a644b6e572dd4a25cb0cbddded72d7f43fd822dc553047e721466cd86e0c0d0a

Sharing

Copy URL Twitter E-mail

General

Target

a644b6e572dd4a25cb0cbddded72d7f43fd822dc553047e721466cd86e0c0d0a
Size

544KB
MD5

a8c0a8e497637d2bbd67604d5fa638ec
SHA1

f6b3f16bf486a3c3aa46245e66367b29d1b04363
SHA256

a644b6e572dd4a25cb0cbddded72d7f43fd822dc553047e721466cd86e0c0d0a
SHA512

5ace4939beb037c418d91a4a108e74611024e47050c4b96e7cda6e769f41df22bafb69c43b2f7be5b9918d092adc4d1688010ca076b2992b5ae6bbc8e346d1f1
SSDEEP

12288:/z+uJLRPtckUSkxmk42yklKtySS1oXBCV72H93+9uMciSiMSNxTW:5RPpG99T1oXBCiFeFN9

Score

N/A

Malware Config

Signatures

Files

a644b6e572dd4a25cb0cbddded72d7f43fd822dc553047e721466cd86e0c0d0a
.exe windows x86

b1d7c394fdd7c1274f1d83e883bb3909

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_callnewh
wcsncmp
??_V@YAXPAX@Z
??3@YAXPAX@Z
_vsnwprintf_l
_wcsupr_l
_itow
_wcsnicmp_l
_wcsupr_s
memmove
_errno
_wfopen
ftell
fputc
fseek
fgetc
printf
_ltow
memset
wcslen
wcsncat_s
wcsrchr
_wsystem
_wcsupr
wcscmp
_wtol
_wsplitpath_s
_wmakepath_s
_resetstkoflw
_beginthreadex
_wcsicmp
_wcslwr
_msize
malloc
realloc
free
fflush
fwprintf
fprintf
_vsnprintf
_vsnwprintf
memcmp
_purecall
_endthreadex
labs
memcpy
wcsncpy_s
atof
wcsstr
__CxxFrameHandler3
abs
wcschr
fclose
_wrename
_wcsrev
wprintf

advapi32

GetSecurityInfo
OpenThreadToken
OpenProcessToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
RegConnectRegistryW
RegOpenKeyExW
LogonUserW
DuplicateTokenEx
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegSetValueExW
RegQueryValueExW
RegCloseKey
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptAcquireContextW
CryptGenKey
CryptExportKey
OpenEventLogW
NotifyChangeEventLog
RegisterEventSourceW
ReportEventW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
CloseEventLog
DeregisterEventSource
ReadEventLogW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptImportKey

kernel32

GetConsoleOutputCP
SystemTimeToFileTime
GetCurrentThread
FindNextFileW
GetCurrentThreadId
DuplicateHandle
ReleaseSemaphore
GetStartupInfoW
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
GetLocalTime
FormatMessageW
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
WriteConsoleInputW
GetDateFormatW
GetTimeFormatW
WideCharToMultiByte
SetLastError
LocalFree
ResetEvent
GetTickCount
CreateFileMappingA
MapViewOfFile
WriteFile
GetExitCodeProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
InterlockedExchange
InterlockedCompareExchange
MultiByteToWideChar
GetFileType
SetProcessWorkingSetSize
GetSystemDefaultLangID
ReleaseMutex
CreateMutexW
OpenMutexW
GetSystemDefaultLCID
CreateProcessW
lstrcatW
lstrcpyW
SetEnvironmentVariableW
GetEnvironmentVariableW
CompareStringW
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
lstrlenW
LoadLibraryA
RaiseException
VirtualFree
HeapCreate
VirtualQuery
ReadProcessMemory
SetHandleInformation
GetThreadPriority
InterlockedIncrement
Sleep
GetUserDefaultLCID
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetLastError
GetModuleFileNameW
SetProcessShutdownParameters
AllocConsole
GetProcAddress
GetSystemInfo
SetConsoleCtrlHandler
InitializeCriticalSection
GetComputerNameW
SetUnhandledExceptionFilter
GetModuleHandleW
LoadLibraryW
GetSystemDirectoryW
TerminateProcess
GetCurrentProcess
FlushFileBuffers
CloseHandle
SetEvent
DebugBreak
SetConsoleTitleW
CreateSemaphoreW
CreateEventW
SetErrorMode
OpenEventW
GetCurrentProcessId
GetVersionExW
GlobalMemoryStatus
SetThreadPriority
ExitProcess
ReadConsoleInputW
FlushConsoleInputBuffer
GetStdHandle
ReadFile
CreateFileW
FindClose
DeleteFileW
FindFirstFileW

user32

MessageBoxW
LoadStringW

ws2_32

WSACleanup
gethostbyname
WSAStartup
WSAGetLastError

secur32

GetUserNameExW

odbc32

ord72
ord16

sqlresourceloader

_LoadResourceLibraryWithName@8
_LoadResourceLibrary@4
_FreeResourceLibrary@4

sqlsvc

QNetPing
QScheduleTimeModify
QScheduleConvertValToTimeStruct
QSQLColumnType
SHRecMemInsert
QScheduleCalcNextOccurrence
QSQLConvertLength
QSQLPurgeResults
QSQLColumnName
QSQLRowsAffected
QSQLColumns
QSQLRowType
QSQLSetProperty
QSQLExecDirectAsync
QSQLNextRowAsync
QSQLMoreResultsAsync
QSQLCancelQuery
QSQLColumnData
QScheduleSecToHourFormat
QSQLGetUserData
QSQLSetUserData
QSQLCancel
QSQLIsConnDead
QSQLResults
QSQLNextRow
QSQLLogonEx
SQLSCMControl
SQLSCMGetServiceState
QSQLExecDirect
QSQLBind
QScheduleConvertValToDateStruct
SQLSvcExit
SHRecMemInit
SQLSvcInit
QScheduleGetCurDateTime
QScheduleConvertTimeStructToVal
QScheduleGetTimeDelta
QScheduleConvertDateToString
QScheduleConvertTimeToString
SHMemCleanUp
SHMemFreeFromHeapWithInfo
SHMemReAllocFromHeapWithInfo
SHRecMemBSLocate
SHMemAllocFromHeapWithInfo
SHRecMemBSInsert
SHMemInit
SHRecMemAdd
SHRecMemLock
SHRecMemDelete
QSQLLogoff
QSQLGetProperty
CreateCrossServiceSA
SHRecMemFree
FreeCrossServiceSA
QSQLPurgeExec

semmap

SFMapi1Version
SFMapi1ResolveName
SFMapi1GetNumProfiles
SFMapi1GetProfiles
SFMapi0GetProfiles
SFMapi1TestProfile
SFMapi0TestProfile
SFMapi1SendMail
SFMapi1GetMapiVerInfo
SFMapi1CanUseMAPI
SFMapi1Initialize
SFMapi1Logon
SFMapi1GetLastError
SFMapi1DeInitialize
SFMapi1Logoff

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
VariantChangeType

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

batchparser

?SetRecognizeOnlyVariables@Parser@BatchParser@@QAEX_N@Z
?SetBatchSource@Parser@BatchParser@@QAEXPAUIBatchSource@2@@Z
?SetVariableResolver@Parser@BatchParser@@QAEXPAUIVariableResolver@2@@Z
?SetCommandExecuter@Parser@BatchParser@@QAEXPAUICommandExecuter@2@@Z
?Parse@Parser@BatchParser@@QAE?AVParserState@2@_N@Z
??1Parser@BatchParser@@QAE@XZ
?GetStatus@ParserState@BatchParser@@QBE?AW4Status@12@XZ
?GetInfo@ParserState@BatchParser@@QBEPBGXZ
?GetLine@ParserState@BatchParser@@QBEHXZ
?GetErrorType@ParserState@BatchParser@@QBE?AW4ErrorType@12@XZ
??0Parser@BatchParser@@QAE@XZ

Exports

Exports

DmpGetClientExport
DmpRemoteDumpRequest

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1d7c394fdd7c1274f1d83e883bb3909

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

advapi32

kernel32

user32

ws2_32

secur32

odbc32

sqlresourceloader

sqlsvc

semmap

oleaut32

ole32

batchparser

Exports

Exports

Sections

.text Size: 324KB - Virtual size: 323KB

.data Size: 6KB - Virtual size: 64KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 18KB - Virtual size: 18KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 324KB - Virtual size: 323KB

.data
Size: 6KB - Virtual size: 64KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 18KB - Virtual size: 18KB

.vmp0
Size: 192KB - Virtual size: 1.3MB