2ed13f6b0a39f71120811f58451a3dc0040bbd969a75a68c43898ad61da81932

Sharing

Copy URL Twitter E-mail

General

Target

2ed13f6b0a39f71120811f58451a3dc0040bbd969a75a68c43898ad61da81932
Size

148KB
MD5

9380b9b1a641e24d53e7f947716f7396
SHA1

814bad3cf9faf73c4938824fb2bd345f0ecbece3
SHA256

2ed13f6b0a39f71120811f58451a3dc0040bbd969a75a68c43898ad61da81932
SHA512

b87e49f5b764fbfa88efdbe633b82809c5cdd886fd413886f2bbaef032a7e8e1250fe97282234392d1e370f6894f3d89f36284e283879abea0ca668dd191af93
SSDEEP

3072:nhT3pJRV/su8nK/PTpx5jg8bvbLowY7PDPmOtdR6:nxp3VEuCePTpxW8bvb8bDPzD

Score

N/A

Malware Config

Signatures

Files

2ed13f6b0a39f71120811f58451a3dc0040bbd969a75a68c43898ad61da81932
.exe windows x86

f09e89d47234b24a1553da33c92accc7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
_isctype
strncat
sscanf
__p__pctype
printf
_controlfp
_ftol
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p__acmdln
exit
_XcptFilter
_exit
malloc
free
strlen
strcpy
strncmp
strcmp
atol
atof
strncpy
sprintf
_getpid
atoi
__p___mb_cur_max

kernel32

GetProcAddress
LoadLibraryA
GlobalFree
Sleep
GlobalUnlock
GetModuleFileNameA
GetStartupInfoA
GlobalAlloc
GlobalLock
GetModuleHandleA

user32

GetFocus
MessageBoxA
PostMessageA
SetMessageQueue
PeekMessageA
RegisterWindowMessageA

nlsrtl33

ord117
ord11
ord203
ord201
ord175
ord6
ord3
ord2
ord4
ord179
ord248
ord231
ord215
ord227
ord237
ord281
ord246
ord268
ord127
ord224
ord277
ord276
ord174
ord279
ord233
ord172

nn60

ord132
ord131
ord4
ord85
ord28
ord136

uiw60

ord1021
ord11006
ord8002
ord8005
ord1277
ord8001
ord1267
ord1466
ord1268
ord1269
ord1270

ca60

ord5
ord75
ord60
ord346
ord354
ord527
ord526
ord54
ord69
ord59
ord56
ord77
ord103
ord99
ord487
ord492
ord95
ord106
ord340
ord101
ord98
ord494
ord485
ord92
ord107
ord94
ord479
ord575
ord484
ord482
ord489
ord513
ord345
ord421
ord90

core40

ord206
ord205

de60

ord3457
ord5608
ord481
ord5422
ord5070
ord709
ord3477
ord5599
ord3374
ord105
ord5598
ord190
ord3478
ord210
ord214

mmi60

ord1
ord2

ora805

slfnp
sltln
slgfn

uirem60

ord250
ord184
ord174
ord255
ord195

sqllib80

sqlcln
sqgrct
SQLRCXGet
sqls2u
sqloer
sqloew
sqlexp
sqgctx
sqliap
sqlret
sqlprc
sqlclu
sqlald
sqlcxt
sqlofftb
sqltex
sqlu2s
sqlcps

qmg60

rwosk2nocomm
rosqltrace

utl60

ord39
ord38

zrc60

zrcctra_RunReportAsync
zrcctsa_SetAuthId
zrcctco_Connect
zrcctgo_GetOutput
zrcctgg_GetOutputGeneral
zrcctgc_GetCommand
zrcctrs_RunReportSync
zrcctas_AddCacheFile
zrcctdi_Disconnect
zrcctud_JobDestUpdate
zrcctde_Destroy
zrcctce_EngineConnect
zrcctcr_Create
zrcctst_RunStatus

rwlib60

rimalt
relgtsn
rwnole_DestroyWinOleInfo
rrrpensd
rimrat
rxtdes
rwnole_InitWinOleInfo
riulgo
rolgro
rxglerclm
rxiefm
riulgf
rxmcml
rxmcmlf
rrdcls
rxrtfp
rwfrcprint
rwfrbprint
rwfdtprint
rwbrfhoOutputWebPF
rxicen
ruvu4
rxierr
rxscap
rrdpxf
rxrtdn
rxrtin
rxinit
rrdpub
rrvcb
rimfrt
rxicep
rrdopn
rxinite_engine
rwbxrr
rxbcod
rxmbtc
ruerformat
ruereget
rstmrut
rstmst
ruereset
ropintcbs
rrrpensr
ropsdf
rxglermcc
rxslrunprd
relgtmn
rimfr
rrdlba
rimal
ropintcp
srufrn
rxmcofcp
rrofnshd
rrodap
rxnname
rroahp
roulgs
relgtan
rxfini
rxgleraise
rxrtgn
rxrtcv
rupstl
rxticl
rrdps2put
ropubput
rrdps1get
ropubget

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�*y
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f09e89d47234b24a1553da33c92accc7

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

nlsrtl33

nn60

uiw60

ca60

core40

de60

mmi60

ora805

uirem60

sqllib80

qmg60

utl60

zrc60

rwlib60

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 8KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 26KB - Virtual size: 26KB

�*y Size: 50KB - Virtual size: 52KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 8KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 26KB - Virtual size: 26KB

�*y
Size: 50KB - Virtual size: 52KB