e3b7d6c98c5aece8b670a4576d493edfa2476d26fec2a65f80eca681ad499840

Sharing

Copy URL Twitter E-mail

General

Target

e3b7d6c98c5aece8b670a4576d493edfa2476d26fec2a65f80eca681ad499840
Size

297KB
MD5

2ccdb483fc944536313cdf26cc2d36c0
SHA1

e5b034072995c0eb0e7008853aab958fecd7fff7
SHA256

e3b7d6c98c5aece8b670a4576d493edfa2476d26fec2a65f80eca681ad499840
SHA512

f0e1af59df4b35484f08dad318c7fbe112487ce51d14592d699651d50f4774a2a82600ff75620a3a42862fbd12677c1170147c6ad68fbb74e32bd0df4f43593f
SSDEEP

6144:sKIa1MBGvgk3Vib0s3SOwHTEhb1qoEb/ZA:sZa1lvgdIspp1qoEb/e

Score

N/A

Malware Config

Signatures

Files

e3b7d6c98c5aece8b670a4576d493edfa2476d26fec2a65f80eca681ad499840
.dll windows x86

041192ba01e24641ea2965b43dac385f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

odbc32

ord68
ord63
ord15
ord28
ord301
GetODBCSharedData

advapi32

DuplicateToken
UnregisterTraceGuids
TraceEvent
SetSecurityDescriptorDacl
RevertToSelf
RegisterTraceGuidsW
RegQueryValueExW
CloseEventLog
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW
CopySid
CryptSetHashParam
EqualSid
GetSecurityInfo
OpenProcessToken
RegCreateKeyExW
RegQueryInfoKeyW

user32

AdjustWindowRectEx
CallNextHookEx
CallWindowProcW
CharUpperW
CheckMenuItem
ClientToScreen
CloseDesktop
CloseWindowStation
CopyImage
CopyRect
CreateCursor
CreateDesktopW
CreateDialogIndirectParamW
CreateWindowExW
CreateWindowStationW
DdeAbandonTransaction
DdeClientTransaction
DdeUnaccessData
DefWindowProcW
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawTextW
EnableMenuItem
EnableScrollBar
EndDialog
EndPaint
ExitWindowsEx
FillRect
FlashWindow
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardSequenceNumber
GetCursorInfo
GetCursorPos
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetInputState
GetLastActivePopup
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemID
GetMenuState
GetMessagePos
GetMessageTime
GetMessageW
GetNextDlgGroupItem
GetNextDlgTabItem
GetParent
GetProcessWindowStation
GetPropW
GetQueueStatus
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetThreadDesktop
GetUserObjectInformationW
GetWindowContextHelpId
GetWindowLongW
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
GrayStringW
ImpersonateDdeClientWindow
InSendMessage
InternalGetWindowText
IsClipboardFormatAvailable
IsIconic
IsRectEmpty
IsWindow
IsWindowVisible
LoadBitmapW
LoadCursorW
LoadStringW
LockSetForegroundWindow
MapDialogRect
MapWindowPoints
MessageBoxW
ModifyMenuW
OpenInputDesktop
PackDDElParam
PeekMessageA
PeekMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RegisterShellHookWindow
RegisterWindowMessageW
ReleaseDC
RemovePropW
ScreenToClient
SendDlgItemMessageA
SendDlgItemMessageW
SendMessageW
SetActiveWindow
SetCursor
SetDebugErrorLevel
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetProcessWindowStation
SetPropW
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExW
SystemParametersInfoA
TabbedTextOutW
ToAsciiEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UnregisterClassW
UpdateWindow
ValidateRect
WaitForInputIdle
WaitMessage
WinHelpW
keybd_event
BeginPaint

msvcrt

_wchdir
_wchmod
_wcmdln
_wcsicmp
_wcsnicoll
_wcsset
_wexecle
_wexeclp
_wexecv
_wexecvpe
_wfdopen
_wfindfirst
_wfindfirsti64
_wfindnext
_wfindnext64
_wfindnexti64
_wfopen
_wgetdcwd
_winmajor
_winminor
_winver
_wmakepath
_wmkdir
_wperror
_wpopen
_wputenv
_wrename
_wrmdir
_wsetlocale
_wsopen
_wspawnve
_wsplitpath
_wstat
_wstat64
_wtempnam
_wtoi64
_wunlink
_wutime
_y1
abort
acos
asin
atan2
atexit
atof
atoi
atol
bsearch
calloc
ceil
cosh
ctime
exit
fclose
feof
ferror
fflush
fgetpos
floor
fmod
fopen
fputc
fputws
frexp
fscanf
fseek
fwprintf
fwrite
fwscanf
getc
getchar
getenv
gets
getwchar
gmtime
iscntrl
isdigit
isleadbyte
islower
isprint
isspace
iswalnum
iswalpha
iswascii
iswgraph
iswlower
iswupper
iswxdigit
labs
ldexp
ldiv
localeconv
localtime
log
mblen
mbstowcs
memchr
memcmp
memcpy
modf
perror
printf
putc
putchar
puts
_mbsncat
qsort
rand
realloc
setbuf
setlocale
signal
sin
sqrt
srand
sscanf
strchr
strcmp
strcspn
strftime
strlen
strncpy
strpbrk
strstr
strtod
strtok
strtol
strtoul
strxfrm
tan
tanh
tmpnam
vfprintf
vprintf
vsprintf
vswprintf
vwprintf
wcscat
wcschr
wcscmp
wcscoll
wcscpy
wcscspn
wcsftime
wcslen
wcsncpy
wcsrchr
wcstod
wcstol
wcstombs
wcsxfrm
wctomb
wscanf
_vsnwprintf
_unlock
_ultow
_ultoa
_ui64toa
_tzset
_tzname
_toupper
_tolower
_timezone
_time64
_tempnam
_telli64
_tell
_sys_nerr
_sys_errlist
_mbsnccnt
_strupr
_strtime
_strset
_atoi64
_adjust_fdiv
_adj_fpatan
_adj_fdivr_m64
_adj_fdivr_m32i
_adj_fdiv_m64
_adj_fdiv_m32i
_acmdln
_access
__wargv
__unguarded_readlc_active
__toascii
__threadhandle
__pxcptinfoptrs
__pioinfo
__p__winver
__p__winminor
__p__winmajor
__p__wcmdln
__p__timezone
__p__pwctype
__p__pgmptr
__p__pctype
__p__osver
__p__iob
__p__fileinfo
__p__environ
__p__amblksiz
__p__acmdln
__p___winitenv
__p___mb_cur_max
__p___initenv
__p___argc
__mb_cur_max
__lc_handle
__lc_collate_cp
__lc_codepage
__iscsymf
__isascii
__initenv
__argv
__argc
__RTtypeid
__RTDynamicCast
__RTCastToVoid
__CxxFrameHandler
_XcptFilter
_Getmonths
_CxxThrowException
_CItanh
_CItan
_CIsinh
_CIlog10
_CIexp
_CIcos
_CIatan
_CIacos
_mbsnbicoll
_mbsnbcoll
_mbsnbcnt
_mbsnbcat
_mbslwr
_mbsicoll
_mbsicmp
_mbsdup
_mbsdec
_mbscspn
_mbscpy
_mbscat
_mbctombb
_mbctolower
_mbctokata
_mbctohira
_mbclen
_mbcjmstojis
_mbcjistojms
_mbcasemap
_mbbtype
_mbbtombc
_ltow
_lseeki64
_lsearch
_lrotl
_longjmpex
_logb
_locking
_lock
_localtime64
_loaddll
_jn
_itoa
_isnan
_ismbstrail
_ismbslead
_ismbcspace
_ismbclower
_ismbcl2
_ismbcl1
_ismbckata
_ismbcgraph
_ismbcdigit
_ismbcalpha
_ismbcalnum
_ismbbtrail
_ismbbpunct
_ismbbprint
_ismbblead
_ismbbkprint
_ismbbkalnum
_ismbbgraph
_ismbbalnum
_isctype
_isatty
_inpd
_inp
_initterm
_i64tow
_hypot
_heapwalk
_heapmin
_heapchk
_heapadd
_getws
_getw
_getsystime
_getpid
_getdrives
_getdrive
_getdiskfree
_getdcwd
_getcwd
_getche
_getch
_get_sbh_threshold
_get_osfhandle
_gcvt
_futime64
_futime
_fullpath
_ftol
_ftime64
_fstat64
_fputchar
_fpclass
_flushall
_flsbuf
_finite
_findnext64
_findfirst64
_findfirst
_findclose
_fileno
_filelengthi64
_filelength
_fileinfo
_filbuf
_fgetwchar
_fcvt
_fcloseall
_expand
_execvp
_execve
_execl
_except_handler3
_except_handler2
_errno
_environ
_endthread
_ecvt
_dup2
_dup
_daylight
_ctype
_ctime64
_creat
_cputs
_copysign
_clearfp
_strnset
_strnicmp
_strerror
_strdate
_strcmpi
_stat64
_spawnvp
_spawnlpe
_spawnle
_spawnl
_sopen
_snprintf
_setmode
_setmaxstdio
_seterrormode
_set_error_mode
_seh_longjmp_unwind
_safe_fprem1
_safe_fprem
_safe_fdivr
_rotl
_putw
_putch
_purecall
_popen
_pipe
_pgmptr
_pctype
_pclose
_outpw
_outp
_osplatform
_open
_nextafter
_mktime64
_mktemp
_mkdir
_memicmp
_memccpy
_mbsupr
_mbsstr
_mbsspnp
_mbspbrk
_mbsnset
_mbsnicmp
_beep
_chmod
_chkesp
_chgsign
_chdrive
_chdir
_cexit
_callnewh
_cabs
putwc
_beginthreadex
_wasctime

ws2_32

shutdown
sendto
ntohs
inet_ntoa
getprotobyname
gethostname
__WSAFDIsSet
WSCUnInstallNameSpace
WSCGetProviderPath
WSASendDisconnect
WSARecvDisconnect
WSARecv
WSAJoinLeaf
WSAGetQOSByName
WSAGetOverlappedResult
WSACreateEvent
WSACloseEvent
WSAAsyncGetHostByAddr
select

opengl32

glTexCoord3fv
glBlendFunc
glClear
glClearAccum
glColor3bv
glColor4us
glColorPointer
glEvalCoord1d
glEvalCoord2dv
glEvalMesh1
wglGetPixelFormat
wglDescribePixelFormat
glTexCoord4dv
glTexCoord3s
glAccum
glNormal3fv
glGetTexEnviv
glGetString
glFrustum

kernel32

DeleteCriticalSection
DebugBreak
CreateThread
CreateSemaphoreW
CreateRemoteThread
LCMapStringW
DuplicateHandle
AssignProcessToJobObject
CloseHandle
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateJobObjectW
CreateMutexW
CreateNamedPipeW
lstrlenW
WriteProcessMemory
WriteFile
WriteConsoleW
WideCharToMultiByte
WaitNamedPipeW
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
UnregisterWaitEx
UnmapViewOfFile
UnhandledExceptionFilter
TransactNamedPipe
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
TerminateProcess
TerminateJobObject
SystemTimeToFileTime
SuspendThread
SizeofResource
SignalObjectAndWait
SetUnhandledExceptionFilter
SetStdHandle
SetNamedPipeHandleState
SetMessageWaitingIndicator
SetLastError
SetInformationJobObject
SetHandleInformation
SetHandleCount
SetFilePointer
SetEvent
SetEnvironmentVariableW
SetEnvironmentVariableA
SetEndOfFile
SetCurrentDirectoryW
SetCommState
SearchPathW
RtlUnwind
ResumeThread
ResetEvent
ReleaseSemaphore
ReleaseMutex
RegisterWaitForSingleObjectEx
RegisterWaitForSingleObject
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceCounter
QueryDosDeviceW
PostQueuedCompletionStatus
PeekNamedPipe
OpenProcess
OpenEventW
MultiByteToWideChar
MapViewOfFile
LockResource
LockFile
LocalAlloc
LoadResource
LoadLibraryW
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
IsValidLocale
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
IsDBCSLeadByte
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
HeapSize
HeapReAlloc
HeapFree
HeapCreate
HeapAlloc
Heap32ListFirst
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultUILanguage
GetUserDefaultLangID
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetThreadContext
GetTempPathW
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetStringTypeW
GetStdHandle
GetStartupInfoW
GetQueuedCompletionStatus
GetProcessTimes
GetProcessHeap
GetProcAddress
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLongPathNameW
GetLocaleInfoW
GetLocaleInfoA
GetLastError
GetFileType
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetEnvironmentVariableA
GetEnvironmentStringsW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetConsoleMode
GetConsoleCP
GetCommandLineW
GetCommMask
GetCPInfo
GetACP
FreeLibrary
FormatMessageA
FlushFileBuffers
FindResourceW
ExpandEnvironmentStringsW
ExitThread
ExitProcess
CreateProcessW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerQueryValueA
VerQueryValueW

winmm

aux32Message
joy32Message
joySetThreshold
mciGetYieldProc
midiInGetID
midiInGetNumDevs
midiInOpen
midiOutGetID
waveOutReset
waveOutGetNumDevs
waveInOpen
waveInGetNumDevs
timeGetTime
mmDrvInstall
midiOutGetNumDevs

winspool.drv

AdvancedSetupDialog
CloseSpoolFileHandle
CommitSpoolData
ConvertAnsiDevModeToUnicodeDevmode
DEVICECAPABILITIES
DevQueryPrintEx
EndDocPrinter
ExtDeviceMode
FindFirstPrinterChangeNotification
FreePrinterNotifyInfo
PlayGdiScriptOnPrinterIC
PrinterProperties
QueryRemoteFonts
QuerySpoolMode
ScheduleJob
SplDriverUnloadComplete
SpoolerPrinterEvent
WaitForPrinterChange

shlwapi

StrFormatByteSize64A
StrCpyNW
SHSetThreadRef
SHRegisterValidateTemplate
SHGetThreadRef
ord16
SHCopyKeyW
SHCopyKeyA
PathFileExistsW
ColorHLSToRGB

Sections

.text
Size: 218KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

041192ba01e24641ea2965b43dac385f

Headers

File Characteristics

Imports

odbc32

advapi32

user32

msvcrt

ws2_32

opengl32

kernel32

version

winmm

winspool.drv

shlwapi

Sections

.text Size: 218KB - Virtual size: 220KB

.rdata Size: 30KB - Virtual size: 31KB

.data Size: 22KB - Virtual size: 23KB

.idata Size: 18KB - Virtual size: 19KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 218KB - Virtual size: 220KB

.rdata
Size: 30KB - Virtual size: 31KB

.data
Size: 22KB - Virtual size: 23KB

.idata
Size: 18KB - Virtual size: 19KB

.rsrc
Size: 8KB - Virtual size: 7KB