b8d92e0edaf5d36fbde3b5e0a4cd5113fc75b0bfa033ee3065bbe0cbcf8a278b

Sharing

Copy URL

Twitter E-mail

General

Target

b8d92e0edaf5d36fbde3b5e0a4cd5113fc75b0bfa033ee3065bbe0cbcf8a278b
Size

162KB
MD5

72b189aca1143fd8ec986c67f9ddb790
SHA1

93bec58f0f4eef338c2a3c58d30c66544f290ecd
SHA256

b8d92e0edaf5d36fbde3b5e0a4cd5113fc75b0bfa033ee3065bbe0cbcf8a278b
SHA512

7a9735be569ecd7a8cb4c6ecf93be4be0bd934d7bd8dbaa9ae5136d27424aeafdc3c9bf7cbc25b945f2f1677376fc8270100a8edb9494353426dec2994ed2b6a
SSDEEP

3072:zTPBHaVNmGaCUFiA6MpQDujMfg8d81vSsMehbyLciVGMjMxvpytvGoXRi79Eh:zlyQPYA6MmDnovSs4LjMKDRIEh

Score

N/A

Malware Config

Signatures

Files

b8d92e0edaf5d36fbde3b5e0a4cd5113fc75b0bfa033ee3065bbe0cbcf8a278b
.exe windows x86

e47b73b720704dc75c43c7d3bf4cd6aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
CreateDirectoryExA
Module32First
GetSystemInfo
GetThreadLocale
UpdateResourceW
VirtualUnlock
GetLongPathNameA
LoadLibraryW

dciman32

DCICreateOverlay
DCIOpenProvider
DCICreatePrimary
DCICloseProvider
WinWatchOpen
WinWatchNotify
DCICreateOffscreen
WinWatchDidStatusChange
DCIDestroy
GetDCRegionData
WinWatchGetClipList
DCISetSrcDestClip
DCIDraw
DCISetDestination

ntdll

NtWaitForMultipleObjects
NtSetBootOptions
ZwMapUserPhysicalPages
NtAccessCheckByTypeResultListAndAuditAlarm
NtLockRegistryKey
__toascii
RtlAcquirePebLock
NtWaitLowEventPair
NtCreateWaitablePort
ZwOpenFile

sqlsrv32

SQLColAttributeW
SQLSetDescFieldW
SQLSetConnectOptionW
SQLDescribeColW
SQLExecDirectW
SQLCopyDesc
BCP_colfmt
SQLNumParams
SQLDisconnect
SQLSetStmtAttrW
SQLSetPos
SQLRowCount
SQLSetEnvAttr
SQLNumResultCols
SQLCancel

crypt32

I_CryptGetAsn1Encoder
CryptSIPRemoveProvider
CertUnregisterSystemStore
CertVerifyTimeValidity
CryptStringToBinaryA
CertSaveStore
CertEnumSystemStore
I_CryptInsertLruEntry
CertRDNValueToStrW

utildll

QueryCurrentWinStation
GetUserFromSid
GetUnknownString
RegGetNetworkDeviceName
StrConnectState
SetupAsyncCdConfig
WinEnumerateDevices
TestUserForAdmin
CompareElapsedTime
CachedGetUserFromSid
InitializeAnonymousUserCompareList
StrSystemWaitReason
GetSystemMessageW
ConfigureModem
ParseDecoratedAsyncDeviceName
ElapsedTimeString
StrProcessState
AsyncDeviceEnumerate
InstallModem
DateTimeString
NetworkDeviceEnumerate
StandardErrorMessage
StrSdClass
IsPartOfDomain
FormDecoratedAsyncDeviceName

msv1_0

MsvGetLogonAttemptCount
MsvSamValidate
Msv1_0SubAuthenticationPresent
LsaApCallPackage
SpUserModeInitialize
LsaApCallPackagePassthrough
SpInitialize
LsaApLogonTerminated
LsaApLogonUserEx2
MsvSamLogoff
LsaApInitializePackage
SpLsaModeInitialize
SpInstanceInit
Msv1_0ExportSubAuthenticationRoutine
LsaApCallPackageUntrusted

ifsutil

?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?GetNextDataSlot@TLINK@@QAEAAVBIG_INT@@XZ
?Initialize@INTSTACK@@QAEEXZ
?GetDrive@SUPERAREA@@QAEPAVIO_DP_DRIVE@@XZ
??0LOG_IO_DP_DRIVE@@QAE@XZ
?QuerySize@TLINK@@QBEGXZ
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?IsThisNtfs@IFS_SYSTEM@@SGEVBIG_INT@@KPAX@Z
?Initialize@READ_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
??0SPARSE_SET@@QAE@XZ
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QAEPAXW4_CANNED_SECURITY_TYPE@@PAK@Z
?Initialize@DIGRAPH@@QAEEK@Z
??1CANNED_SECURITY@@UAE@XZ
?IsArcSystemPartition@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?ShellSort@TLINK@@QAEXXZ

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e47b73b720704dc75c43c7d3bf4cd6aa

Headers

File Characteristics

Imports

kernel32

dciman32

ntdll

sqlsrv32

crypt32

utildll

msv1_0

ifsutil

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 58KB - Virtual size: 57KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 58KB - Virtual size: 57KB

.rsrc
Size: 1KB - Virtual size: 1KB