12a100d8d89920c05a25b0f0cb4d348097e91e76c9ffc4da6e44619692ae97a9

Sharing

Copy URL

Twitter E-mail

General

Target

12a100d8d89920c05a25b0f0cb4d348097e91e76c9ffc4da6e44619692ae97a9
Size

743KB
MD5

81375c489f4bd8e284e319b0d078a190
SHA1

c0a08abc69f3c646fe464d5f77c62e94b1216037
SHA256

12a100d8d89920c05a25b0f0cb4d348097e91e76c9ffc4da6e44619692ae97a9
SHA512

99594c12b19472cbe8fd1f48c6a6e12471d19968cb50f90813def95f0346419964bcdc77e428952fdde1056a091ee7db4f721e0706f29201fbbc163e1cc1f099
SSDEEP

12288:QnwLCB/xtIFY1I9lezfLx2f7bo1AVECML+EMDrK0g0nirDY1YVZSrF:Qnw+ZtnelejLxEE1AJMAWn6YZSr

Score

N/A

Malware Config

Signatures

Files

12a100d8d89920c05a25b0f0cb4d348097e91e76c9ffc4da6e44619692ae97a9
.exe windows x86

43c5826ab43d735644bf0e067ffd5211

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mprapi

MprConfigGetGuidName
MprConfigBufferFree
MprAdminInterfaceGetInfo
MprConfigTransportGetHandle
MprConfigServerConnect
MprAdminServerDisconnect
MprAdminBufferFree
MprConfigInterfaceTransportAdd
MprConfigInterfaceTransportGetInfo
MprConfigTransportDelete
MprConfigInterfaceGetHandle
MprAdminMIBEntrySet
MprAdminUserWrite
MprInfoBlockFind
MprAdminInterfaceEnum
MprAdminUserServerDisconnect
MprAdminUserRead
MprAdminUserOpen
MprConfigTransportGetInfo
MprInfoDelete
MprConfigInterfaceTransportSetInfo
MprAdminMIBEntryGetNext
MprAdminConnectionGetInfo
MprAdminInterfaceDelete
MprAdminMIBBufferFree

shell32

SHFileOperationA
ExtractIconA
SHGetInstanceExplorer
SHGetSpecialFolderLocation
SHGetFileInfoA
ExtractIconW
SHPathPrepareForWriteW
SHGetDesktopFolder
SHBindToParent
SHAddToRecentDocs
SHBrowseForFolderW
SHSetLocalizedName
DragQueryFileW
SHChangeNotifySuspendResume
SHBrowseForFolderA
SHGetFileInfoW
ShellExecuteW
SHInvokePrinterCommandW

uxtheme

IsThemePartDefined
IsThemeActive
GetThemeBackgroundRegion
GetThemeAppProperties
EnableThemeDialogTexture
GetThemeBackgroundExtent
DrawThemeIcon
DrawThemeBackground
GetThemeRect
SetWindowTheme
DrawThemeParentBackground
GetThemeTextExtent
GetCurrentThemeName
GetThemePartSize

kernel32

GetAtomNameW
InterlockedIncrement
IsBadHugeWritePtr
MultiByteToWideChar
CompareStringA
lstrlenW
CloseProfileUserMapping
SetNamedPipeHandleState
GetSystemInfo
GetModuleHandleA
SetInformationJobObject
DosDateTimeToFileTime
OpenWaitableTimerW
GetTimeZoneInformation
CreateFileMappingA
DeviceIoControl
RaiseException
GetProfileStringW
VirtualAlloc
ExitProcess
lstrcmpiW
BackupWrite
GetVersionExA
FoldStringW
CreateTapePartition
GetProcessVersion
GetPrivateProfileSectionA
ReleaseMutex
PulseEvent
SetEndOfFile
lstrcmpW

odbc32

CursorLibTransact
CursorLibLockDesc
ValidateErrorQueue
LockHandle
PostODBCError
PostODBCComponentError
SearchStatusCode
CursorLibLockStmt
VRetrieveDriverErrorsRowCol
CursorLibLockDbc
SQLTables
VFreeErrors

msvcrt

_strcmpi
memcpy
__p__commode
_ismbcalpha
__CxxFrameHandler
_putws
_setjmp
_fdopen
__p__fmode
wcsncat
_CIacos
_waccess
wcsncpy
ctime
swprintf
_wstat
system

advapi32

TraceEvent
ImpersonateLoggedOnUser
CryptGetProvParam
ReportEventA
RegOpenUserClassesRoot
RegOpenCurrentUser
ConvertSecurityDescriptorToStringSecurityDescriptorW
WmiQueryAllDataW
EnumServicesStatusExA
SetEntriesInAclA
CreateServiceW
CryptDuplicateHash
RegQueryValueExA
RegQueryMultipleValuesW
RegRestoreKeyA
LsaFreeMemory
CryptCreateHash
StopTraceW
GetSidIdentifierAuthority
LsaQueryTrustedDomainInfoByName
RegEnumKeyA
MakeAbsoluteSD
RegCreateKeyExA

oleaut32

SysAllocStringLen
SafeArrayGetLBound
VariantInit
SafeArrayGetUBound
VariantChangeType
VariantCopy
SysAllocStringByteLen
GetActiveObject
GetErrorInfo
SafeArrayCreate
SysFreeString
VariantClear
SysReAllocStringLen
VariantCopyInd
SysStringLen
VariantChangeTypeEx
SafeArrayPtrOfIndex

Sections

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 19KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 173KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 435KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43c5826ab43d735644bf0e067ffd5211

Headers

DLL Characteristics

File Characteristics

Imports

mprapi

shell32

uxtheme

kernel32

odbc32

msvcrt

advapi32

oleaut32

Sections

.data Size: 4KB - Virtual size: 3KB

.text Size: 19KB - Virtual size: 363KB

DATA Size: 173KB - Virtual size: 415KB

CRT Size: 435KB - Virtual size: 536KB

.rsrc Size: 110KB - Virtual size: 109KB

.reloc Size: 1024B - Virtual size: 152B

.data
Size: 4KB - Virtual size: 3KB

.text
Size: 19KB - Virtual size: 363KB

DATA
Size: 173KB - Virtual size: 415KB

CRT
Size: 435KB - Virtual size: 536KB

.rsrc
Size: 110KB - Virtual size: 109KB

.reloc
Size: 1024B - Virtual size: 152B