24190b88e7e49b86e2e57266098996ea91a81bdd811adfaafc6ea71926d57158

Sharing

Copy URL Twitter E-mail

General

Target

24190b88e7e49b86e2e57266098996ea91a81bdd811adfaafc6ea71926d57158
Size

828KB
MD5

0c29694ac345ac06aa6bf93f8d3b95ac
SHA1

4b6bc35a6211c88d158299a9bed23bd2c71b48f5
SHA256

24190b88e7e49b86e2e57266098996ea91a81bdd811adfaafc6ea71926d57158
SHA512

f8e1ece33864014cb2d767d2fc55df052a86e794eb567837113588491c3bcd9e5ee051e3ae3c3a12da1dd0d353fba5fe354d7a4954fae89e5943d2ffe8ed04d1
SSDEEP

24576:ZEJm+KThPjITd5WgIGwms01ESqYD6SC5:WJm+WhP1H21nOX

Score

N/A

Malware Config

Signatures

Files

24190b88e7e49b86e2e57266098996ea91a81bdd811adfaafc6ea71926d57158
.exe windows x86

0fd99b2011468cbf4c875c1facec5111

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbcconf

DllCanUnloadNow
DllGetClassObject
SetActionLogFile
SetSilent
OpenAppRegEnum
CloseAppRegEnum
RefreshAppRegEnum
UnregisterApplication
SetActionLogMode
RunDLL32_UnregisterApplication
SetActionName
SetActionEnum
SetActionLogModeSz
RunDLL32_RegisterApplication
DllRegisterServer
AppRegEnum
QueryApplication
ExecuteAction

msvcirt

?peek@istream@@QAEHXZ
??_Gistream_withassign@@UAEPAXI@Z
?lock@ios@@QAAXXZ
??6ostream@@QAEAAV0@C@Z
?open@filebuf@@QAEPAV1@PBDHH@Z
??0stdiobuf@@QAE@ABV0@@Z
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??4ifstream@@QAEAAV0@ABV0@@Z
?init@ios@@IAEXPAVstreambuf@@@Z
??4logic_error@@QAEAAV0@ABV0@@Z
_mtlock
??_8strstream@@7Bistream@@@
?sbumpc@streambuf@@QAEHXZ
??_7iostream@@6B@
?out_waiting@streambuf@@QBEHXZ
??0strstreambuf@@QAE@XZ
??5istream@@QAEAAV0@AAO@Z
??_Gostream@@UAEPAXI@Z
??_7strstreambuf@@6B@
??4ostream@@IAEAAV0@ABV0@@Z
?fd@fstream@@QBEHXZ
??_Distrstream@@QAEXXZ
??4iostream@@IAEAAV0@PAVstreambuf@@@Z

wininet

GopherGetLocatorTypeA
DeleteUrlCacheEntry
CommitUrlCacheEntryA
DeleteUrlCacheContainerW
FtpSetCurrentDirectoryW
ForceNexusLookup
GopherGetAttributeA
InternetFindNextFileW
GetUrlCacheConfigInfoW
DllInstall
InternetSetFilePointer
InternetSetStatusCallbackA
InternetSetDialStateW
FtpPutFileA
InternetCheckConnectionW
SetUrlCacheEntryInfoA
InternetAlgIdToStringW
HttpEndRequestA
InternetShowSecurityInfoByURLA
InternetAutodialHangup
InternetSetPerSiteCookieDecisionA
InternetWriteFileExA
InternetConfirmZoneCrossing
UnlockUrlCacheEntryFileW
FtpPutFileW
InternetGetPerSiteCookieDecisionW
InternetDial
InternetSetOptionExW
InternetConnectA
FindFirstUrlCacheGroup

kernel32

SetComPlusPackageInstallStatus
SetFirmwareEnvironmentVariableW
Toolhelp32ReadProcessMemory
EnumDateFormatsExW
BackupRead
GlobalCompact
ReleaseSemaphore
AttachConsole
lstrlenA
CreateDirectoryExA
DisconnectNamedPipe
LoadLibraryW
WideCharToMultiByte
GetNextVDMCommand
HeapUnlock
DeleteFileA
GetConsoleAliasExesA
SetFileApisToOEM
lstrcpy
InterlockedFlushSList
FindNextVolumeA
FindFirstFileExW
GetCurrentProcess
GetCompressedFileSizeW
GlobalUnfix
GetConsoleWindow
MapUserPhysicalPagesScatter
GetModuleFileNameA
GetCurrentThread
QueryPerformanceCounter
WritePrivateProfileStructW
GetConsoleAliasExesW
GetThreadContext
AllocConsole
GetModuleHandleW
QueryPerformanceFrequency
GetLocaleInfoA
SetConsoleMode
CreateConsoleScreenBuffer
lstrcpynA
EndUpdateResourceA
GetProfileStringW
TerminateThread

mssip32

CryptSIPVerifyIndirectData
CryptSIPGetRegWorkingFlags
CryptSIPPutSignedDataMsg
CryptSIPGetSignedDataMsg
CryptSIPGetInfo
DllRegisterServer
CryptSIPRemoveSignedDataMsg
CryptSIPCreateIndirectData
DllUnregisterServer

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fd99b2011468cbf4c875c1facec5111

Headers

DLL Characteristics

File Characteristics

Imports

odbcconf

msvcirt

wininet

kernel32

mssip32

Sections

.text Size: 397KB - Virtual size: 397KB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 181KB - Virtual size: 1.5MB

.rsrc Size: 117KB - Virtual size: 117KB

.reloc Size: 1024B - Virtual size: 828B

.text
Size: 397KB - Virtual size: 397KB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 181KB - Virtual size: 1.5MB

.rsrc
Size: 117KB - Virtual size: 117KB

.reloc
Size: 1024B - Virtual size: 828B