f4028e1d8fac97d299951721ce5f5fabbd7a6cbf06613de50cb3ac6ad2db3f87

Sharing

Copy URL Twitter E-mail

General

Target

f4028e1d8fac97d299951721ce5f5fabbd7a6cbf06613de50cb3ac6ad2db3f87
Size

937KB
MD5

8301db23885e31cc226738807edb1751
SHA1

b231c73614cf22897edba58e38f84947263b9398
SHA256

f4028e1d8fac97d299951721ce5f5fabbd7a6cbf06613de50cb3ac6ad2db3f87
SHA512

965dc8f309b40246e8f70a1540445d628c17dab2146f481cf18fbd9a8925e37edf0c213ada37a79bc77e5279b1a2c0c3d234dbd7f1b3ad48a10df4267cde6862
SSDEEP

24576:M51AyI3XUZPk1eLQiV++cey5uQqIq6ibXShy+Q3or3NDff:MXI2oiV++2zqIq6Ud+IozNL

Score

N/A

Malware Config

Signatures

Files

f4028e1d8fac97d299951721ce5f5fabbd7a6cbf06613de50cb3ac6ad2db3f87
.exe windows x86

ba630122432f380c037c8bbfbabe1a59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

_fmode_dll
_y0
_spawnlpe
_mbstrlen
iswlower
_mbsrev
_rotl
clock
_mbcjmstojis
_mkdir
perror
cosh
_popen
setbuf
toupper
wprintf
strspn
__doserrno
_cabs
__pxcptinfoptrs
qsort
_errno
wcspbrk
is_wctype
setlocale

kernel32

GetComputerNameW
GetThreadPriorityBoost
GetPrivateProfileIntW
FoldStringW
GetCompressedFileSizeW
GetConsoleHardwareState
CancelTimerQueueTimer
GetTapeParameters
GetPrivateProfileIntA
GetGeoInfoW
WaitForDebugEvent
SearchPathA
HeapQueryInformation
SetThreadExecutionState
GetFileInformationByHandle
SwitchToFiber
DeleteAtom
LZDone
GetTempFileNameA
FindVolumeMountPointClose
GetDriveTypeA
SetComputerNameW
SetConsoleHardwareState
LoadLibraryA
GetConsoleScreenBufferInfo
CloseProfileUserMapping
LoadLibraryExA
ResetWriteWatch
TlsSetValue
LocalUnlock
EndUpdateResourceW
CreateIoCompletionPort
GetWindowsDirectoryW
VDMOperationStarted
AreFileApisANSI
GetOEMCP
IsBadWritePtr
FindNextFileW
GlobalUnWire
SetConsoleMode
SetConsoleMenuClose
GetLocaleInfoA
SetLocaleInfoW
RtlUnwind
FindActCtxSectionStringA
SetFileShortNameA
ConsoleMenuControl
EnumResourceTypesA
GetCurrentProcessId
GetCPInfo
SetCurrentDirectoryW
VirtualAllocEx
GetCurrencyFormatW
FlushInstructionCache
BeginUpdateResourceW
SetFilePointerEx

comdlg32

GetOpenFileNameA
PrintDlgExA
FindTextW
GetFileTitleA
PageSetupDlgA
CommDlgExtendedError
PrintDlgExW
dwOKSubclass
WantArrows
ReplaceTextA

resutils

ResUtilGetPropertySize
ResUtilEnumResources
ResUtilTerminateServiceProcessFromResDll
ResUtilSetMultiSzValue
ResUtilIsResourceClassEqual
ResUtilStopService
ClusWorkerTerminate
ClusWorkerStart
ResUtilGetDwordValue
ResUtilGetResourceDependencyByName
ResUtilSetResourceServiceEnvironment
ResUtilFreeEnvironment
ResUtilSetBinaryValue
ResUtilGetBinaryProperty
ResUtilGetAllProperties
ResUtilSetPropertyTableEx
ResUtilGetResourceDependency
ResUtilGetPrivateProperties
ResUtilFindDependentDiskResourceDriveLetter
ClusWorkerCheckTerminate
ResUtilGetPropertyFormats
ResUtilCreateDirectoryTree
ResUtilEnumResourcesEx
ClusWorkerCreate
ResUtilGetDwordProperty
ResUtilVerifyResourceService
ResUtilEnumProperties

odbctrac

TraceOpenLogFile
TraceSQLGetCursorName
TraceSQLCloseCursor
TraceSQLGetConnectAttr
TraceSQLGetInfoW
TraceSQLSetCursorName
TraceSQLDataSourcesW
TraceSQLNativeSql
TraceSQLProceduresW

adsldpc

ADSIGetColumn
AdsTypeToLdapTypeCopyGeneralizedTime
ADsEnumAttributes
SchemaGetObjectCount
AllocADsStr
?SetFSlashDisabler@CLexer@@QAEXH@Z
LdapOpenObject
ADsGetLastError
ADsDeleteAttributeDefinition
LdapAddS
ADsCreateAttributeDefinition
ADsGetNextRow
AdsTypeToLdapTypeCopyConstruct
LdapSearch
ADsEnumClasses

certcli

CASetCertTypeKeySpec
CAEnumNextCertType
CAGetCertTypeExtensions
CAGetCertTypeFlagsEx
CAOIDFreeProperty
CAOIDSetProperty
CACertTypeAccessCheckEx
GetProxyDllInfo
CAGetCertTypeProperty
CASetCACertificate
CACreateLocalAutoEnrollmentObject

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 207KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.3rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba630122432f380c037c8bbfbabe1a59

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

kernel32

comdlg32

resutils

odbctrac

adsldpc

certcli

Sections

.text Size: 392KB - Virtual size: 392KB

.rdata Size: 152KB - Virtual size: 152KB

.data Size: 207KB - Virtual size: 1.6MB

.rsrc Size: 122KB - Virtual size: 122KB

.reloc Size: 1024B - Virtual size: 960B

.3rdata Size: 60KB - Virtual size: 60KB

.text
Size: 392KB - Virtual size: 392KB

.rdata
Size: 152KB - Virtual size: 152KB

.data
Size: 207KB - Virtual size: 1.6MB

.rsrc
Size: 122KB - Virtual size: 122KB

.reloc
Size: 1024B - Virtual size: 960B

.3rdata
Size: 60KB - Virtual size: 60KB