844ba7108080174f96b374629fce9192d262eeb97efa95e29220347269ca788d

Sharing

Copy URL Twitter E-mail

General

Target

844ba7108080174f96b374629fce9192d262eeb97efa95e29220347269ca788d
Size

48KB
MD5

441732509c1aefad402ac908217fe4ac
SHA1

4afbfa88ede6013ead62128cec6c00a118f49e0e
SHA256

844ba7108080174f96b374629fce9192d262eeb97efa95e29220347269ca788d
SHA512

1b978607a171615c476231afcdc93c427ec92b1546118004c62f3a7ad04dc428d2d71035225934f039d6229990921ebdb0917df6ac28ba8ac0f7793260a125dd
SSDEEP

768:wWj/a+uVDMcWIEsqqvjNrCM2pbrrphA3ReOBXYzwU9BOs:wM/HwDMcWB8UXv1hKecXY0U9BO

Score

N/A

Malware Config

Signatures

Files

844ba7108080174f96b374629fce9192d262eeb97efa95e29220347269ca788d
.exe windows x86

dc092a47c249cabb859b516a3deec60d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

EngUnicodeToMultiByteN
GetDIBits
GetViewportExtEx
SaveDC
ArcTo
CreateHalftonePalette
STROBJ_bEnum
StartFormPage
FONTOBJ_cGetAllGlyphHandles
PolyBezierTo
GetMetaFileW
DdEntry36
PlayMetaFileRecord
GetBitmapBits
GdiGradientFill
GdiEntry10
AddFontResourceTracking
SetBkColor
EnumICMProfilesW
GetWinMetaFileBits
GetTextCharacterExtra
GdiGetCharDimensions

kernel32

GetConsoleTitleW
GetConsoleScreenBufferInfo
SetConsoleNlsMode
SetMailslotInfo
FindResourceA
FindAtomA
VirtualAlloc
HeapCreate
SetEnvironmentVariableW
SetVDMCurrentDirectories
GetConsoleAliasExesLengthW
GetVolumePathNamesForVolumeNameA
SetConsoleLocalEUDC
GetFileSizeEx
LoadLibraryA
ClearCommBreak
GetVolumeNameForVolumeMountPointW
CreateIoCompletionPort
CommConfigDialogW
FlushFileBuffers
LocalAlloc
GetExitCodeProcess
RemoveVectoredExceptionHandler
EnumCalendarInfoExW
CreateHardLinkW
MapUserPhysicalPagesScatter
VirtualAllocEx
VDMConsoleOperation
Thread32Next
TlsGetValue
DebugActiveProcess
SystemTimeToFileTime

sqlunirl

newMultiByteFromWideChar
_TabbedTextOut_@32
_SetVolumeLabel_@8
_SHBrowseForFolder_@4
_LookupPrivilegeValue_@12
_ChangeDisplaySettings_@8
_EnumDesktops_@12
_DrawText@20
_CharUpperBuff_@8
_SetDefaultCommConfig_@12
_RegCreateKey_@12
_PrintDlg_@4
_GetEnhMetaFileDescription_@12
_VerQueryValue_@16
_CreateFileMapping_@24
_BroadcastSystemMessage_@20
_OpenEventLog_@8
_EnumICMProfiles_@12
_GetWindowsDirectory_@8
_FindResource@12

msvcp60

?round_error@?$numeric_limits@G@std@@SAGXZ
?pubimbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?readsome@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEHPAGH@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
?widen@?$ctype@G@std@@QBEGD@Z
??_7?$_Mpunct@D@std@@6B@
??Kstd@@YA?AV?$complex@N@0@ABV10@ABN@Z
?id@?$codecvt@GDH@std@@2V0locale@2@A
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??4?$complex@M@std@@QAEAAV01@ABV01@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??1?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?id@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?min@?$numeric_limits@G@std@@SAGXZ
?sin@?$_Ctr@O@std@@SAOO@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??_F?$numpunct@D@std@@QAEXXZ
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
?assign@?$char_traits@G@std@@SAXAAGABG@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0_Timevec@std@@QAE@ABV01@@Z
?close@?$messages@D@std@@QBEXH@Z

msdart

?SetBucketLockSpinCount@CLKRHashTable@@QAEXG@Z
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
?ValidSignature@CLKRLinearHashTable@@QBE_NXZ
?SetSpinCount@CCritSec@@QAE_NG@Z
?WriteLock@CSmallSpinLock@@QAEXXZ
?SetBucketLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
?IsReadLocked@CSpinLock@@QBE_NXZ
?IsReadUnlocked@CFakeLock@@QBE_NXZ
?Lock@CLockedSingleList@@QAEXXZ
??4CSpinLock@@QAEAAV0@ABV0@@Z
??1CReaderWriterLock2@@QAE@XZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
?IsWinNT4@CMdVersionInfo@@SAHXZ
?ConvertExclusiveToShared@CSmallSpinLock@@QAEXXZ
?IsReadUnlocked@CReaderWriterLock3@@QBE_NXZ
?IsWriteUnlocked@CLKRLinearHashTable@@QBE_NXZ
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?GetSpinCount@CFakeLock@@QBEGXZ
?First@CDoubleList@@QBEQAVCListEntry@@XZ
?IsWin9x@CMdVersionInfo@@SAHXZ

odbctrac

TraceSQLForeignKeysW
TraceSQLConnect
TraceSQLRowCount
TraceSQLSetEnvAttr
TraceSQLForeignKeys
TraceSQLBrowseConnect
TraceSQLExecDirectW
TraceSQLGetInfo
TraceSQLDataSources
TraceSQLNativeSql
TraceSQLAllocStmt
TraceCloseLogFile
TraceSQLNumResultCols
TraceSQLSetDescFieldW
TraceSQLGetDescRec
TraceSQLDisconnect
TraceVersion
TraceSQLFreeStmt
TraceSQLSpecialColumnsW
TraceSQLTables
TraceSQLFreeConnect

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc092a47c249cabb859b516a3deec60d

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

sqlunirl

msvcp60

msdart

odbctrac

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 17KB - Virtual size: 93KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 272B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 17KB - Virtual size: 93KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 272B