88b7ed40b1daeaf1ae248bdc1f69c356d9cdf4b18dd9b39008591b1035f71916

Sharing

Copy URL Twitter E-mail

General

Target

88b7ed40b1daeaf1ae248bdc1f69c356d9cdf4b18dd9b39008591b1035f71916
Size

926KB
MD5

90b4b61b8e4ed8a6a2e50d3ad9528450
SHA1

7db639b53e430673b1fefed808a0974e4238b2f7
SHA256

88b7ed40b1daeaf1ae248bdc1f69c356d9cdf4b18dd9b39008591b1035f71916
SHA512

71f98b06ee51d62e3711c68352528a7846515f6894ce904517ffb0fbd4ffe2bcca10f17dee1ad373d4bde28d7f476f3aff3448b03681cb817bb4f4561f42d414
SSDEEP

24576:OkdUYHrBjX13g0dOuhxs+oGBNbr5aZ7bHwsBH:L9BrlgLug4BbaZP3

Score

N/A

Malware Config

Signatures

Files

88b7ed40b1daeaf1ae248bdc1f69c356d9cdf4b18dd9b39008591b1035f71916
.exe windows x86

80b0c02daca1237660916de5c659fd70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_mbslen
sprintf
_spawnlp
isalpha
_beginthreadex
__getmainargs
wcsstr
fputwc
__wgetmainargs
__p__fmode
__p__commode
abs
_EH_prolog
_vsnprintf
_fdopen
__RTDynamicCast
wprintf
wcstod
tolower
_strcmpi
toupper
_wstrdate
__crtCompareStringA
_flushall
_fstat
_wfopen
_timezone
wcspbrk
putc

kernel32

Sleep
GetModuleFileNameW
EnumResourceNamesW
GlobalGetAtomNameA
CreateFileMappingW
GetLogicalDriveStringsA
GlobalSize
InterlockedDecrement
ScrollConsoleScreenBufferA
GetPrivateProfileStringW
GetTickCount
CreateWaitableTimerW
CreateProcessW
Process32NextW
ReadDirectoryChangesW
IsValidLocale
LCMapStringW
WTSGetActiveConsoleSessionId
VirtualProtect
GlobalFlags
GetPrivateProfileIntW
GetCurrencyFormatW
ConvertThreadToFiber
WritePrivateProfileStringW
LoadResource
IsDebuggerPresent
SetVDMCurrentDirectories
WaitCommEvent
InterlockedExchange
VirtualAlloc
IsBadReadPtr
GetVolumeNameForVolumeMountPointA
GlobalHandle
GetLogicalDrives
HeapWalk
GetCalendarInfoA
GetLongPathNameW
QueryDosDeviceW
GetShortPathNameW
CreateMailslotW
GetDriveTypeA

tapi32

lineInitializeExA
lineNegotiateAPIVersion
lineOpenW
lineGetCallStatus
lineGetAddressCapsA
lineSetStatusMessages
lineGetIDA
lineConfigDialogW
lineAnswer
lineDeallocateCall
lineMakeCall
lineSetCurrentLocation
tapiGetLocationInfoW
lineNegotiateExtVersion
lineOpenA
lineInitialize
lineSetDevConfigA
lineInitializeExW
lineGetTranslateCapsW
lineMakeCallA
lineTranslateDialogW
lineDrop
lineGetCountryW
lineConfigDialog
lineGetCallInfoA
lineGetDevCapsA
lineGetDevCapsW
lineOpen
lineGetID
lineGetDevConfigA
lineShutdown
lineAccept

ole32

CoQueryClientBlanket
CoGetMarshalSizeMax
CoQueryProxyBlanket
HGLOBAL_UserSize
CoCreateInstanceEx
HGLOBAL_UserFree
CLIPFORMAT_UserFree
STGMEDIUM_UserMarshal
CoCancelCall
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetClassObject
CreateDataAdviseHolder
HWND_UserMarshal
HPALETTE_UserMarshal
OleNoteObjectVisible
CoMarshalInterThreadInterfaceInStream
OleSetClipboard
CoIsOle1Class
StgConvertVariantToProperty
CoGetObject
STGMEDIUM_UserUnmarshal
IsEqualGUID
CoInitializeEx
OleQueryCreateFromData

odbc32

LockHandle
CursorLibTransact
CursorLibLockStmt
SearchStatusCode
PostODBCError
CursorLibLockDesc
VFreeErrors
ValidateErrorQueue
SQLProcedureColumnsA
VRetrieveDriverErrorsRowCol
CursorLibLockDbc
PostODBCComponentError

rtutils

MprSetupProtocolFree
TracePrintfExW
TracePutsExA
TraceRegisterExW
RouterLogEventStringA
TracePrintfA
RouterLogEventExA
LogEventA
TraceRegisterExA
TracePrintfExA
TraceDeregisterExA
RouterLogEventDataA
LogEventW
RouterLogRegisterA
RouterLogDeregisterW
RouterLogDeregisterA
MprSetupProtocolEnum
LogErrorA

iphlpapi

DeleteIpForwardEntry
InternalSetIpStats
GetAdaptersInfo
GetIpForwardTable
InternalCreateIpNetEntry
AllocateAndGetIpAddrTableFromStack
EnableRouter
FlushIpNetTable
InternalGetIfTable
GetInterfaceInfo
GetIfTable
GetNetworkParams
InternalDeleteIpForwardEntry
InternalGetUdpTable
InternalGetTcpTable
InternalGetIpNetTable
InternalSetTcpEntry
GetTcpTable
GetUdpTable
NhGetInterfaceNameFromGuid
UnenableRouter
InternalDeleteIpNetEntry
InternalCreateIpForwardEntry
GetIpStatistics
InternalSetIpForwardEntry
GetIpAddrTable
NotifyAddrChange
CreateProxyArpEntry
SendARP

advapi32

ControlTraceW
QueryServiceStatus
ChangeServiceConfigW
WmiCloseBlock
GetLengthSid
RegNotifyChangeKeyValue
ConvertStringSidToSidA
SetEntriesInAclW
GetKernelObjectSecurity
OpenServiceA
AddAccessAllowedAce
RegCreateKeyExA
CryptDecrypt
CreatePrivateObjectSecurity
GetTraceEnableLevel
RegDeleteKeyA
GetSidIdentifierAuthority
WmiDevInstToInstanceNameW
RegUnLoadKeyW
CryptAcquireContextA
StartTraceW
LsaLookupNames
GetSecurityInfo

Sections

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 93KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 712KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80b0c02daca1237660916de5c659fd70

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

tapi32

ole32

odbc32

rtutils

iphlpapi

advapi32

Sections

.data Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 784B

.text Size: 93KB - Virtual size: 527KB

.idata Size: 712KB - Virtual size: 1.1MB

.rsrc Size: 110KB - Virtual size: 109KB

.reloc Size: 2KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 784B

.text
Size: 93KB - Virtual size: 527KB

.idata
Size: 712KB - Virtual size: 1.1MB

.rsrc
Size: 110KB - Virtual size: 109KB

.reloc
Size: 2KB - Virtual size: 1KB