04ba373e8dc2956b204c0515da015a8756f33b8c40474337fd1804d4457313dd

Sharing

Copy URL Twitter E-mail

General

Target

04ba373e8dc2956b204c0515da015a8756f33b8c40474337fd1804d4457313dd
Size

492KB
MD5

82c05533a8f7c85f33002f083860ef5e
SHA1

ca2cdd48e0ef963caa294e039a3f803d50d371c4
SHA256

04ba373e8dc2956b204c0515da015a8756f33b8c40474337fd1804d4457313dd
SHA512

ce2ea5275851af5987333f3ea51ecdce19e6f405a80ec34585b1e350e06f6a5452502915f17d4520488b307180baefa6f19de9d4195e549b77f95ce21e62b7bd
SSDEEP

12288:ruwdexjZInEf8tz2IbWpdgqTJyETg3qVLv/lEyUWC:WxAltB8yOVLv/lCWC

Score

N/A

Malware Config

Signatures

Files

04ba373e8dc2956b204c0515da015a8756f33b8c40474337fd1804d4457313dd
.dll regsvr32 windows x86

4ea134c7c0c89b1608644b639c81a785

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
lstrcpynA
GetUserDefaultLCID
GetLocalTime
GetSystemTime
Sleep
FreeLibrary
GetProcAddress
GetVersionExA
LocalFree
GetLastError
LoadLibraryExA
lstrcmpiA
lstrlenW
GetModuleHandleA
GetSystemDefaultLCID
MultiByteToWideChar
lstrcmpiW
GetShortPathNameA
HeapDestroy
SizeofResource
LoadResource
FindResourceA
IsDBCSLeadByte
lstrcpyA
lstrcatA
GetTickCount
IsBadReadPtr
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
LoadLibraryA
GetModuleFileNameA
WideCharToMultiByte

user32

GetDlgItem
GetDlgItemTextA
SendMessageA
EndDialog
SetFocus
EnableWindow
IsWindowEnabled
SendDlgItemMessageA
SetWindowTextA
SetDlgItemTextA
DialogBoxParamA
CharNextA
CharUpperBuffW
LoadStringA
LoadStringW
MessageBoxA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

oraoledbgmr10

ODBCSqlToORCLSql
ParseSQLStr

oraoledbrst10

ROWIntToNum
ROWCharSetToUnicode
ROWByteArrayToDate
ROWMetaCopy
ROWMetaGetNumberOfCols
ROWTxnCommit
ROWTxnRollback
ROWTxnMode
ROWFreeErrorHandle
ROWStmtPrepare
ROWAllocErrorHandle
ROWCharUseUCS2ForCHAR
ROWDupUTF8ToUCS2
ROWMetaGet
ROWMetaGetNoOfHiddenCols
ROWInitRefCur
ROWUnicodeToCharSet
ROWCreate
ROWInitCtx
ROWOLEDecToNum
ROWDeferGet
ROWNumToReal
ROWNumToInt
ROWDataGetTimeStamp
ROWNavGetBookMark
ROWDeferDelete
ROWDataDelete
ROWDeferUpdate
ROWDeferInsert
ROWDateToByteArray
ROWDataSetTimeStamp
ROWNavIsFirst
ROWNavMoveToMark
ROWNavFindPrev
ROWNavFindLast
ROWNavIsLast
ROWNavFindNext
ROWNavFindFirst
ROWNavGetRecordCount
ROWOLENumToNum
ROWDataGetBufPtr
ROWStrToNum
ROWMetaFree
ROWClose
ROWErrorText
ROWErrorDatabase
ROWErrorInternal
ROWInit
ROWNavIsDeletedRow
ROWNavMovePrev
ROWNavMoveNext
ROWNavMoveTo
ROWNavGetCurrentRow
ROWDeferCount
ROWDeferGetPendingStatus
ROWNumToStr
ROWNumToOLENum
ROWNumToOLEDec
ROWDataGetChunk
ROWNavIsBOF
ROWNavIsEOF
ROWDupUCS2ToUTF8
ROWDataGetChunkLen
ROWDeferFlush
ROWDeferUndo
ROWDeferRows
ROWDataResync
ROWNavMoveFirst
ROWNavMoveLast
ROWNavMoveBackToOriginal
ROWNavGetLastValidRow
ROWDataUpdate
ROWDataPutChunk
ROWDataInsert
ROWDataGet

oraoledbutl10

TraceLevel
OraTrace
TraceCategory
ReadRegTraceInfo

oranls10

lxgutf2ucs

oraclient10

OCIBindByPos
OCIAttrSet
OCIStmtRelease
OCIHandleAlloc
OCIHandleFree
OCIAttrGet
OCIBindDynamic
OCILobFileClose
OCIDefineByPos
OCILobFileOpen
OCILobGetLength
OCISessionBegin
OCIServerAttach
OCILobFreeTemporary
OCILobIsTemporary
OCILobTrim
OCILobOpen
OCIEnvNlsCreate
OCIPasswordChange
OCIServerVersion
OCIServerDetach
OCILobCreateTemporary
OCIDescriptorAlloc
OCIErrorGet
OCIStmtExecute
OCILobRead
OCITransCommit
OCIStmtFetch
OCITransRollback
OCILobWrite
OCISessionEnd
OCIDescriptorFree

ole32

CoCreateInstance
CoGetMalloc
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysAllocString
VariantCopy
VariantClear
SysStringLen
VariantInit
SysStringByteLen
SetErrorInfo
GetErrorInfo
RegisterTypeLi
VarUI4FromStr
LoadTypeLi
SysFreeString

msvcrt

strtok
wcschr
iswspace
wcstok
_wcsnicmp
towupper
iswalpha
_itoa
strchr
wcsstr
wcsncmp
_initterm
_adjust_fdiv
iswdigit
swprintf
strncpy
atoi
_itow
rand
_wcsupr
_ltow
wcscat
_ftol
ceil
_wcsicmp
_except_handler3
malloc
_purecall
time
srand
??3@YAXPAX@Z
wcsncpy
free
memmove
realloc
wcscmp
??2@YAPAXI@Z
wcslen
wcscpy
sprintf
_stricmp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ea134c7c0c89b1608644b639c81a785

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

oraoledbgmr10

oraoledbrst10

oraoledbutl10

oranls10

oraclient10

ole32

oleaut32

msvcrt

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 293KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 144KB - Virtual size: 142KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 296KB - Virtual size: 293KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 144KB - Virtual size: 142KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 18KB