cfdb22c9a6faaf73fdbdfe9bb54fe36bd074f812a53a20d5e95bb2ea7079ba56

Sharing

Copy URL Twitter E-mail

General

Target

cfdb22c9a6faaf73fdbdfe9bb54fe36bd074f812a53a20d5e95bb2ea7079ba56
Size

57KB
MD5

b521f600180bead8e25ee930b8be6c1b
SHA1

e3c0d4fc9e5f141511e3b1b23e86a595b7c0738e
SHA256

cfdb22c9a6faaf73fdbdfe9bb54fe36bd074f812a53a20d5e95bb2ea7079ba56
SHA512

d5022980835e34ded27734dc8f321314289e51e88bab98537a175fdde7975700a5a5c51541cb0044dc2dc5bf6cf5ff1fecd723fae36de70f56949dff6ede9edd
SSDEEP

768:edp48bPTDdU1IfjHYSelln5dg6xKc2vCJ8bEin9mik7W66SLcTrfrpLVf8NHIvIi:ATu1Hllln5dgVwCgnpPAfN98CIQ6Wso

Score

N/A

Malware Config

Signatures

Files

cfdb22c9a6faaf73fdbdfe9bb54fe36bd074f812a53a20d5e95bb2ea7079ba56
.exe windows x86

3bd74409a90c900f564bfea2f80f5eb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

atmlib

ATMInstallSubstFontA
ATMInstallSubstFontW
ATMGetBuildStr
ATMMakePSSW
ATMEnumMMFonts
ATMBBoxBaseXYShowTextW
ATMAddFontEx
ATMGetGlyphListA
ATMGetOutline
ATMAddFont
ATMGetVersion
ATMFontAvailableW
ATMProperlyLoaded
ATMGetPostScriptNameW
ATMGetBuildStrW
ATMXYShowTextW
ATMBeginFontChange
ATMRemoveSubstFontA
ATMSetFlags
ATMGetFontInfo
ATMGetPostScriptName
ATMGetFontPathsW
ATMXYShowTextA
ATMGetMenuName
ATMGetVersionEx
ATMSelectObject
ATMGetFontInfoW
ATMGetNtmFieldsA
ATMGetGlyphList
ATMFontStatus
ATMClient
ATMAddFontExW
ATMGetGlyphListW

rtm

RtmBlockDeleteRoutes
RtmDeleteRouteList
MgmGetFirstMfe
RtmBlockMethods
RtmDequeueRouteChangeMessage
NextMatchInTable
RtmGetRegisteredEntities
RtmRegisterClient
RtmDeleteNextHop
RtmMarkDestForChangeNotification
MgmGroupEnumerationStart
RtmReleaseNextHopInfo
RtmGetAddressFamilyInfo
RtmHoldDestination
RtmRegisterEntity
RtmGetLessSpecificDestination
DestroyTable
RtmRegisterForChangeNotification
DeleteFromTable
RtmCloseEnumerationHandle
RtmBlockConvertRoutesToStatic
RtmGetExactMatchRoute
RtmCreateEnumerationHandle
BestMatchInTable
RtmReleaseDestInfo
RtmReleaseNextHops
RtmGetNetworkCount
RtmDeleteRouteToDest
MgmGroupEnumerationEnd
RtmIsBestRoute
RtmGetDestInfo
RtmGetExactMatchDestination
MgmReleaseInterfaceOwnership

kernel32

ReadProcessMemory
IsBadStringPtrW
GetFirmwareEnvironmentVariableW
FreeUserPhysicalPages
FindVolumeMountPointClose
GetUserDefaultLCID
LocalSize
GetNumberOfConsoleFonts
FindResourceW
MapViewOfFile
SetConsoleCursor
lstrcat
UTRegister
SetConsoleCtrlHandler
FillConsoleOutputAttribute
GetStartupInfoW
GetPriorityClass
FileTimeToLocalFileTime
OpenWaitableTimerA
GetFileAttributesExA
LeaveCriticalSection
SetComputerNameExA
VirtualAlloc
ReplaceFileW
ChangeTimerQueueTimer
SetFirmwareEnvironmentVariableW
FileTimeToSystemTime
WaitForMultipleObjectsEx
GetWriteWatch
SetProcessPriorityBoost
FindNextVolumeMountPointW
ReleaseMutex
GetSystemPowerStatus
LZRead
GlobalUnlock
GlobalAlloc
WTSGetActiveConsoleSessionId
FindFirstFileExA
IsBadHugeWritePtr
CreateFileW
GetNumaNodeProcessorMask
DeleteVolumeMountPointA
AllocateUserPhysicalPages
ReadConsoleW
IsDebuggerPresent
CreateMutexA
LoadLibraryA
GetDiskFreeSpaceExA
lstrcpyn
GetConsoleAliasesW
GetTempPathA
CommConfigDialogW
FreeEnvironmentStringsW
ScrollConsoleScreenBufferA
WriteConsoleOutputW
CompareFileTime
SetEvent
EnumResourceNamesA
SetHandleContext
RemoveDirectoryA

dbnetlib

ConnectionMode
TermSession
InitSSPIPackage
ConnectionRead
ConnectionTransact
ConnectionSqlVer
ConnectionWrite
TermSSPIPackage
CloseEnumServers
ConnectionStatus
ConnectionObjectSize
GetNextEnumeration
ConnectionVer
ConnectionServerEnumW
ConnectionErrorW
ConnectionWriteOOB
ConnectionOpen
ConnectionError
InitSession
ConnectionOpenW
ConnectionCheckForData
ConnectionOption
ConnectionGetSvrUser
ConnectionClose
GenClientContext
ConnectionServerEnum
InitEnumServers
ConnectionFlushCache

msvcirt

?endl@@YAAAVostream@@AAV1@@Z
?tellp@ostream@@QAEJXZ
?pbackfail@stdiobuf@@UAEHH@Z
??5istream@@QAEAAV0@PAC@Z
?allocate@streambuf@@IAEHXZ
??0ofstream@@QAE@XZ
?get@istream@@QAEAAV1@AAD@Z
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
??_Gfilebuf@@UAEPAXI@Z
??_7istream_withassign@@6B@
??5istream@@QAEAAV0@AAJ@Z
?sync@stdiobuf@@UAEHXZ
?setmode@ofstream@@QAEHH@Z
??_Estrstream@@UAEPAXI@Z
?put@ostream@@QAEAAV1@E@Z
?ends@@YAAAVostream@@AAV1@@Z
?setmode@fstream@@QAEHH@Z
??0strstream@@QAE@XZ
??0ostream@@QAE@PAVstreambuf@@@Z
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
?sync@streambuf@@UAEHXZ
?cin@@3Vistream_withassign@@A
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
??_8iostream@@7Bostream@@@
?basefield@ios@@2JB
??0iostream@@IAE@ABV0@@Z
??_8ifstream@@7B@

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bd74409a90c900f564bfea2f80f5eb8

Headers

DLL Characteristics

File Characteristics

Imports

atmlib

rtm

kernel32

dbnetlib

msvcirt

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 11KB - Virtual size: 10KB