6cac1221d69e0f5c96eae262f80817791dc069867f6f34e1a285f660dacdfddf

Sharing

Copy URL Twitter E-mail

General

Target

6cac1221d69e0f5c96eae262f80817791dc069867f6f34e1a285f660dacdfddf
Size

832KB
MD5

5578416761919389b058821ff03e6322
SHA1

d487bb493cb635d0b8f711bb8f484410c2de7fcd
SHA256

6cac1221d69e0f5c96eae262f80817791dc069867f6f34e1a285f660dacdfddf
SHA512

d80681b71c3a628b884230bd5da6ed9e22a85827d29075cf4e644e7f9dbb35dff87e05b5b46b1f61e5f074c127fab230f93f80ddec874d1f54b3266d05f0a657
SSDEEP

12288:NsggyagpB2GMP6RnRo5MaCsd2dC14H/SjcM4CgKHYpY7opyeUY:NAyagpBFauaCq2dsoMlgK4pY7opyeUY

Score

N/A

Malware Config

Signatures

Files

6cac1221d69e0f5c96eae262f80817791dc069867f6f34e1a285f660dacdfddf
.exe windows x86

4415640940dbf5f5b01200369d305a72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

sqlwoa

_CreateFile@28
_trename
_LoadString@16
_FormatMessage@28
_LoadLibrary@4
_MessageBox@16
_DeleteFile@4
_GetComputerName@8
_tsystem
_GetVersionEx@4
_PeekMessage@20
_CreateWindowEx@48
_LoadCursor@8
_MAKEINTRESOURCE@4
_GetModuleFileName@12
_DefWindowProc@16
_GetObject@12

sqlwid

GetProcAddress_

kernel32

GetSystemDefaultLCID
GetUserDefaultLCID
FileTimeToSystemTime
FileTimeToLocalFileTime
WideCharToMultiByte
SetEvent
LocalAlloc
UnmapViewOfFile
CloseHandle
MapViewOfFile
TlsFree
Sleep
ReleaseSemaphore
GetLocalTime
TlsSetValue
TlsGetValue
GetCurrentThreadId
FindClose
DeleteCriticalSection
SetThreadPriority
GetTickCount
WaitForSingleObject
GetStdHandle
TerminateProcess
GetCurrentProcess
FlushFileBuffers
ExitProcess
SetProcessShutdownParameters
AllocConsole
TlsAlloc
SetLastError
MultiByteToWideChar
InitializeCriticalSection
GetModuleHandleW
SetConsoleTitleW
GetCurrentProcessId
GlobalMemoryStatus
FlushConsoleInputBuffer
EnterCriticalSection
WriteFile
IsDBCSLeadByte
GetSystemTime
DisconnectNamedPipe
ConnectNamedPipe
PeekNamedPipe
HeapFree
GetProcessHeap
HeapReAlloc
HeapAlloc
ReleaseMutex
SetProcessWorkingSetSize
GetSystemDefaultLangID
GetProcAddress
FormatMessageA
LoadLibraryExA
lstrcatA
GetModuleFileNameA
LoadLibraryA
GlobalFree
GlobalAlloc
lstrlenA
GetVersionExA
FreeLibrary
LocalFree
GetLastError
ResetEvent
SetConsoleCtrlHandler
SetErrorMode
LeaveCriticalSection
GetSystemInfo
GetCurrentThread
GetConsoleOutputCP
ReadFile

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
DeregisterEventSource
CloseServiceHandle
NotifyChangeEventLog
RegCloseKey
InitializeSecurityDescriptor
SetServiceStatus
CloseEventLog
SetSecurityDescriptorDacl

user32

SetFocus
DestroyWindow
IsWindow
EndPaint
BeginPaint
SetWindowPos
GetSystemMetrics
GetClientRect
GetDesktopWindow
MessageBoxA
wsprintfA
TranslateMessage
LoadStringA

sqlsvc

QSQLIsConnDead
SQLSCMControl
SQLSCMGetServiceState
QNetPing
QSQLPurgeExec
QSQLLogonEx
QScheduleGetCurDateTime
QSQLColumnName
SQLSvcExit
SHRecMemBSLocate
SHRecMemInsert
QScheduleTimeModify
SHMemCleanUp
SHMemFreeFromHeapWithInfo
SHMemReAllocFromHeapWithInfo
SHMemAllocFromHeapWithInfo
SHMemInit
SQLSvcInit
QSQLResults
QScheduleConvertValToDateStruct
QScheduleCalcNextOccurrence
QScheduleConvertValToTimeStruct
QSQLExecDirect
QSQLNextRow
QSQLColumnType
SHRecMemAdd
SHRecMemInit
SHRecMemLock
QScheduleConvertDateToString
QScheduleConvertTimeToString
SHRecMemFree
QSQLLogoff
QSQLConvertLength
QSQLRowType
QSQLRowsAffected
QSQLColumns
QSQLGetProperty
QSQLSetProperty
QSQLExecDirectAsync
QSQLCancelQuery
QSQLNextRowAsync
QSQLMoreResultsAsync
QScheduleSecToHourFormat
SHRecMemBSInsert
SHRecMemDelete
QSQLPurgeResults
QSQLGetUserData
QSQLSetUserData
QScheduleConvertTimeStructToVal
QSQLCancel
QScheduleGetTimeDelta
QSQLBind

comnevnt

AddNewQueue
DestroyQueue
InitializeComnEvntW
CERegisterServer
WaitForConsumerToStart
SetEventClassRequired
StartConsumer
StopConsumer
FreeEventItemW
GetCERetcodeString
GetEventW

semmap

SFMapi1ResolveName
SFMapi1SendMail
SFMapi1GetMapiVerInfo
SFMapi1CanUseMAPI
SFMapi1Initialize
SFMapi1Logon
SFMapi1GetLastError
SFMapi1DeInitialize
SFMapi1Version
SFMapi1Logoff

wsock32

WSACleanup
gethostbyname
WSAGetLastError
WSAStartup

gdi32

DeleteDC
GetStockObject
SelectObject
CreateCompatibleDC
DeleteObject
BitBlt

msvcrt

_mbsrchr
strlen
strcpy
_wfopen
fopen
realloc
_msize
_wcsupr
_ftol
vswprintf
_wtol
_wcsrev
fprintf
fwprintf
wcsncat
_wtoi
strstr
memmove
_exit
_XcptFilter
exit
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
fflush
__set_app_type
_controlfp
printf
wcsstr
_wcslwr
pow
atof
swprintf
_ltow
wcscat
wcslen
wcsncpy
memcpy
_except_handler3
wcscmp
wcscpy
memset
_wcsicmp
wprintf
abs
_beginthread
free
malloc
wcschr
fputc
_endthread
fclose

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4415640940dbf5f5b01200369d305a72

Headers

File Characteristics

Imports

sqlwoa

sqlwid

kernel32

advapi32

user32

sqlsvc

comnevnt

semmap

wsock32

gdi32

msvcrt

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 76KB - Virtual size: 89KB

.rsrc Size: 40KB - Virtual size: 37KB

.vmp0 Size: 500KB - Virtual size: 1.6MB

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 76KB - Virtual size: 89KB

.rsrc
Size: 40KB - Virtual size: 37KB

.vmp0
Size: 500KB - Virtual size: 1.6MB