818a48e5058b4f669eaab0200029a0f1b73f2537786e7c834d8a9aff980d101b

Sharing

Copy URL

Twitter E-mail

General

Target

818a48e5058b4f669eaab0200029a0f1b73f2537786e7c834d8a9aff980d101b
Size

844KB
MD5

960a91643ed30a0f11ab4957421cbd6f
SHA1

2cc2b60b45941c1c8dc83ec96ab0df9be3e03648
SHA256

818a48e5058b4f669eaab0200029a0f1b73f2537786e7c834d8a9aff980d101b
SHA512

06f4b2f107a914d1e9577d41edc11fe9bf7c90b3f11b8f6c81fda50339c88e3dda1c2107b5d8cf8ab484f43adbb82f5e90c8bb4b504c9c0876a926f0c9c8df1d
SSDEEP

12288:Bswoiwos0xLlCVzlFnTiOAGTfaTgTJZThbxUNfd6oMl2UmQDRqH6Dcb6AwF:SwoZp0+lYOzfXdJUxknBFG6w5Y

Score

N/A

Malware Config

Signatures

Files

818a48e5058b4f669eaab0200029a0f1b73f2537786e7c834d8a9aff980d101b
.exe windows x86

1c6f1afcaca88789685d751c11a35fb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlQueueApcWow64Thread
RtlAllocateHandle
ZwSetSystemEnvironmentValueEx
strcmp
ZwSetSystemTime
towupper
NtTestAlert
RtlDeleteTimer
RtlLengthSid
RtlInitializeCriticalSectionAndSpinCount
ZwPrivilegeCheck
ZwCancelIoFile
NtTerminateJobObject
ZwProtectVirtualMemory
RtlInitUnicodeString
sin
tolower
RtlEnumerateGenericTableWithoutSplayingAvl
RtlCompareUnicodeString
ZwAccessCheckAndAuditAlarm
RtlNtStatusToDosErrorNoTeb
RtlGetDaclSecurityDescriptor
NtOpenObjectAuditAlarm
RtlDeleteResource
RtlConvertToAutoInheritSecurityObject
NtReplyWaitReplyPort
NtSaveMergedKeys
RtlCreateSecurityDescriptor
NtSetSecurityObject
NtFlushVirtualMemory
ZwWaitForDebugEvent
RtlAddAccessAllowedAceEx
NtQueryTimer
ZwAlertResumeThread
NtAlertThread
wcspbrk

odbcjt32

SQLProceduresW
AdvancedDialogProc
SQLExtendedFetch
SQLGetDescFieldW
SQLAllocConnect
SQLConnectW
SQLDriverConnectW
SQLColumnsW
SQLSetPos
InvisibleSelectDb
SQLSetStmtAttrW
ConfigDSN
SQLGetDescRecW
SQLGetStmtAttrW
DefTxtFmtDlgProc
SQLRowCount
SQLNumResultCols
SQLSetCursorNameW
SQLBindParameter
SQLFreeStmt
SQLCancel
SQLTablesW

kernel32

OpenMutexA
PrepareTape
CancelIo
CreateMutexA
VirtualLock
GetTimeFormatA
LoadLibraryA
VirtualFree
Process32NextW
InitializeCriticalSection
EnumResourceTypesA
GetCommModemStatus
OpenProcess
GetLogicalDriveStringsA
CancelDeviceWakeupRequest
UnmapViewOfFile
HeapLock
QueryDosDeviceW
LocalFree
GetFileAttributesW
BaseCleanupAppcompatCacheSupport
GetCalendarInfoA
CreateDirectoryExA
VirtualAlloc
Module32Next
IsValidCodePage
AddRefActCtx

Sections

.text
Size: 721KB - Virtual size: 721KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c6f1afcaca88789685d751c11a35fb0

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

odbcjt32

kernel32

Sections

.text Size: 721KB - Virtual size: 721KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 3KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 900B

.text
Size: 721KB - Virtual size: 721KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 3KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 900B