2c1866586fef64a573387f3f2a6c000b1793fc2416bc65d4d62a8f904d3a5ac6

Sharing

Copy URL Twitter E-mail

General

Target

2c1866586fef64a573387f3f2a6c000b1793fc2416bc65d4d62a8f904d3a5ac6
Size

832KB
MD5

20ba11a7abbab44f8d850639934a0280
SHA1

1e0612023cea8bd9fd12a8309983035807d774b0
SHA256

2c1866586fef64a573387f3f2a6c000b1793fc2416bc65d4d62a8f904d3a5ac6
SHA512

9a7f1d4d410e23f7ef0b92233b156d09fd91c1f21b8229df0cced7e5c7cb6edf23784327d2259d4ca37605131a2bae02c9516f41ef3fde4bd7355b75c2989408
SSDEEP

12288:H07OrPxsKbK1O0K4UfbRwHLyWskRUj9/x/uLC9cMo23exVVXpnDjUCsEbaW:H07eTuy49LvVRUjxwwex7pnDjB

Score

N/A

Malware Config

Signatures

Files

2c1866586fef64a573387f3f2a6c000b1793fc2416bc65d4d62a8f904d3a5ac6
.exe windows x86

5fdf2d228b54ea5212b1c908bc466976

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

?_query_new_handler@@YAP6AHI@ZXZ
toupper
_winminor
__lc_handle
_chgsign
_wctime
_strtime
mbstowcs
__STRINGTOLD
_adj_fdivr_m32
_findnext64
_lsearch
floor
wcsxfrm
_ismbcsymbol
__getmainargs
_wputenv
??_E__non_rtti_object@@UAEPAXI@Z
_clearfp
ftell
__CxxQueryExceptionSize
ispunct
_wstrdate
__p__commode
_mbsnbset
_searchenv
??0bad_cast@@QAE@ABV0@@Z
_vsnprintf
_wsopen
memcmp
exit
__p__fmode
_aligned_offset_realloc
_getpid
_stat64
__set_app_type
_wgetenv
??_7exception@@6B@

ieakeng

BToolbar_Remove
CreateADMWindow
GetAdmWindowHandle
DisplayADMItem
ErrorMessageBox
BToolbar_Edit
GetFavoritesNumber
NewFolder
MoveUpFavorite
IsFavoriteItem
ModifyRatings
MoveADMWindow
ModifyZones
DestroyADMWindow
SelectADMItem
ProcessFavSelChange
BuildPalette
CheckForDupKeys
GetFavoritesMaxNumber
DoReboot
CheckField
ShowInetcpl
MoveDownFavorite
CanDeleteADM
SaveADMItem

advapi32

LsaSetSystemAccessAccount
SaferiRecordEventLogEntry
SystemFunction032
GetTrusteeNameA
WmiOpenBlock
EncryptedFileKeyInfo
CryptDestroyKey
GetLocalManagedApplicationData
SaferiChangeRegistryScope
RegEnumKeyExW
LookupAccountSidW
SystemFunction022
GetServiceKeyNameA
GetLengthSid
IsTextUnicode
CredGetTargetInfoA

kernel32

CreateRemoteThread
GetCommModemStatus
GetUserDefaultLCID
BaseInitAppcompatCacheSupport
SetNamedPipeHandleState
DebugActiveProcessStop
RemoveLocalAlternateComputerNameW
FindFirstVolumeMountPointW
SetLocaleInfoW
GetPrivateProfileStringW
GetSystemDefaultUILanguage
WriteProfileStringW
LoadLibraryW
GetShortPathNameW
SystemTimeToFileTime
FindNextVolumeW
QueryDosDeviceA
GetCPInfoExA
CreateThread
GetTickCount
GetThreadLocale
GetLongPathNameA
GetSystemDirectoryW
SetWaitableTimer
_llseek
EndUpdateResourceW
BackupRead
SetLastError
GetNamedPipeHandleStateW

odbcbcp

bcp_initW
bcp_control
bcp_moretext
bcp_collen
bcp_done
bcp_readfmtW
bcp_colfmt
bcp_setcolfmt
bcp_exec
dbprtypeW
SQLGetNextEnumeration
dbprtypeA
bcp_getcolfmt
bcp_bind
bcp_columns
SQLLinkedCatalogsW
bcp_readfmtA
SQLInitEnumServers
LibMain
SQLLinkedCatalogsA
SQLCloseEnumServers
bcp_writefmtW
bcp_batch
SQLLinkedServers
bcp_sendrow
bcp_initA
bcp_colptr

gdi32

GetCharacterPlacementW
AddFontResourceTracking
BRUSHOBJ_pvGetRbrush
SetMetaRgn
EngEraseSurface
XLATEOBJ_hGetColorTransform
BeginPath
PlgBlt
GdiPlayJournal
GetStringBitmapW
GetSystemPaletteEntries
CopyMetaFileW
CreateDCW
GetTextExtentExPointW

crtdll

vsprintf
getenv
_CIsqrt
atexit
_wcsicoll
_fgetchar
_utime
isspace
_mbsstr
_ismbbkalnum

user32

RegisterClassW
DefWindowProcW
PostQuitMessage

Sections

.text
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fdf2d228b54ea5212b1c908bc466976

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ieakeng

advapi32

kernel32

odbcbcp

gdi32

crtdll

user32

Sections

.text Size: 376KB - Virtual size: 376KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 157KB - Virtual size: 1.6MB

.rsrc Size: 207KB - Virtual size: 207KB

.reloc Size: 1024B - Virtual size: 964B

.text
Size: 376KB - Virtual size: 376KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 157KB - Virtual size: 1.6MB

.rsrc
Size: 207KB - Virtual size: 207KB

.reloc
Size: 1024B - Virtual size: 964B