8badf9ae6d71db13aa33fac58ee07068648abe9a0152cd57b6db30f1b46d3abd

Sharing

Copy URL Twitter E-mail

General

Target

8badf9ae6d71db13aa33fac58ee07068648abe9a0152cd57b6db30f1b46d3abd
Size

210KB
MD5

91a3ccf002bdb06d70446c022f10c470
SHA1

8695660742bfd394ba237d9045f890bdda6cc8b6
SHA256

8badf9ae6d71db13aa33fac58ee07068648abe9a0152cd57b6db30f1b46d3abd
SHA512

4ad0b142f40ae26f272846797fe90f2433014b578d52c19179c8ede9d52619f653db020f19829d1a7c89f55579c80b103bcea94aa324373242fa607e97798592
SSDEEP

6144:gI0S5VnMlSq2eJ50HgaA9lquAR++JFPKE/QamZ:iS5elSOD0HgN9bgLPKU+Z

Score

N/A

Malware Config

Signatures

Files

8badf9ae6d71db13aa33fac58ee07068648abe9a0152cd57b6db30f1b46d3abd
.exe windows x86

8bd40b823a8b16ab53eabbebeabb4446

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlsrv32

SQLGetEnvAttr
SQLColAttributeW
SQLStatisticsW
SQLGetConnectOptionW
BCP_readfmt
SQLBindParameter
SQLRowCount
SQLGetDescRecW
SQLFreeHandle
SQLNativeSqlW
BCP_init
SQLFetchScroll
SQLPrepareW
SQLSetConnectAttrW
SQLSetStmtAttrW
WizDSNDlgProc
BCP_columns
SQLProceduresW
BCP_getcolfmt
BCP_writefmt
SQLDebug
BCP_done
BCP_colfmt
WizIntSecurityDlgProc
SQLCopyDesc
BCP_colptr
BCP_setcolfmt
SQLBindCol
SQLDriverConnectW

kernel32

FindAtomW
WriteProfileStringW
GetCurrentProcess
SetThreadLocale
QueryInformationJobObject
CreatePipe
WritePrivateProfileStructW
SetCommBreak
EnumCalendarInfoW
RemoveLocalAlternateComputerNameW
TlsAlloc
LoadLibraryA
HeapUnlock
MapViewOfFile
ReadConsoleOutputCharacterW
BackupSeek
CreateFileA

wldap32

ldap_parse_page_controlW
LdapMapErrorToWin32
ldap_controls_free
ldap_conn_from_msg
ldap_close_extended_op
ldap_parse_reference
ldap_get_dn
ldap_next_attributeA
ldap_sslinitW
ldap_search_ext
ldap_bind_sW
ldap_get_valuesA
ldap_err2stringA
ldap_parse_page_controlA
ldap_rename_extW
ber_first_element
ldap_parse_sort_controlW
ldap_search_init_pageA
ldap_parse_referenceA

crtdll

_strninc
_tell
wcsspn
strrchr
_ismbbtrail
ungetc
atoi
_onexit
_commit
_spawnv
_mbsinc
_daylight_dll

cmpbk32

PhoneBookHasPhoneType
PhoneBookGetRegionNameA
PhoneBookGetCountryNameW
PhoneBookGetCurrentCountryId
PhoneBookCopyFilter
PhoneBookMatchFilter
PhoneBookEnumRegions
PhoneBookUnload
PhoneBookGetPhoneDUNA
PhoneBookGetPhoneDispA
PhoneBookParseInfoA

ntdll

RtlFreeAnsiString
RtlEnumerateGenericTableWithoutSplayingAvl
NtReleaseSemaphore
NtImpersonateThread
RtlCreateUserSecurityObject
NtAccessCheckByTypeAndAuditAlarm
ZwCreateKey
NtCreateDebugObject

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8bd40b823a8b16ab53eabbebeabb4446

Headers

File Characteristics

Imports

sqlsrv32

kernel32

wldap32

crtdll

cmpbk32

ntdll

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 512B - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 47KB

.rsrc Size: 2KB - Virtual size: 1KB

.data Size: 42KB - Virtual size: 42KB

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 512B - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 47KB

.rsrc
Size: 2KB - Virtual size: 1KB

.data
Size: 42KB - Virtual size: 42KB