d22f5964ab1636bcca68785cf0d39b083e4c6c924bb72e034bab84c6686058cf

Sharing

Copy URL Twitter E-mail

General

Target

d22f5964ab1636bcca68785cf0d39b083e4c6c924bb72e034bab84c6686058cf
Size

846KB
MD5

76ff66b8268f48e070e39a0167439900
SHA1

28d6dda2c0c6f1e0e2df794e90b9de817bc16c53
SHA256

d22f5964ab1636bcca68785cf0d39b083e4c6c924bb72e034bab84c6686058cf
SHA512

190c0b255cf6a21da402beba0daa6b276aa46810d3b3b22db4f0eb6d5cf481cfbab57eed77c630e608bc3d999e9ba62c08919e4ea75fd1c33d0c0684f33c3b33
SSDEEP

24576:AdmlCinbLxU9ibJEFdwMGTP31FaqC1ZyVUnQn5Nd4qnIa81:4mlCAhUMbJEFdwMGTP3QsN5Ndy1

Score

N/A

Malware Config

Signatures

Files

d22f5964ab1636bcca68785cf0d39b083e4c6c924bb72e034bab84c6686058cf
.exe windows x86

2b4ef88a50890c20346cf64638ad4b80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FatalAppExitW
TzSpecificLocalTimeToSystemTime
GetModuleHandleExW
RegisterWowBaseHandlers
VDMOperationStarted
GetPrivateProfileIntW
GetWindowsDirectoryW
GetBinaryTypeA
ExpungeConsoleCommandHistoryA
FormatMessageW
GetUserDefaultLangID
ConsoleMenuControl
GetNumberFormatW
EnumResourceLanguagesW
GetDateFormatW
SetWaitableTimer
VirtualAlloc
FindActCtxSectionStringA
FindNextVolumeA
ClearCommBreak
EndUpdateResourceA
FindFirstFileExW
SetTimeZoneInformation
SetCriticalSectionSpinCount
GetSystemDirectoryW
GetFileAttributesExA
GetTickCount
WriteFileGather
LoadLibraryA
GetComputerNameA
GetConsoleAliasesA
VerSetConditionMask
GenerateConsoleCtrlEvent
GetConsoleAliasExesW
VirtualLock
FormatMessageA
QueryDosDeviceW
HeapUnlock
WriteProfileSectionA
TerminateThread
SetConsoleWindowInfo
CancelWaitableTimer
GetConsoleCursorInfo
InitializeCriticalSection
SetComPlusPackageInstallStatus
GetVolumePathNamesForVolumeNameA
IsDBCSLeadByteEx
LoadResource
BeginUpdateResourceW
VerLanguageNameA
CreateWaitableTimerA
SetDefaultCommConfigA
GlobalMemoryStatusEx
SetFileApisToOEM
GetCommConfig
GetComputerNameExA
ExpandEnvironmentStringsW
IsValidCodePage
OpenThread
GetStdHandle

ntdll

RtlAddAce
RtlInitUnicodeString
DbgUiContinue
NtOpenSection
NtOpenFile
RtlAbsoluteToSelfRelativeSD
ZwLoadKey
ZwGetPlugPlayEvent
__iscsym
RtlAddAccessDeniedAceEx
ZwSetHighWaitLowEventPair
RtlCreateAndSetSD
vDbgPrintEx
ZwUnlockVirtualMemory
NtAccessCheckByType
RtlDestroyQueryDebugBuffer
ZwCreateFile

sqlsrv32

SQLSetCursorNameW
SQLNativeSqlW
SQLGetCursorNameW
BCP_exec
SQLGetEnvAttr
SQLBindParameter
SQLCopyDesc
SQLGetDiagFieldW
SQLFreeHandle
SQLDebug
BCP_colfmt
SQLProceduresW
SQLGetFunctions
ConnectDlgProc
WizLanguageDlgProc
BCP_moretext
SQLGetInfoW
SQLSetEnvAttr
SQLParamOptions
BCP_control
SQLSetConnectOptionW
SQLConnectW
SQLSetConnectAttrW
SQLGetDescRecW
SQLGetConnectAttrW

Sections

.text
Size: 714KB - Virtual size: 713KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b4ef88a50890c20346cf64638ad4b80

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

sqlsrv32

Sections

.text Size: 714KB - Virtual size: 713KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 4KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 714KB - Virtual size: 713KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 4KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB