9e30ba6f89430edd209ad25f084b31ecb30117f86a5af1ca8a78648abebcdb33

Sharing

Copy URL Twitter E-mail

General

Target

9e30ba6f89430edd209ad25f084b31ecb30117f86a5af1ca8a78648abebcdb33
Size

101KB
MD5

09f3658a19ed18ae7012e5393821414e
SHA1

b6a9acc910eb593bc074afe3f770622c7e3680ad
SHA256

9e30ba6f89430edd209ad25f084b31ecb30117f86a5af1ca8a78648abebcdb33
SHA512

8b416b4fea901c757c373d94fd5c970b5ad090f039bfc2e65798c1b2d3e49b614537b5ef19d62fd2fe3bf6eb2b8cc63ef3c9d864d710323f576e2fee868a0797
SSDEEP

3072:HV8uFnkrR2upjuOolhEIr74cDmZUiMpw0zsgxw7B:HVtkrR2aWhEccLiUrfl

Score

N/A

Malware Config

Signatures

Files

9e30ba6f89430edd209ad25f084b31ecb30117f86a5af1ca8a78648abebcdb33
.exe windows x86

32eb3ab0e79d92325d54ceebf0a44357

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msorcl32

SQLBindParameter
SQLRowCount
SQLProcedureColumns
SQLSetPos
SQLSetStmtOption
SQLStatistics
SQLFetch
SQLSpecialColumns
SQLGetTypeInfo
SQLFreeEnv
SQLExtendedFetch
SQLFreeConnect
SQLNumResultCols
SQLProcedures
SQLGetCursorName
SQLExecute
SQLAllocEnv
SQLSetCursorName
SQLDescribeParam
SQLSetScrollOptions
SQLConnect
SQLForeignKeys
SQLColAttributes
SQLFreeStmt
SQLBindCol
SQLDisconnect
ConfigDSN

kernel32

GetCurrencyFormatW
GetQueuedCompletionStatus
SetCalendarInfoA
GetMailslotInfo
DeleteFileA
GetCommTimeouts
EnumUILanguagesA
GetUserDefaultLCID
GetComputerNameExW
GetCurrentThread
FindFirstFileExW
lstrcatA
LocalAlloc
VirtualAlloc
GetComputerNameExA
SetConsoleCtrlHandler
VirtualUnlock
lstrcmpiA
LoadLibraryA
ConnectNamedPipe
SetSystemPowerState
WaitCommEvent
InterlockedPushEntrySList
FindNextFileA
GetComputerNameW
SetClientTimeZoneInformation
CreateDirectoryA
FreeEnvironmentStringsA
GetModuleHandleA
CreateHardLinkA
Heap32First
CopyLZFile
UnhandledExceptionFilter
OpenProfileUserMapping
EraseTape
FatalAppExitA
Module32First
LZCloseFile

clusapi

ClusterEnum
ClusterRegGetKeySecurity
ClusterResourceTypeGetEnumCount
GetClusterNetInterfaceState
ClusterResourceGetEnumCount
ClusterResourceTypeOpenEnum
CloseClusterGroup
CloseCluster
ClusterRegOpenKey
ClusterGroupCloseEnum
ClusterNetworkEnum
ClusterResourceCloseEnum
GetClusterNodeKey
GetClusterInformation
ClusterNetworkControl
FailClusterResource
ClusterRegDeleteValue
GetClusterNetInterface
ClusterOpenEnum
GetClusterKey
EvictClusterNode
ClusterCloseEnum
AddClusterResourceNode
CloseClusterResource
GetClusterNetworkKey
SetClusterQuorumResource
ClusterResourceEnum
ClusterResourceTypeEnum
RestoreClusterDatabase
RemoveClusterResourceDependency
SetClusterResourceName
ClusterRegEnumKey
OnlineClusterGroup
GetClusterQuorumResource
CloseClusterNotifyPort
OpenClusterNetInterface
GetClusterGroupState
ClusterNetInterfaceControl
CreateClusterGroup
ClusterRegSetValue

ntdll

ZwVdmControl
NtOpenThreadTokenEx
NtResumeThread
_allmul
ZwWaitForSingleObject
ZwFindAtom
NtQueryDebugFilterState
RtlIpv4StringToAddressA
NtNotifyChangeKey
RtlEnlargedUnsignedDivide
ZwFilterToken
NtRegisterThreadTerminatePort
wcstombs
_wtol
RtlpApplyLengthFunction
ZwQuerySemaphore
RtlInterlockedPushEntrySList
ZwOpenSection
LdrUnloadAlternateResourceModule
ZwInitiatePowerAction
ZwAcceptConnectPort
sprintf
RtlCaptureStackBackTrace
RtlExitUserThread
RtlUpcaseUnicodeString
ZwQuerySymbolicLinkObject
RtlTraceDatabaseFind
ZwQueryIntervalProfile
NtFreeUserPhysicalPages
KiRaiseUserExceptionDispatcher
ZwSignalAndWaitForSingleObject
RtlDelete
RtlAddAce
ZwOpenThreadToken
RtlLengthRequiredSid
RtlUnicodeStringToOemString
RtlEnableEarlyCriticalSectionEventCreation
ZwWaitForKeyedEvent
RtlGetUserInfoHeap
RtlApplyRXact
ZwContinue
ZwGetDevicePowerState
RtlIpv4AddressToStringW
RtlpEnsureBufferSize
_aulldiv
ZwFreeVirtualMemory
RtlDeactivateActivationContextUnsafeFast
ZwSetUuidSeed
NtSetDefaultUILanguage
RtlSecondsSince1970ToTime
NtMapUserPhysicalPages
NtUnloadKey
ZwSetInformationDebugObject
ZwReplyWaitReplyPort
RtlVerifyVersionInfo
RtlSetSecurityDescriptorRMControl
LdrFindEntryForAddress
RtlGetCallersAddress
NtCreatePagingFile
ZwNotifyChangeKey
ZwSetIoCompletion
NtCreateMutant
NtReplyPort
NtSetSystemTime
ZwQuerySystemTime
RtlCopyUnicodeString
NtQuerySystemInformation
RtlCreateAcl
RtlNtStatusToDosError
RtlIpv6StringToAddressW
LdrQueryProcessModuleInformation
RtlResetRtlTranslations
RtlComputeImportTableHash
RtlConvertUiListToApiList
ZwReplyWaitReceivePortEx
NtSetDefaultLocale
NtAccessCheckByTypeResultList

ole32

HBITMAP_UserUnmarshal
HACCEL_UserMarshal
DllDebugObjectRPCHook
CoTaskMemAlloc
StgCreatePropSetStg
CoDisconnectObject
CoGetInterceptor
CoAddRefServerProcess
OleCreateEx
DoDragDrop
WriteStringStream
OleSetAutoConvert
SNB_UserSize
STGMEDIUM_UserMarshal
IsValidPtrOut
CoGetCurrentLogicalThreadId
CoDisableCallCancellation
CreateILockBytesOnHGlobal
OleCreateMenuDescriptor
RevokeDragDrop
OleDestroyMenuDescriptor
StgCreatePropStg
HMETAFILEPICT_UserUnmarshal
GetErrorInfo
PropVariantCopy
IsValidPtrIn
DllGetClassObject
PropStgNameToFmtId
HICON_UserUnmarshal
ComPs_NdrDllCanUnloadNow
CoReleaseServerProcess
ReleaseStgMedium
CoWaitForMultipleHandles
OleCreateLinkFromDataEx
HGLOBAL_UserSize
HMENU_UserUnmarshal
CoFreeLibrary
ReadClassStg
CoUnloadingWOW
OleCreateStaticFromData
CoGetCallContext
OleLoad
CoGetDefaultContext
GetDocumentBitStg
CoGetCallerTID

odbc32

SQLPrimaryKeysA
SQLStatisticsW
SQLColAttributes
SQLPrimaryKeys
SQLNativeSqlA
SQLStatistics
SQLSetCursorNameA
SQLDescribeColA
SQLSpecialColumnsA
SQLBindParam
g_hHeapMalloc
SQLError
SQLTransact
SQLGetConnectAttr
SQLSetStmtAttr
SQLSetStmtAttrW
SQLSpecialColumns
VFreeErrors
SQLSetStmtOption
SQLSetPos
SQLGetConnectOption
SQLTables
SQLSetParam
SQLColumnPrivilegesA
SQLPrepareA
SQLGetStmtOption
SQLExecute

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32eb3ab0e79d92325d54ceebf0a44357

Headers

File Characteristics

Imports

msorcl32

kernel32

clusapi

ntdll

ole32

odbc32

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 34KB - Virtual size: 152KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 916B

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 34KB - Virtual size: 152KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 916B