5caa42d57e5e31edabd762d52adf8fa93ff75f316eb864ad5faca65b9bb50f6e

Sharing

Copy URL Twitter E-mail

General

Target

5caa42d57e5e31edabd762d52adf8fa93ff75f316eb864ad5faca65b9bb50f6e
Size

488KB
MD5

909c5d4b6103c864e202548d35438370
SHA1

56b727c776a6fc297c95f97df53b957bb5c9e33c
SHA256

5caa42d57e5e31edabd762d52adf8fa93ff75f316eb864ad5faca65b9bb50f6e
SHA512

5bef4d292e364c04f80a584e2d88893a991b3cc86ad95325555cc6fbeb3097128554ca08c0d2cd84dd5c13d1cf367a80b4a3781def841ced18f0bd86e57c973e
SSDEEP

12288:OaZARveepEoeRDYPr9/cUKhP6ABFlaR1tuT:OaZARveepEoeRDYPr9/PKhi1

Score

N/A

Malware Config

Signatures

Files

5caa42d57e5e31edabd762d52adf8fa93ff75f316eb864ad5faca65b9bb50f6e
.exe windows x86

aaf5507d3e61fcbc9638fd0a5288d290

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

orahasgen10

clsuhost
scls_block_read
scls_block_size
scls_block_open
scls_block_close
scls_block_write
clscgetaddr
clsclistentimed
clscconDump
scls_scr_setval
scls_container_set_state
clscpost
clscconquiesce
clscsetpctx
clscanswer
clscreceive
clscsendrqhdest
clscsendstatus
clscsendcompl
clscsendx
clsd_alertprintft
clscugblmterm
clscdisc
clscselect
clscconnect
clsclisten
clscugblmini
clscparse_dbgcmd
clsdms_init
clsdinit
crswconfig
clscctxDump
clsuhexdump
clsdterm
clsdfflush
clsdprintft
clsdflush
scls_exit
clsdinited
clsdprintf
clse_get_crs_home
clse_init
clscserverthrds
clscinit
clsdget_logname
clsdcompreg
clsdserr
scls_meta_init
scls_meta_ctx_init
scls_pid_to_string
scls_pid_get_self
scls_meta_query_size
clsssterm
clssnsqname
clssnsqlnum
clsssinit
clsuslmfree
clsuslmmalloc
clsuslztrace
scls_exit_set
scls_container_set_state_callback
scls_scr_getval
clsutcpbase
clscauthcheck

oranls10

lxinitc
lxhLaToId
lmsaicmt
lmsagbcmt
lxlterm
lxlinit

oracore10

lmebucp
sltspcdestroy
slosFillErr
sltspcsignal
lfiwr
sltspctimewait
slosDep2String
sltspcwait
lpmterm
ss_mem_fre
sltspcbroadcast
sltstprint
sltstiddestroy
sltsthnddestroy
sltstspawn
sltsthndinit
sltstcl
sltspcinit
lpminit
sltster
ss_mem_alc
sltsini
sltspin
lstlo
slzgetevar
sslIsTerminalServerSupported
lstprintf
sltrusleep
sltsmxd
sltsmnr
sltstgi
sltsmna
sltsmxi
sltstidinit

oraocr10

procr_open_key
procr_get_value
procr_close_key
procr_init_ext
procr_terminate
procr_get_id

oracommon10

vsnnum
vsnpri

orageneric10

slgfn
slgtd
slgtds

orauts

GetCurrentThreadId
CreateFileA
GetLastError
CreateProcessA
CloseHandle
WaitForSingleObject
SetEvent
Sleep
WaitForMultipleObjects
CreateEventA
CreateThread
SuspendThread
GetCurrentThread
OpenProcess

kernel32

Thread32Next
Thread32First
GetTickCount
DeviceIoControl
CreateToolhelp32Snapshot
OpenThread
GetThreadContext
GetModuleHandleA
GetFileSize
MapViewOfFile
CreateFileMappingA
TerminateProcess
GetCurrentProcess
SetPriorityClass
GetComputerNameA
GetExitCodeProcess
OpenEventA
GetCurrentProcessId
GetStdHandle
LocalFree
ExitProcess
FormatMessageA
GetModuleFileNameA
SetUnhandledExceptionFilter

advapi32

RegNotifyChangeKeyValue
DeleteService
RegSetValueExA
RegisterServiceCtrlHandlerA
RegCreateKeyA
QueryServiceStatus
SetServiceStatus
CreateServiceA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
LookupAccountNameA
GetUserNameA
ControlService
RegCloseKey
RegDeleteKeyA
RegEnumValueA
RegOpenKeyA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
StartServiceA
StartServiceCtrlDispatcherA

msvcr71

memset
strlen
strncpy
_strnicmp
atoi
strcmp
strncat
fopen
_iob
_strtime
_strdate
_vsnprintf
_snprintf
printf
fprintf
fflush
vsprintf
sprintf
_stricmp
_get_osfhandle
getenv
__p__environ
_putenv
_strlwr
strcpy
_dup2
freopen
fclose
calloc
strtok
strstr
qsort
bsearch
_splitpath
memcpy
abort
memcmp
strcat
strncmp
_c_exit
_exit
_XcptFilter
_cexit
exit
__p___initenv
_amsg_exit
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_flushall
__dllonexit
_onexit
_controlfp
__getmainargs

dbghelp

SymGetModuleBase
StackWalk
SymGetSymFromAddr
SymInitialize
SymFunctionTableAccess

iphlpapi

DeleteIPAddress
GetAdaptersInfo

mprapi

MprConfigServerDisconnect
MprConfigServerConnect

psapi

EnumProcessModules
GetModuleInformation

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

[)Q
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aaf5507d3e61fcbc9638fd0a5288d290

Headers

File Characteristics

Imports

orahasgen10

oranls10

oracore10

oraocr10

oracommon10

orageneric10

orauts

kernel32

advapi32

msvcr71

dbghelp

iphlpapi

mprapi

psapi

Sections

.text Size: 300KB - Virtual size: 298KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 12KB

.data1 Size: 76KB - Virtual size: 72KB

[)Q Size: 88KB - Virtual size: 88KB

.text
Size: 300KB - Virtual size: 298KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 12KB

.data1
Size: 76KB - Virtual size: 72KB

[)Q
Size: 88KB - Virtual size: 88KB