d149231a37c7309831b00ee6dc2b75954a7dee5575db7b445f49d3bd51ec1468

Sharing

Copy URL Twitter E-mail

General

Target

d149231a37c7309831b00ee6dc2b75954a7dee5575db7b445f49d3bd51ec1468
Size

873KB
MD5

10b7122457688a53802c802daa31f606
SHA1

963b40a6909cdb93d136a18ee631c2cb596fe32c
SHA256

d149231a37c7309831b00ee6dc2b75954a7dee5575db7b445f49d3bd51ec1468
SHA512

e1c6369efcb5c36062e2248c58bd5376e9c6a71374c3ab07f071687d8e2bff1019edf004b05f01a9b9e30850e03501d6a9c5827194e7c9e7562085319072ef54
SSDEEP

24576:IJu/Z+WIWDaj9+Isdu0D+VDVTIj5EMJwBYSACCYlc:ISZ+xyDB9JIC

Score

N/A

Malware Config

Signatures

Files

d149231a37c7309831b00ee6dc2b75954a7dee5575db7b445f49d3bd51ec1468
.exe windows x86

6ebd9715db2def35befa7e436f901fd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msdart

?MaxSize@CLKRLinearHashTable@@QBEKXZ
MpGetHeapHandle
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?IsWriteUnlocked@CSpinLock@@QBE_NXZ
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?_TryLock@CSmallSpinLock@@AAE_NXZ
mpMalloc
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?SetDefaultSpinAdjustmentFactor@CFakeLock@@SGXN@Z
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?IsValid@CLKRLinearHashTable@@QBE_NXZ
?GetSpinCount@CFakeLock@@QBEGXZ
??4CCritSec@@QAEAAV0@ABV0@@Z
?_EqualKeys@CLKRLinearHashTable@@ABE_NKK@Z
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?WriteLock@CReaderWriterLock3@@QAEXXZ
?WriteUnlock@CSmallSpinLock@@QAEXXZ
?sm_lpOSVERSIONINFO@CMdVersionInfo@@0PAU_OSVERSIONINFOW@@A
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?WriteLock@CFakeLock@@QAEXXZ
?WriteUnlock@CReaderWriterLock@@QAEXXZ
?IsReadUnlocked@CSmallSpinLock@@QBE_NXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
??4CMdVersionInfo@@QAEAAV0@ABV0@@Z
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGXN@Z
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?TryReadLock@CReaderWriterLock@@QAE_NXZ
?_CmpExch@CReaderWriterLock2@@AAE_NJJ@Z
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z

iphlpapi

_PfTestPacket@20
_PfUnBindInterface@4
GetIpAddrTable
SetIpNetEntry
GetRTTAndHopCount
GetBestRoute
_PfDeleteInterface@4
SendARP
GetUdpTable
_PfGetInterfaceStatistics@16

wow32

WOWFreeMetafile
WOW32ResolveHandle
WOW32DriverCallback
WOWGlobalAllocLock16
WOWYield16
WOWCallback16
WOWGlobalLockSize16
WOWGetVDMPointer
WOWGlobalFree16
WOWUseMciavi16
WOWGlobalUnlockFree16

kernel32

OutputDebugStringW
SwitchToThread
UnregisterConsoleIME
LoadLibraryA
GetCommTimeouts
LocalShrink
GlobalUnWire
GetModuleHandleA
HeapAlloc
IsDBCSLeadByte
GetModuleHandleExW
GetSystemTime
OpenProfileUserMapping
GetThreadSelectorEntry
SetUserGeoID
GetTimeFormatW
SetHandleInformation
GetLogicalDrives
CreateFileW
DebugSetProcessKillOnExit
GetCommState
ReleaseMutex
UnmapViewOfFile
GetUserDefaultLangID
SetConsoleFont

wtsapi32

WTSEnumerateServersW
WTSShutdownSystem
WTSOpenServerW
WTSUnRegisterSessionNotification
WTSSetUserConfigW
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSVirtualChannelOpen
WTSOpenServerA
WTSDisconnectSession
WTSLogoffSession
WTSVirtualChannelQuery
WTSEnumerateServersA
WTSCloseServer
WTSFreeMemory
WTSVirtualChannelRead
WTSVirtualChannelPurgeInput
WTSEnumerateSessionsA
WTSSendMessageA
WTSVirtualChannelWrite
WTSQuerySessionInformationA
WTSTerminateProcess
WTSVirtualChannelClose
WTSQueryUserConfigA
WTSEnumerateProcessesW
WTSRegisterSessionNotification
WTSEnumerateSessionsW
WTSQueryUserToken
WTSSetUserConfigA

sqlunirl

_tsystem
_IsCharAlpha_@4
_GetUserObjectInformation_@20
_PrivilegedServiceAuditAlarm_@20
_RegEnumKeyEx_@32
_GlobalFindAtom_@4
_SetVolumeLabel_@8
_CopyMetaFile_@8
_EnumDependentServices_@24

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ebd9715db2def35befa7e436f901fd3

Headers

DLL Characteristics

File Characteristics

Imports

msdart

iphlpapi

wow32

kernel32

wtsapi32

sqlunirl

Sections

.text Size: 444KB - Virtual size: 443KB

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 182KB - Virtual size: 1.6MB

.rsrc Size: 110KB - Virtual size: 110KB

.reloc Size: 1024B - Virtual size: 1000B

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 182KB - Virtual size: 1.6MB

.rsrc
Size: 110KB - Virtual size: 110KB

.reloc
Size: 1024B - Virtual size: 1000B