cc6c1d144036f9d096355e5fdc166526ecbc09bf4a2491daac8c0c487b7d0c7d

Sharing

Copy URL

Twitter E-mail

General

Target

cc6c1d144036f9d096355e5fdc166526ecbc09bf4a2491daac8c0c487b7d0c7d
Size

742KB
MD5

3f06d54f357a36e708f2b656db7d0bc0
SHA1

663a783e5b044da3e36b10e87c0321c2227fcd97
SHA256

cc6c1d144036f9d096355e5fdc166526ecbc09bf4a2491daac8c0c487b7d0c7d
SHA512

c458a431abf91c2e6e3dc0688ada5db78b7dea4d244576d29301f28bac6f0ed27fb9d332e3467ba850315ee6d8e33d3357a4f33ee126881719ab805a657196b1
SSDEEP

12288:ebkRGfwjxXPYmAqFHLPitab4yd9QtUdo53VReoulCHU8rXfwpsKHF8ca40:rRdY2rPitabPIWduSCHUyX4Vl8c7

Score

N/A

Malware Config

Signatures

Files

cc6c1d144036f9d096355e5fdc166526ecbc09bf4a2491daac8c0c487b7d0c7d
.exe windows x86

b9bba115c229c0a7d6bf9c1adb948db9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegUnLoadKeyW
UnlockServiceDatabase
GetFileSecurityW
SystemFunction005
ConvertSidToStringSidA
ChangeServiceConfigW
CryptGetUserKey
LookupPrivilegeValueA
RegisterServiceCtrlHandlerA
RegisterEventSourceW
CryptGetKeyParam
CloseEventLog
InitiateSystemShutdownA
EnumDependentServicesW
RegSetValueExA
AreAnyAccessesGranted
CloseServiceHandle
GetSidIdentifierAuthority
LsaOpenAccount
ControlService
GetSecurityDescriptorControl
GetSecurityDescriptorLength
EncryptFileW
RegEnumValueW
GetServiceDisplayNameW
CryptSetHashParam
QueryServiceObjectSecurity
GetSecurityInfo
OpenEncryptedFileRawW

odbc32

SearchStatusCode
VFreeErrors
VRetrieveDriverErrorsRowCol
CursorLibLockStmt
PostODBCComponentError
CursorLibLockDesc
LockHandle
PostODBCError
SQLBrowseConnectA
CursorLibTransact
ValidateErrorQueue
CursorLibLockDbc

netapi32

NetShareCheck
NetShareEnum
NetGroupGetUsers
NetServiceEnum
NetShareSetInfo
NetServerTransportEnum
NetApiBufferFree
NetServerDiskEnum
NetGroupGetInfo
NetApiBufferAllocate
NetUserChangePassword
NetServiceControl
NetJoinDomain
I_NetServerAuthenticate
NetapipBufferAllocate
NetUserSetInfo
NetConnectionEnum
DsRoleGetPrimaryDomainInformation
NetpIsRemote
NetLocalGroupDel
NetUserModalsSet
NetRenameMachineInDomain
NetRemoteTOD
NetUserAdd
NetLocalGroupSetInfo
NetFileClose
NetpwNameValidate
NetLocalGroupEnum

kernel32

UpdateResourceA
LocalAlloc
WaitForMultipleObjects
GetConsoleCP
CreateSemaphoreW
FreeUserPhysicalPages
GetSystemTimeAsFileTime
EnumUILanguagesW
InterlockedDecrement
GetPrivateProfileStringW
GetTickCount
HeapQueryInformation
Thread32Next
PostQueuedCompletionStatus
SetThreadAffinityMask
DeleteTimerQueueEx
DeleteTimerQueue
BackupSeek
Sleep
VirtualAlloc
WritePrivateProfileStringW
LCMapStringW
GlobalFlags
GetStringTypeW
PurgeComm

winspool.drv

DevicePropertySheets
WritePrinter
AddMonitorW
EnumPrinterDriversA
AddPrintProcessorW
AddMonitorA
StartDocPrinterW
GetPrintProcessorDirectoryW
SetJobW
GetPrinterA
SetPrinterDataExW
DeletePortW
DeletePrinter
GetJobA
GetPrinterDriverA
DeletePrinterConnectionW
FindFirstPrinterChangeNotification
StartPagePrinter
ConfigurePortW
XcvDataW
DeletePrinterDataW
EnumFormsA
GetPrinterDriverDirectoryW
ReadPrinter
GetPrinterDataA
EnumPortsA
DeletePrinterDriverW
GetPrinterDataW

msvcrt

_sopen
_beginthreadex
_CItan
_dup2
_beginthread
strrchr
_osver
_EH_prolog
isprint
__p__fmode
wcspbrk
wcschr
fgetws
rand
_vsnprintf
_mbsicmp
__p__commode
fmod
_mbsstr
_time64
_commode
iswspace
isalnum
_itoa
setvbuf
strtoul
_mbsnbcpy
?set_terminate@@YAP6AXXZP6AXXZ@Z
setlocale
__setusermatherr
_localtime64
_fileno
_wctime

tapi32

lineOpenW
lineGetCallStatus
lineMakeCallA
lineOpen
lineGetTranslateCapsW
lineSetCurrentLocation
lineSetDevConfigA
lineInitializeExA
lineGetDevCaps
lineGetCountryW
lineGetID
lineGetIDA
lineInitializeExW
lineTranslateDialogW
lineGetDevCapsW
lineGetDevConfigA

Sections

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 21KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 441KB - Virtual size: 695KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9bba115c229c0a7d6bf9c1adb948db9

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

odbc32

netapi32

kernel32

winspool.drv

msvcrt

tapi32

Sections

.data Size: 2KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 1KB

.text Size: 21KB - Virtual size: 444KB

.data Size: 164KB - Virtual size: 333KB

INIT Size: 441KB - Virtual size: 695KB

.rsrc Size: 110KB - Virtual size: 109KB

.reloc Size: 1024B - Virtual size: 224B

.data
Size: 2KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 444KB

.data
Size: 164KB - Virtual size: 333KB

INIT
Size: 441KB - Virtual size: 695KB

.rsrc
Size: 110KB - Virtual size: 109KB

.reloc
Size: 1024B - Virtual size: 224B