7615bd7598fbd61232aeefb8bd12b05a3b8477e286b73e11d67d674beb56a697

Sharing

Copy URL Twitter E-mail

General

Target

7615bd7598fbd61232aeefb8bd12b05a3b8477e286b73e11d67d674beb56a697
Size

46KB
MD5

134c63ac2529f54dcac00a07e53cafd5
SHA1

d1ab321a1bef01d7cd09c99199a0be5ee176b62c
SHA256

7615bd7598fbd61232aeefb8bd12b05a3b8477e286b73e11d67d674beb56a697
SHA512

3e10df4e102b1f0edff3fb80c6429182ba201ad2a3844e8b0524f9da07fd7c666085162ca640059a83eaf7ae033991cc903ba340e5edee7bb4b5fc413f85adad
SSDEEP

768:84HOBFEWA5bXHaPXfIzCO/Ogd275o9GqySlSMMaU0skaU36q4Azd+ZBLBvM4JOfX:81Fm5uO/OLnml+XyaU34eYZBFvOx6B85

Score

N/A

Malware Config

Signatures

Files

7615bd7598fbd61232aeefb8bd12b05a3b8477e286b73e11d67d674beb56a697
.exe windows x86

f69b75f39126fdc0481c56f41d71e9a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAddAccessDeniedAceEx
ZwSaveKeyEx
__isascii
RtlFreeAnsiString
RtlLargeIntegerSubtract
RtlUnicodeStringToAnsiSize
RtlEqualLuid
ZwAccessCheckAndAuditAlarm
RtlSetGroupSecurityDescriptor
RtlClearAllBits
RtlTimeToSecondsSince1970
RtlVerifyVersionInfo
RtlUnhandledExceptionFilter2
RtlDeNormalizeProcessParams
ZwQuerySymbolicLinkObject
wcstoul
RtlCreateHeap
ZwLoadKey2
RtlTraceDatabaseCreate
RtlAddAce
ZwQueryVolumeInformationFile
iswxdigit
ZwTerminateProcess
RtlMultiByteToUnicodeSize
LdrInitializeThunk
pow
ZwProtectVirtualMemory
NtReleaseKeyedEvent
ZwOpenObjectAuditAlarm
RtlApplicationVerifierStop
LdrQueryProcessModuleInformation
NtInitializeRegistry
RtlGetCurrentPeb

shlwapi

PathSetDlgItemPathA
PathIsContentTypeA
PathIsPrefixW
PathIsContentTypeW
AssocQueryStringW
StrFormatByteSizeW
UrlHashA
PathCombineW
StrToIntExW
SHGetValueA
AssocCreate
PathBuildRootA
StrFromTimeIntervalA
SHRegSetPathW
PathMatchSpecA
UrlIsOpaqueA
ChrCmpIA
PathIsUNCServerShareA
UrlIsW
PathSkipRootA
SHStrDupA
SHCopyKeyA
SHDeleteValueA
IntlStrEqWorkerA
PathQuoteSpacesA
PathUnExpandEnvStringsA

odbc32

SQLFetchScroll
SQLNumResultCols
PostODBCComponentError
SQLDataSourcesW
VRetrieveDriverErrorsRowCol
SQLSetDescFieldA
SQLExecDirectA
CursorLibTransact
SQLMoreResults
SQLColumnsW
SQLErrorW
SQLTablePrivileges
SQLGetCursorNameA
SQLNativeSqlW
SQLGetStmtAttrA
SQLForeignKeysW
SQLBindParameter
SQLPrepare
SQLDisconnect
SQLTablesA
SQLExecDirect
VFreeErrors
SQLGetInfoA
ODBCSetTryWaitValue
SQLEndTran
SQLBrowseConnectW
SQLDriversW
SQLPrepareA
PostComponentError
SQLGetDiagFieldA
SQLDrivers
ValidateErrorQueue
SQLGetData

crypt32

I_CryptInsertLruEntry
CertUnregisterPhysicalStore
CryptMsgOpenToDecode
CertGetValidUsages
CertFindCTLInStore
CertFreeCertificateContext
CryptMsgCountersign
CertVerifyRevocation
CryptVerifyCertificateSignature
CryptSIPVerifyIndirectData
CertIsRDNAttrsInCertificateName
I_CryptEnumMatchingLruEntries
CertGetIntendedKeyUsage
CryptSIPRetrieveSubjectGuid
RegOpenKeyExU
CryptStringToBinaryW
CryptLoadSip
CertStrToNameA
CryptSIPGetSignedDataMsg
CertCompareCertificate
CertFindCertificateInStore
CryptMsgGetAndVerifySigner
CertAddEncodedCTLToStore
CryptSIPLoad
CryptRegisterOIDInfo
CryptMsgGetParam
CryptExportPublicKeyInfo
CryptInstallDefaultContext
I_CertUpdateStore
CertCompareIntegerBlob

kernel32

GetConsoleMode
WriteConsoleInputA
HeapCreate
ReadConsoleInputExW
InitAtomTable
ExpandEnvironmentStringsW
GetStdHandle
IsDBCSLeadByteEx
LeaveCriticalSection
GetPrivateProfileStringA
Process32NextW
VerLanguageNameA
TransmitCommChar
GetOEMCP
LZSeek
FindResourceA
GetSystemWow64DirectoryA
GetProfileSectionW
GetCPInfo
CreateTimerQueueTimer
SleepEx
SetHandleCount
QueueUserWorkItem
lstrcpyn
GetModuleHandleW
LoadLibraryA
RaiseException
VerifyConsoleIoHandle
GetModuleFileNameA
SetConsoleDisplayMode
ExitProcess
GetVersion
DeleteVolumeMountPointW
VirtualAlloc
GetNumaHighestNodeNumber

msdart

?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
MPCSInitialize
?FindKey@CLKRHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
?IsReadUnlocked@CCritSec@@QBE_NXZ
??0CReaderWriterLock@@QAE@XZ
?sm_wDefaultSpinCount@CSpinLock@@1GA
?_Unlock@CSpinLock@@AAEXXZ
??1CLKRLinearHashTable@@QAE@XZ
?IsWriteUnlocked@CSpinLock@@QBE_NXZ
?IsReadLocked@CReaderWriterLock@@QBE_NXZ
?_DeleteRecord@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@PBXK@Z
?ReadLock@CFakeLock@@QAEXXZ
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
?_H0@CLKRLinearHashTable@@CGKKK@Z
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
?GetDefaultSpinCount@CReaderWriterLock@@SGGXZ
MPInitializeCriticalSectionAndSpinCount
?_H1@CLKRLinearHashTable@@CGKKK@Z
?RemoveEntry@CDoubleList@@SGXQAVCListEntry@@@Z
?_LockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?IsReadLocked@CFakeLock@@QBE_NXZ
?RemoveTail@CLockedDoubleList@@QAEQAVCListEntry@@XZ

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f69b75f39126fdc0481c56f41d71e9a4

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

odbc32

crypt32

kernel32

msdart

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB