoryA
CreateColorTransformA
GetColorProfileHeader
InternalGetPS2ColorSpaceArray

shlwapi

PathIsPrefixW
UrlCreateFromPathW
StrToIntExA
PathFindFileNameA
StrToIntW
UrlApplySchemeW
StrTrimA
PathGetArgsW
SHDeleteKeyW
PathSearchAndQualifyW
PathGetArgsA
StrIsIntlEqualW
StrRChrA
PathQuoteSpacesW
StrCSpnW
SHRegDuplicateHKey
PathRelativePathToW
PathIsUNCServerW
StrRChrIW
StrRetToBufW

Sections

.data
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 39KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 409KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 93KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb81de034ba9773a6caefa76019ea07d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

netapi32

odbc32

msvcrt

kernel32

mscms

shlwapi

Sections

.data Size: 1024B - Virtual size: 766B

.text Size: 39KB - Virtual size: 387KB

.rdata Size: 112KB - Virtual size: 337KB

.edata Size: 409KB - Virtual size: 512KB

.idata Size: 93KB - Virtual size: 111KB

.rsrc Size: 79KB - Virtual size: 79KB

.reloc Size: 512B - Virtual size: 328B

.data
Size: 1024B - Virtual size: 766B

.text
Size: 39KB - Virtual size: 387KB

.rdata
Size: 112KB - Virtual size: 337KB

.edata
Size: 409KB - Virtual size: 512KB

.idata
Size: 93KB - Virtual size: 111KB

.rsrc
Size: 79KB - Virtual size: 79KB

.reloc
Size: 512B - Virtual size: 328B