526707d654096ff6878547cdacef500c1abd5e525a9163b087946005252f6b26

Sharing

Copy URL Twitter E-mail

General

Target

526707d654096ff6878547cdacef500c1abd5e525a9163b087946005252f6b26
Size

821KB
MD5

81b2061383b6ad6149a376a2b5f06de7
SHA1

ebb8947febafc20b001d5ac3b13af011cff99d5b
SHA256

526707d654096ff6878547cdacef500c1abd5e525a9163b087946005252f6b26
SHA512

083e950661cfc30a6dea31dbf84318e3a8c5976b44ce7dcbc6439b32acd10f871c9fc9879054e69cc5b3ced67793a8790d6b060b8882a701dba8d08eca454036
SSDEEP

12288:dEXm7h37txQuGLZaDkrga/QF9m8rXLTVXLLvUoB381aPKgRlZrGwuhD059K7mhE:dd57fQnZ6awo4ZZBmUHxGwuhA5Uih

Score

N/A

Malware Config

Signatures

Files

526707d654096ff6878547cdacef500c1abd5e525a9163b087946005252f6b26
.exe windows x86

74c2faf0afac927f1a005f967158a778

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetTapePosition
OutputDebugStringA
SetupComm
FreeLibraryAndExitThread
RemoveDirectoryA
EnumerateLocalComputerNamesW
GetCurrentThread
GlobalUnWire
WriteProfileSectionA
GetConsoleAliasesLengthA
SetFileValidData
LoadLibraryW
GetLocaleInfoA
GetTempPathW
FreeResource
GenerateConsoleCtrlEvent
GetWindowsDirectoryA
DeleteAtom
FormatMessageA
GetModuleHandleA
GetSystemTimeAdjustment
VirtualFreeEx

wsnmp32

SnmpSetTimeout
SnmpGetTranslateMode
SnmpClose
SnmpFreeEntity
SnmpGetPduData
SnmpFreeVbl
SnmpSetRetry
SnmpSetRetransmitMode
SnmpStrToEntity
SnmpOidCopy
_SnmpSetAgentAddress@4
SnmpCreateVbl
SnmpGetVendorInfo
SnmpCountVbl
SnmpSetPduData
SnmpEncodeMsg
SnmpSetPort
SnmpStrToContext
SnmpCancelMsg
SnmpContextToStr
SnmpDeleteVb
SnmpOidCompare
SnmpFreeDescriptor
SnmpGetTimeout
SnmpSetTranslateMode
_SnmpConveyAgentAddress@4
SnmpStartup
SnmpFreePdu

msvcirt

?close@filebuf@@QAEPAV1@XZ
??_Eistream@@UAEPAXI@Z
??5istream@@QAEAAV0@AAJ@Z
?pcount@strstream@@QBEHXZ
??0istream_withassign@@QAE@ABV0@@Z
?text@filebuf@@2HB
?ws@@YAAAVistream@@AAV1@@Z
??4stdiostream@@QAEAAV0@AAV0@@Z
??_Eostrstream@@UAEPAXI@Z
??0logic_error@@QAE@ABV0@@Z
?put@ostream@@QAEAAV1@D@Z
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??1istream@@UAE@XZ
?opfx@ostream@@QAEHXZ
??1Iostream_init@@QAE@XZ
?tellp@ostream@@QAEJXZ
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
?seekg@istream@@QAEAAV1@J@Z
?doallocate@streambuf@@MAEHXZ
??5istream@@QAEAAV0@AAM@Z
??_Dstdiostream@@QAEXXZ
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
?get@istream@@QAEAAV1@AAE@Z
??_8ofstream@@7B@
??_Dofstream@@QAEXXZ
?is_open@filebuf@@QBEHXZ
?attach@fstream@@QAEXH@Z
??0filebuf@@QAE@ABV0@@Z
?unlockc@ios@@KAXXZ
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ

esent

JetEnumerateColumns
JetGetCounter
JetOpenTempTable2
JetDelete
JetCreateTableColumnIndex
JetDupSession
JetGetIndexInfo
JetSetDatabaseSize
JetRenameColumn
JetEndSession@8
JetSetIndexRange
JetInit@4
JetGetCursorInfo
JetResetCounter
JetOSSnapshotPrepare
JetSetSystemParameter
JetEndExternalBackup
JetMakeKey
JetRollback@8
JetGetSecondaryIndexBookmark
JetDeleteColumn
JetGetLS
JetSetSessionContext
JetRenameTable
JetBackup
JetCreateDatabase2
JetGetTableColumnInfo
JetEscrowUpdate
JetRetrieveColumns
JetRetrieveColumn@32

wininet

UnlockUrlCacheEntryFile
IsHostInProxyBypassList
InternetShowSecurityInfoByURLW
InternetTimeToSystemTime
InternetSetStatusCallbackA
HttpQueryInfoA
FtpRemoveDirectoryA
RetrieveUrlCacheEntryStreamW
SetUrlCacheEntryInfoA
InternetGetCookieA
InternetAutodialHangup

secur32

AcceptSecurityContext
AcquireCredentialsHandleW
LsaFreeReturnBuffer
ApplyControlToken
SaslIdentifyPackageA
EnumerateSecurityPackagesW
LsaDeregisterLogonProcess
SaslInitializeSecurityContextW
SaslAcceptSecurityContext
QueryContextAttributesA
InitializeSecurityContextA
EncryptMessage
RevertSecurityContext
GetComputerObjectNameW
GetUserNameExW
AcquireCredentialsHandleA
MakeSignature
FreeContextBuffer

Sections

.text
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74c2faf0afac927f1a005f967158a778

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsnmp32

msvcirt

esent

wininet

secur32

Sections

.text Size: 377KB - Virtual size: 377KB

.rdata Size: 107KB - Virtual size: 106KB

.data Size: 181KB - Virtual size: 1.6MB

.rsrc Size: 154KB - Virtual size: 153KB

.reloc Size: 1024B - Virtual size: 820B

.text
Size: 377KB - Virtual size: 377KB

.rdata
Size: 107KB - Virtual size: 106KB

.data
Size: 181KB - Virtual size: 1.6MB

.rsrc
Size: 154KB - Virtual size: 153KB

.reloc
Size: 1024B - Virtual size: 820B