361d9ccda1a59c17cb2771f17a7270b2bf5c8e6d0be5498bbcbec81416c36a27

Sharing

Copy URL Twitter E-mail

General

Target

361d9ccda1a59c17cb2771f17a7270b2bf5c8e6d0be5498bbcbec81416c36a27
Size

143KB
MD5

502cc3c99aabcb2798c255dcbeee8e2f
SHA1

bef9425e21b43e5e4632ec72fccd35f1b0589fba
SHA256

361d9ccda1a59c17cb2771f17a7270b2bf5c8e6d0be5498bbcbec81416c36a27
SHA512

faa2286129cecb2ae1adbde048a55c979a9251ccebbfb3cbc96d7a3f00f129984b3754a579302bc23c7552b4a964899d4bf61a4dc013065a7b93a915e0a2c2a7
SSDEEP

3072:E8kfMunJdVF+S7RSuKnXeOrK+6sk7vBqYe45BCzB5xQj5i9o:E8kVnJESwuKnOKK+6b7LWB5E3

Score

N/A

Malware Config

Signatures

Files

361d9ccda1a59c17cb2771f17a7270b2bf5c8e6d0be5498bbcbec81416c36a27
.exe windows x86

1d002ec1970312dd4d5885d37d689802

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_CreateSemaphore_@16
_DlgDirSelectEx_@16
_QueryDosDevice_@12
_TranslateAccelerator@12
_CreateFont@56
_CreateDirectoryEx_@12
_FindFirstFile_@8
_GetEnhMetaFile_@4
_CreateFileMapping_@24
_CharLowerBuff_@8
_IsCharUpper_@4
_CharPrev_@8
_GetModuleHandle_@4
_GetShortPathName_@12
_MessageBoxIndirect_@4
_OpenBackupEventLog_@8
_FatalAppExit_@8
_FindWindowEx_@16
_GrayString_@36
_NDdeGetErrorString_@12
_wvsprintf_@12
_GetTextExtentPoint@16
_DialogBoxIndirectParam_@20
_ChangeServiceConfig_@44
_CharNext_@4
_CreateScalableFontResource_@16
_NDdeSetShareSecurity_@16
_BeginUpdateResource_@8
_UpdateResource_@24
_WritePrivateProfileSection_@12

wininet

FtpRenameFileW
RetrieveUrlCacheEntryFileW
InternetQueryDataAvailable
FtpRemoveDirectoryW
ShowCertificate
GopherOpenFileA
FtpPutFileA
FindNextUrlCacheGroup
InternetWriteFile
UrlZonesDetach
FtpCommandA
SetUrlCacheGroupAttributeW
InternetCombineUrlA
InternetSecurityProtocolToStringA
FtpGetFileA

odbctrac

TraceSQLGetTypeInfo
TraceSQLBindParameter
TraceSQLPrimaryKeysW
TraceSQLExecDirectW
TraceSQLTransact
TraceSQLDriverConnectW
TraceSQLGetInfoW
TraceSQLSetPos
TraceSQLGetDiagRec
TraceSQLDrivers
TraceSQLColAttributesW
TraceSQLGetStmtAttr
TraceSQLSetDescRec
TraceSQLCloseCursor
TraceSQLDisconnect
TraceSQLColumnPrivileges
TraceSQLGetDiagRecW
TraceSQLGetConnectAttrW
TraceSQLGetConnectOption
TraceSQLAllocConnect
TraceSQLTablePrivileges
TraceSQLExecDirect
TraceSQLMoreResults
TraceSQLDescribeColW
TraceSQLDataSourcesW
TraceSQLFreeConnect

msdart

?WriteUnlock@CReaderWriterLock@@QAEXXZ
?_H1@CLKRLinearHashTable@@ABEKK@Z
?IsValid@CLKRLinearHashTable@@QBE_NXZ
mpCalloc
?_RemoveThisFromGlobalList@CLKRLinearHashTable@@AAEXXZ
?ReadLock@CFakeLock@@QAEXXZ
?sm_wDefaultSpinCount@CCritSec@@1GA
?GetStatistics@CLKRLinearHashTable@@QBE?AVCLKRHashTableStats@@XZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?ReadUnlock@CLKRHashTable@@QBEXXZ
?_Unlock@CSpinLock@@AAEXXZ
?SetDefaultSpinAdjustmentFactor@CFakeLock@@SGXN@Z
?IsWin9x@CMdVersionInfo@@SAHXZ
??1CCritSec@@QAE@XZ

hhsetup

?bIsVisable@CFolder@@QAEHXZ
?AddChildFolder@CFolder@@QAEPAV1@PBGKPAKG@Z
?GetCollectionFileName@CCollection@@QAEPBDXZ
?SetVolume@CLocation@@QAEXPBD@Z
?GetLanguage@CFolder@@QAEGXZ
?GetTitleW@CFolder@@QAEPBGXZ
?SetMasterCHM@CCollection@@QAEXPBDG@Z
??4CTitle@@QAEAAV0@ABV0@@Z
?GetVisableRootFolder@CCollection@@QAEPAVCFolder@@XZ
?RemoveAll@CPointerList@@QAEXXZ
?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?GetNextLocation@CLocation@@QAEPAV1@XZ
?SetSampleLocation@CCollection@@QAEXPBD@Z
?Release@CCollection@@AAEKXZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?GetId@CTitle@@QAEPADXZ

secur32

QuerySecurityContextToken
LsaGetLogonSessionData
LsaFreeReturnBuffer
SaslGetProfilePackageW
TranslateNameW
QuerySecurityPackageInfoW
LsaRegisterPolicyChangeNotification
DecryptMessage
CredUnmarshalTargetInfo
EnumerateSecurityPackagesA
SaslInitializeSecurityContextW
SaslEnumerateProfilesW
LsaConnectUntrusted
AcquireCredentialsHandleW
SaslInitializeSecurityContextA

kernel32

ZombifyActCtx
SwitchToFiber
GlobalAlloc
GetComputerNameExA
QueryDosDeviceW
EnumerateLocalComputerNamesW
LoadLibraryW
GetConsoleWindow
MapViewOfFile
DebugSetProcessKillOnExit
RemoveDirectoryA
OutputDebugStringW
ReadConsoleInputExA
GlobalFindAtomW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d002ec1970312dd4d5885d37d689802

Headers

File Characteristics

Imports

sqlunirl

wininet

odbctrac

msdart

hhsetup

secur32

kernel32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 100KB - Virtual size: 100KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 2KB - Virtual size: 2KB