1a1a604ea9c2bfd5444ae5b40ede1bb65722f47f7e0f2c8cd8466876dc28db22

Sharing

Copy URL Twitter E-mail

General

Target

1a1a604ea9c2bfd5444ae5b40ede1bb65722f47f7e0f2c8cd8466876dc28db22
Size

833KB
MD5

0f1cd611582c4b75d4d68aedfc546e5a
SHA1

8a5d2ff893e55f4d869fbf0215283b278872ec45
SHA256

1a1a604ea9c2bfd5444ae5b40ede1bb65722f47f7e0f2c8cd8466876dc28db22
SHA512

d4984d7c65c4e6ba2c57c5cd33d41d61f4cfca2371e6a82f06e303d039f0e4443eec2dc68261e92e58cde6e93ad124392ed41c66925852af50b39e67c739cf36
SSDEEP

24576:2QOyOeruaUDchEv69PMfoBI8RpDlL/LvP:3OyRaLgEv2PMfoB1xxLP

Score

N/A

Malware Config

Signatures

Files

1a1a604ea9c2bfd5444ae5b40ede1bb65722f47f7e0f2c8cd8466876dc28db22
.exe windows x86

6fe8674d964b791d3f1588b09771b5aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscms

OpenColorProfileW
GetColorProfileElement
InternalGetPS2CSAFromLCS
ConvertColorNameToIndex
GetCountColorProfileElements
UninstallColorProfileW
GetPS2ColorRenderingDictionary
GetColorProfileElementTag
SetStandardColorSpaceProfileW
InternalGetPS2ColorRenderingDictionary

ntdll

RtlUnicodeStringToOemSize
NtQueryOpenSubKeys
ZwCreateKey
RtlClearBits
RtlExtendedMagicDivide
NtShutdownSystem
RtlInitializeResource
ZwQuerySystemInformation
ZwQueryDirectoryObject
RtlNtPathNameToDosPathName
NtSetInformationKey
RtlLockBootStatusData
ZwAssignProcessToJobObject
RtlGetLastWin32Error
CsrCaptureMessageString
RtlLengthSecurityDescriptor
NtEnumerateKey
ZwQueryEvent

atmlib

ATMMakePSSW
ATMGetMenuNameW
ATMGetFontPaths
ATMGetMenuName
ATMBBoxBaseXYShowTextW
ATMGetFontInfoA
ATMGetBuildStrA
ATMGetFontPathsW
ATMMakePFMA
ATMRemoveSubstFontA
ATMGetVersionExW
ATMGetVersionEx
ATMFontStatusW
ATMFontStatus
ATMGetGlyphList
ATMRemoveSubstFontW

mpr

WNetConnectionDialog
MultinetGetConnectionPerformanceA
WNetEnumResourceA
WNetSetLastErrorA
WNetDisconnectDialog1W
WNetCancelConnection2A
WNetGetResourceInformationA
WNetEnumResourceW
WNetFormatNetworkNameA
WNetUseConnectionW
WNetAddConnectionW
WNetSetConnectionA
WNetDisconnectDialog2
WNetOpenEnumW

odbc32

SQLSetParam
SQLProcedureColumnsW
SQLTables
SQLAllocStmt
SQLGetDescField
SQLDescribeParam
SQLConnect
SQLGetTypeInfo
SQLProcedures
SQLSetCursorNameA
SQLSetScrollOptions
SQLSetDescField
SQLForeignKeysA

kernel32

IsValidCodePage
LocalAlloc
WriteFileEx
PurgeComm
GetStartupInfoA
GetTimeZoneInformation
DeleteVolumeMountPointA
GetSystemTimeAsFileTime
ReadFileScatter
LoadLibraryA
FindAtomW

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fe8674d964b791d3f1588b09771b5aa

Headers

DLL Characteristics

File Characteristics

Imports

mscms

ntdll

atmlib

mpr

odbc32

kernel32

Sections

.text Size: 390KB - Virtual size: 390KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 157KB - Virtual size: 1.6MB

.rsrc Size: 170KB - Virtual size: 169KB

.reloc Size: 1024B - Virtual size: 948B

.text
Size: 390KB - Virtual size: 390KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 157KB - Virtual size: 1.6MB

.rsrc
Size: 170KB - Virtual size: 169KB

.reloc
Size: 1024B - Virtual size: 948B