c8df959c4aad43ed0c1905056ca2957a9b61dc103b76d35ae90415c6ac16b8ea

Sharing

Copy URL Twitter E-mail

General

Target

c8df959c4aad43ed0c1905056ca2957a9b61dc103b76d35ae90415c6ac16b8ea
Size

823KB
MD5

0c977a0111e7a4be99d7f70d47e7cbd5
SHA1

20ddfdc4fe47a8c4b2892deb3af66930187746e0
SHA256

c8df959c4aad43ed0c1905056ca2957a9b61dc103b76d35ae90415c6ac16b8ea
SHA512

472ae709de4c90ffa06f8bc6938208fb8454d273368c5d9aa8de0f2c7e5ebebaba6eea7368dce1eb3c1bcfc8d8fa6860021e6020c55a59d44ccc7fc9451552f2
SSDEEP

24576:haSM+UhCTQJtnQ7tFhZOmjad+1w8FkoDmNPF5:wtk2uwQDmV

Score

N/A

Malware Config

Signatures

Files

c8df959c4aad43ed0c1905056ca2957a9b61dc103b76d35ae90415c6ac16b8ea
.exe windows x86

a7af3771dcd4807e88c38ce080a76e0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbc32

SearchStatusCode
SQLDataSourcesW
SQLDataSources
SQLPrimaryKeysW
SQLGetDiagRec
SQLProcedures
SQLNativeSqlW
SQLDriverConnectA
SQLStatisticsW
SQLGetCursorNameW
SQLTablePrivilegesA
SQLGetConnectOptionW
PostODBCError
SQLGetTypeInfo
SQLSetDescRec

shell32

SHChangeNotify
DragQueryFile
RegenerateUserEnvironment
SHEnumerateUnreadMailAccountsW
SHHelpShortcuts_RunDLL
SHGetIconOverlayIndexA
SHLoadInProc
StrRStrIW
SHGetFolderPathAndSubDirA
Control_RunDLLAsUserW
DragQueryFileW
Options_RunDLL
Control_RunDLLA
SHGetDataFromIDListA
DllInstall
StrStrA
SheSetCurDrive
SHGetSettings
SHCreateQueryCancelAutoPlayMoniker

vfpodbc

SQLSetConnectOption
fnVfpodbc
LibMain
??4CVfpodbc@@QAEAAV0@ABV0@@Z
ConfigDSNEx
ConfigDSN

regapi

RegWinStationAccessCheck
RegDefaultUserConfigQueryW
RegWinStationQueryA
RegCdEnumerateW
RegFreeUtilityCommandList
RegWdEnumerateW
RegCdQueryW
RegDefaultUserConfigQueryA
RegOpenServerA
RegSAMUserConfig
RegCdCreateA
RegUserConfigQuery
RegWdCreateA
RegDenyTSConnectionsPolicy
RegWdQueryA
RegUserConfigRename
RegWinStationQuerySecurityA
RegWinStationDeleteA
RegPdEnumerateA
RegPdQueryW
RegWinStationCreateA
RegWinStationDeleteW
RegPdDeleteW
RegWinStationQueryNumValueW
RegPdEnumerateW

kernel32

FreeLibrary
LZDone
GetLocaleInfoW
LoadLibraryW
CreateDirectoryExA
GetProcessId
lstrcpyW
FormatMessageA
ShowConsoleCursor
FileTimeToLocalFileTime
GetEnvironmentStringsA
CreateDirectoryExW
GetConsoleInputExeNameW

Sections

.text
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7af3771dcd4807e88c38ce080a76e0f

Headers

DLL Characteristics

File Characteristics

Imports

odbc32

shell32

vfpodbc

regapi

kernel32

Sections

.text Size: 345KB - Virtual size: 345KB

.rdata Size: 144KB - Virtual size: 144KB

.data Size: 165KB - Virtual size: 1.6MB

.rsrc Size: 166KB - Virtual size: 165KB

.reloc Size: 1024B - Virtual size: 860B

.text
Size: 345KB - Virtual size: 345KB

.rdata
Size: 144KB - Virtual size: 144KB

.data
Size: 165KB - Virtual size: 1.6MB

.rsrc
Size: 166KB - Virtual size: 165KB

.reloc
Size: 1024B - Virtual size: 860B