93a3794325888240f8c7a87db56ec0fab26b7341acf7e783d45771bf9e72feac

Sharing

Copy URL Twitter E-mail

General

Target

93a3794325888240f8c7a87db56ec0fab26b7341acf7e783d45771bf9e72feac
Size

833KB
MD5

104a803e0282f7c2b89f403ff9ccf663
SHA1

8cdc86bcb00cb1d4011822fd2d664d5a7df325c7
SHA256

93a3794325888240f8c7a87db56ec0fab26b7341acf7e783d45771bf9e72feac
SHA512

8dad480bb9a51358f7c1b73046201f464549b9fc9069f9f28a4920eff6945925f39c8fd63e1fd37f95699154ef5e5ccef764fcae693227bb03f5e9d26e82c936
SSDEEP

24576:lM/R4XeNiMtoDiUXcEWSZJC5Bun4GKCW:lM4nM+8EDq5B/z

Score

N/A

Malware Config

Signatures

Files

93a3794325888240f8c7a87db56ec0fab26b7341acf7e783d45771bf9e72feac
.exe windows x86

c1b9f8613abed500721af2c3cd0a307b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbc32

SQLSetScrollOptions
SQLDriverConnect
SQLProcedures
SQLSetParam
SQLDriversA
SQLSetStmtOption
SQLGetStmtAttrA
SQLSetDescFieldW
SQLConnectW
SQLPutData
SQLAllocConnect
SQLAllocHandle
SQLFetch
SQLParamOptions
SQLGetConnectAttr
SQLDataSourcesW
SQLGetDescFieldW
SQLBrowseConnect
SQLGetDescFieldA
SQLGetDiagField
SQLGetConnectAttrA

kernel32

GetUserDefaultLCID
BackupWrite
SetConsoleKeyShortcuts
VerLanguageNameW
FileTimeToSystemTime
AddConsoleAliasW
GetTempPathW
SetLastError
GetTempPathA
GetThreadPriority
GetStartupInfoA
GetTickCount
SignalObjectAndWait
FindFirstChangeNotificationW
SetThreadUILanguage
FindNextFileW
LoadModule
lstrlen
GetCurrencyFormatW
lstrcatA
GetPrivateProfileStringA
GetConsoleDisplayMode
BaseDumpAppcompatCache
WriteConsoleOutputAttribute
LoadLibraryW
FreeLibrary
CreateRemoteThread
GetPrivateProfileStructW
GetCPInfoExA

ole32

OleDraw
HDC_UserMarshal
CoGetProcessIdentifier
HICON_UserMarshal
CLIPFORMAT_UserMarshal
HWND_UserUnmarshal
StgOpenPropStg
MonikerCommonPrefixWith
IsValidPtrIn
OleSaveToStream
CoSetProxyBlanket
OleSetAutoConvert
UtGetDvtd16Info
CoQueryProxyBlanket
HGLOBAL_UserFree
CoInitialize
CoRegisterPSClsid
OleCreateEmbeddingHelper
HMENU_UserSize
CoGetClassVersion
CoFreeAllLibraries
CoLockObjectExternal
OleConvertOLESTREAMToIStorage
HBRUSH_UserFree
ReadOleStg
GetErrorInfo
HICON_UserFree
StgOpenStorage

mpr

WNetOpenEnumW
WNetSetConnectionW
WNetUseConnectionW
WNetGetProviderNameW
WNetGetResourceInformationW
WNetPropertyDialogA
WNetGetDirectoryTypeW
WNetFormatNetworkNameA
WNetClearConnections
WNetDirectoryNotifyA
WNetCancelConnection2A
WNetUseConnectionA
WNetGetResourceParentW
WNetGetNetworkInformationA
WNetDisconnectDialog1A
WNetGetConnectionA
WNetGetProviderTypeA
WNetAddConnectionA
WNetGetConnection2W
WNetEnumResourceW
WNetGetUniversalNameA
WNetAddConnection3A
WNetOpenEnumA

ifsutil

?GetBuffer@TLINK@@QAEPAXPAX@Z
??0SPARSE_SET@@QAE@XZ
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@E@Z
??1INTSTACK@@UAE@XZ
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?WriteToFile@IFS_SYSTEM@@SGEPBVWSTRING@@PAXKE@Z
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QAEPAXW4_CANNED_SECURITY_TYPE@@PAK@Z
?Remove@NUMBER_SET@@QAEEPBV1@@Z
?Initialize@TLINK@@QAEEG@Z
?Initialize@READ_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0@Z
??0MOUNT_POINT_MAP@@QAE@XZ
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EEG@Z
?QueryPageSize@IFS_SYSTEM@@SGKXZ
?AddDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?QuerySize@TLINK@@QBEGXZ
?DumpHashTable@SPARSE_SET@@QAEXXZ
?RemoveAll@NUMBER_SET@@QAEEXZ
?CloseDriveHandle@DP_DRIVE@@QAEXXZ
?Initialize@INTSTACK@@QAEEXZ
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
??0DIGRAPH@@QAE@XZ
??0TLINK@@QAE@XZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
??0LOG_IO_DP_DRIVE@@QAE@XZ
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z

winmm

mmioSetBuffer
midiStreamRestart
mmDrvInstall
midiInMessage
midiInGetErrorTextA
mixerGetID
midiStreamOut
PlaySound
mixerGetLineControlsA
mmioRenameA
joyGetPos
midiConnect
midiStreamPosition
waveInAddBuffer
midiInClose
joyGetDevCapsA
mciGetDeviceIDFromElementIDA
waveOutGetErrorTextW
mmioInstallIOProcW
mci32Message
mciGetDeviceIDFromElementIDW
waveOutGetPosition
mixerGetNumDevs

samlib

SamTestPrivateFunctionsDomain
SamEnumerateUsersInDomain
SamQueryDisplayInformation
SamEnumerateDomainsInSamServer
SamLookupDomainInSamServer
SamSetInformationGroup
SamQueryInformationAlias
SamDeleteGroup
SamiSetDSRMPasswordOWF
SamCreateUser2InDomain
SamAddMultipleMembersToAlias
SamFreeMemory

Sections

.text
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1b9f8613abed500721af2c3cd0a307b

Headers

DLL Characteristics

File Characteristics

Imports

odbc32

kernel32

ole32

mpr

ifsutil

winmm

samlib

Sections

.text Size: 370KB - Virtual size: 369KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 189KB - Virtual size: 1.5MB

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 1024B - Virtual size: 924B

.text
Size: 370KB - Virtual size: 369KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 189KB - Virtual size: 1.5MB

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 1024B - Virtual size: 924B