1a72a5ed1021824d93d0281afb555ad1b955719bbc8eed73e1a97feb76e4bf5a

Sharing

Copy URL Twitter E-mail

General

Target

1a72a5ed1021824d93d0281afb555ad1b955719bbc8eed73e1a97feb76e4bf5a
Size

58KB
MD5

08027a6b371a64236e7fce40adc379ca
SHA1

1d0d3ccddcd1674f9eb94dd8ead0d12e7d8dce28
SHA256

1a72a5ed1021824d93d0281afb555ad1b955719bbc8eed73e1a97feb76e4bf5a
SHA512

c256331ed8949f72372148ff8b2c9281b94ac060fc1d7d7124aa23925fe08a458336b65c561b7cffcc7076a0931e227dca0ec2478a48b4773811124a1324f8d4
SSDEEP

1536:iBKnPqQSjCh2OKbffi/pZ136kwU3/w7H9ycR:CKnPJS2h2VTfyzwEsr

Score

N/A

Malware Config

Signatures

Files

1a72a5ed1021824d93d0281afb555ad1b955719bbc8eed73e1a97feb76e4bf5a
.exe windows x86

fe5646930a38c2300803d6909058568c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GdiEntry12
CreateCompatibleBitmap
DdEntry4
GetKerningPairsA
StartDocW
DdEntry20
DeviceCapabilitiesExW
GetEUDCTimeStamp
CreateFontIndirectA
RemoveFontResourceA
SetICMProfileA
EngDeletePalette
GetCharABCWidthsA
GetNearestColor
AnimatePalette
EngFillPath
CreateRoundRectRgn
ExcludeClipRect
GdiRealizationInfo
GetBoundsRect
EngCreateDeviceBitmap
cGetTTFFromFOT
CopyMetaFileW
EngReleaseSemaphore
GetLogColorSpaceW
SetDCPenColor
GdiValidateHandle
GetTextExtentPoint32A
SetBrushOrgEx
ScaleViewportExtEx
TextOutA
PolyPolygon
GetFontUnicodeRanges
EngCreateSemaphore
GdiGetBatchLimit
DdEntry26
DdEntry10
EngGetCurrentCodePage
DdEntry43
GdiSetPixelFormat
CreateHatchBrush
DdEntry34
CreatePenIndirect
RoundRect
CreateFontIndirectExA
SetTextColor
OffsetClipRgn
BRUSHOBJ_hGetColorTransform
SetWorldTransform

kernel32

GetModuleHandleExW
VirtualAlloc
FindActCtxSectionStringA
GetConsoleInputExeNameW
HeapCreate
WritePrivateProfileSectionA
SetVolumeLabelA
GetUserDefaultLCID
PrivMoveFileIdentityW
SetFilePointer
CreatePipe
LocalCompact
CreateFileMappingW
WriteConsoleOutputCharacterA
GetThreadPriority
PrivCopyFileExW
GetSystemPowerStatus
SetCalendarInfoA
LoadLibraryA
LocalFileTimeToFileTime
VirtualFree
FindFirstFileA
GlobalAddAtomW
AttachConsole
GetFileAttributesExW
RegisterWaitForSingleObjectEx
FindFirstFileExW
ExitVDM
WritePrivateProfileStringW
_lread
WaitForSingleObjectEx

mfcsubs

?FindOneOf@CString@@QBEHPBG@Z
?GetBufferSetLength@CString@@QAEPAGH@Z
??0CSyncObject@@QAE@PBG@Z
?GetLength@CString@@QBEHXZ
??N@YG_NPBGABVCString@@@Z
??1CObject@@UAE@XZ
?NewAssoc@CMapStringToPtr@@IAEPAUCAssoc@1@XZ
?ElementAt@CStringArray@@QAEAAVCString@@H@Z
??H@YG?AVCString@@DABV0@@Z
??M@YG_NABVCString@@PBG@Z
??4CString@@QAEABV0@PBG@Z
?LoadStringW@CString@@QAEHI@Z
?InsertAt@CStringArray@@QAEXHPBGH@Z
?AfxA2WHelper@@YGPAGPAGPBDH@Z
?LockBuffer@CString@@QAEPAGXZ
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
??_7CObject@@6B@
?ReleaseBuffer@CString@@QAEXH@Z
??9@YG_NPBGABVCString@@@Z
?GetAt@CStringArray@@QBE?AVCString@@H@Z
?Add@CStringArray@@QAEHPBG@Z
?Release@CString@@KGXPAUCStringData@@@Z
??BCString@@QBEPBGXZ
?Empty@CString@@QAEXXZ
?AfxGetEmptyString@@YGABVCString@@XZ
??4CString@@QAEABV0@PBD@Z

odbctrac

TraceSQLGetDiagField
TraceSQLSetCursorNameW
TraceSQLAllocConnect
TraceOpenLogFile
TraceSQLAllocHandleStdW
TraceSQLSetStmtAttr
TraceSQLError
TraceSQLProcedureColumnsW
TraceSQLStatisticsW
TraceSQLGetTypeInfo
TraceSQLGetCursorNameW
TraceSQLGetStmtAttr
TraceSQLSetScrollOptions
TraceSQLGetTypeInfoW
TraceSQLSetEnvAttr
TraceSQLDescribeCol
TraceSQLForeignKeysW
TraceSQLSetConnectOptionW
TraceSQLBulkOperations
TraceSQLSetParam
TraceSQLBrowseConnectW
TraceSQLCancel
TraceSQLSetStmtOption
TraceSQLDataSourcesW
TraceSQLAllocHandleStd
TraceSQLTablePrivilegesW
TraceSQLExtendedFetch
TraceSQLGetFunctions

msi

MsiSetInternalUI
MsiSetFeatureStateA
MsiGetProductCodeFromPackageCodeW
MsiQueryFeatureStateA
Migrate10CachedPackagesW
DllCanUnloadNow
MsiAdvertiseProductW
MsiReinstallProductA
MsiGetProductCodeW
MsiInvalidateFeatureCache
MsiEnumRelatedProductsW
MsiEnumClientsA
MsiSetComponentStateA
MsiEnableUIPreview
MsiDatabaseImportW
MsiGetFileHashA
MsiSetTargetPathA
MsiGetProductCodeA
MsiDoActionA
MsiSourceListAddSourceW
MsiQueryFeatureStateFromDescriptorW
MsiReinstallFeatureFromDescriptorW

netapi32

RxNetServerEnum
NetpCleanFtinfoContext
NetpwNameCanonicalize
NetAlertRaise
NetApiBufferSize
NetReplExportDirLock
NetGroupSetInfo
DsRoleDcAsDc
Netbios
NetpNetBiosStatusToApiStatus
NetGroupAdd
NetGroupDel
NetShareAdd
NetScheduleJobGetInfo
DsGetDcOpenA
NetApiBufferAllocate
I_NetServerAuthenticate2
I_NetDfsGetVersion
NetSessionGetInfo
RxNetAccessGetInfo
NetScheduleJobAdd
NetServerTransportEnum
NetDfsManagerSendSiteInfo
NetScheduleJobDel
I_NetLogonGetDomainInfo
I_NetDatabaseSync
NetReplSetInfo
DsGetSiteNameA
NetpOpenConfigData
NetServiceControl

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe5646930a38c2300803d6909058568c

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

mfcsubs

odbctrac

msi

netapi32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 86KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 228B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 86KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 228B