9c6a2d00877af5c3030172c0c23ca31d9159d2ef4eedb872defd4e838a7c441e

Sharing

Copy URL Twitter E-mail

General

Target

9c6a2d00877af5c3030172c0c23ca31d9159d2ef4eedb872defd4e838a7c441e
Size

736KB
MD5

92de7a19948057bb4307e61da833d710
SHA1

43f0af85f95ede7fbeebf1c5ffcb34be18ba8235
SHA256

9c6a2d00877af5c3030172c0c23ca31d9159d2ef4eedb872defd4e838a7c441e
SHA512

8591c5f8bbb8b2c3efde28385d7b829c8466cee95bf34ba23b3e688510205180c86d94a852871a132aedc44852f23ed8dd5c716203da73d7fea00be699922576
SSDEEP

12288:8ZsrVno7Fu7eSHuAAvxlfuEZGMEOlr7rrOIpWsazPTf+F/q5nJqpLGUN:dJoJEcAAvOEZdEOlrfrOIs5zI/qxJqo

Score

N/A

Malware Config

Signatures

Files

9c6a2d00877af5c3030172c0c23ca31d9159d2ef4eedb872defd4e838a7c441e
.exe windows x86

bb81de034ba9773a6caefa76019ea07d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AddAccessDeniedAce
GetFileSecurityA
CryptCreateHash
CryptEnumProvidersW
RevertToSelf
GetSecurityDescriptorSacl
StartServiceW
AddAce
RegOpenKeyExW
LockServiceDatabase
SetTokenInformation
CheckTokenMembership
GetNumberOfEventLogRecords
GetSidSubAuthority
GetAce
ImpersonateSelf
ElfDeregisterEventSource
RegDeleteValueW
RegCreateKeyA
RegSetValueExA
CreateProcessAsUserA
RegQueryValueExA
LookupPrivilegeValueW
RegSetKeySecurity

netapi32

NetSessionEnum
DsEnumerateDomainTrustsW
NetServerEnum
NetServerTransportEnum
NetUserDel
NetJoinDomain
NetShareGetInfo
NetServerSetInfo
NetGetDCName
NetShareEnum
NetServiceInstall
NetUseAdd
NetUserGetInfo
DsRoleFreeMemory
NetUserEnum
NetShareSetInfo
NetUseEnum
NetWkstaUserGetInfo

odbc32

VRetrieveDriverErrorsRowCol
CursorLibLockDbc
CursorLibLockDesc
LockHandle
SQLConnect
CursorLibTransact
PostODBCComponentError
CursorLibLockStmt
SearchStatusCode
VFreeErrors
ValidateErrorQueue
PostODBCError

msvcrt

wcslen
mktime
_setmode
__argc
div
_wcsdup
_ismbcalpha
fputc
_mbsnbcpy
_itoa
wcstod
_CIlog

kernel32

GetCommMask
GetFullPathNameA
OutputDebugStringA
GlobalHandle
FindVolumeMountPointClose
RemoveDirectoryW
WriteFile
VirtualAlloc
TlsFree
SetFileApisToOEM
WaitForMultipleObjectsEx
FormatMessageW
HeapValidate
CreateJobObjectW
QueryPerformanceCounter
CopyFileA
LoadLibraryA
DeleteVolumeMountPointW
GetEnvironmentStringsW
DeleteAtom
ExpandEnvironmentStringsA
HeapAlloc
ChangeTimerQueueTimer
GetModuleHandleW
CreateFileW
HeapSetInformation
SetHandleCount
SetCriticalSectionSpinCount
CreateMutexW

mscms

OpenColorProfileW
GetColorProfileElement
DeleteColorTransform
InternalGetPS2PreviewCRD
GetStandardColorSpaceProfileW
InternalGetPS2ColorRenderingDictionary
CloseColorProfile
GetColorDirectoryW
EnumColorProfilesA
IsColorProfileValid
InstallColorProfileW
OpenColorProfileA
TranslateBitmapBits
TranslateColors
CreateColorTransformW
UninstallColorProfileW
InternalGetPS2CSAFromLCS
EnumColorProfilesW
GetColorDirectoryA
CreateColorTransformA
GetColorProfileHeader
InternalGetPS2ColorSpaceArray

shlwapi

PathIsPrefixW
UrlCreateFromPathW
StrToIntExA
PathFindFileNameA
StrToIntW
UrlApplySchemeW
StrTrimA
PathGetArgsW
SHDeleteKeyW
PathSearchAndQualifyW
PathGetArgsA
StrIsIntlEqualW
StrRChrA
PathQuoteSpacesW
StrCSpnW
SHRegDuplicateHKey
PathRelativePathToW
PathIsUNCServerW
StrRChrIW
StrRetToBufW

Sections

.data
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 39KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 409KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 93KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb81de034ba9773a6caefa76019ea07d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

netapi32

odbc32

msvcrt

kernel32

mscms

shlwapi

Sections

.data Size: 1024B - Virtual size: 766B

.text Size: 39KB - Virtual size: 387KB

.rdata Size: 112KB - Virtual size: 337KB

.edata Size: 409KB - Virtual size: 512KB

.idata Size: 93KB - Virtual size: 111KB

.rsrc Size: 79KB - Virtual size: 79KB

.reloc Size: 512B - Virtual size: 328B

.data
Size: 1024B - Virtual size: 766B

.text
Size: 39KB - Virtual size: 387KB

.rdata
Size: 112KB - Virtual size: 337KB

.edata
Size: 409KB - Virtual size: 512KB

.idata
Size: 93KB - Virtual size: 111KB

.rsrc
Size: 79KB - Virtual size: 79KB

.reloc
Size: 512B - Virtual size: 328B