70c2901a5bef377814da9f93e03c8ba689462273f3ec6a5cf63b8dab31242311

Sharing

Copy URL

Twitter E-mail

General

Target

70c2901a5bef377814da9f93e03c8ba689462273f3ec6a5cf63b8dab31242311
Size

396KB
MD5

0e37d61cb00090802c0ca6ea6b0aa3ff
SHA1

f00a0626db912ded090c039fcdb3f9c02bcd9b4c
SHA256

70c2901a5bef377814da9f93e03c8ba689462273f3ec6a5cf63b8dab31242311
SHA512

73e47993b53951f0e2d038a69374f7bf777ed1facdef57f6dc65b739505e8bbd54f03dccaea83f9e1b6b9a6e47af97fef735772d0888dbc3b0645d949f478e59
SSDEEP

12288:mb7XWw1Ufy62/sz5U/4wQ0463kbSJwZT2:2TWw12usf0dUbMqS

Score

N/A

Malware Config

Signatures

Files

70c2901a5bef377814da9f93e03c8ba689462273f3ec6a5cf63b8dab31242311
.exe windows x86

e8328772bfa62a10ea8be7acc2300af2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
SetProcessPriorityBoost
AddConsoleAliasW
CancelDeviceWakeupRequest
FreeEnvironmentStringsW
GetFileType
FindCloseChangeNotification
GetExitCodeThread
GetNumaProcessorNode
GetPrivateProfileStructA
RegisterConsoleIME
SetFileValidData
DeviceIoControl
GetConsoleInputWaitHandle
UnhandledExceptionFilter
GetFullPathNameA
SetTermsrvAppInstallMode
SetFilePointerEx
GetModuleHandleW
GetLocaleInfoA
EnumSystemGeoID
GetStartupInfoW
FindResourceExW
FindNextChangeNotification
GetConsoleCommandHistoryW
OpenThread
OutputDebugStringA
GetModuleHandleExA
GetTimeFormatW
QueryDosDeviceA
SetConsoleInputExeNameA
GetThreadContext
lstrcatW
WaitForMultipleObjects
GetGeoInfoA
LocalFree
WaitNamedPipeA
GlobalUnWire
LZClose
CreateProcessInternalA
GetDevicePowerState
GetFileAttributesExW
FatalExit
FindFirstVolumeA
WritePrivateProfileSectionW
SetConsoleIcon
CreateConsoleScreenBuffer
CreateDirectoryW
GetCommModemStatus
SetConsoleCursor
GetModuleHandleA
WriteProcessMemory
FatalAppExitA
lstrcpy
SetEndOfFile
_lclose
PeekConsoleInputW
Toolhelp32ReadProcessMemory
WriteConsoleOutputAttribute
SetLocaleInfoW
CreateJobObjectA
lstrcpyn
QueryPerformanceCounter
GetConsoleNlsMode
SetStdHandle
LoadLibraryA
GetPrivateProfileStringW
CompareStringA
VirtualAlloc
SetDefaultCommConfigA
ProcessIdToSessionId
SetSystemTime
GetConsoleCommandHistoryA
GetProcAddress
ReadConsoleInputW
GetNamedPipeHandleStateW
ReadConsoleInputExA
GlobalFindAtomW
GetLogicalDriveStringsA
GetEnvironmentStrings

query

?Add@CDbSortSet@@QAEHABVCDbColId@@KI@Z
??0CMetaDataMgr@@QAE@HW4CiVRootTypeEnum@@KPBG@Z
?ContainsDrive@CDriveInfo@@SGHPBG@Z
??1CInternalPropertyRestriction@@QAE@XZ
?InitializeForWrite@CDynStream@@QAEXK@Z
?ciIsValidPointer@@YGHPBX@Z
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KPAUtagPROPVARIANT@@PAI@Z
?ChangeCurrentCatalog@CCatState@@QAEXPBG@Z
??0CInternalPropertyRestriction@@QAE@KKABVCStorageVariant@@PAVCRestriction@@@Z
?AddCachedProperty@CCatalogAdmin@@QAEXABVCFullPropSpec@@KKKH@Z
?Flush@CPropStoreManager@@QAEXXZ
?CiNtOpen@@YGPAXPBGKKK@Z
?UnMarshall@CDbPropSet@@QAEHAAVPDeSerStream@@@Z
?Marshall@CDbPropSet@@QBEXAAVPSerStream@@@Z
?ClearList@CCombinedPropertyList@@QAEXXZ
?Add@CDbColumns@@QAEHABVCDbColId@@I@Z
?GetCommandChar@CQueryScanner@@QAEGXZ
?Reopen@CPhysStorage@@QAEXH@Z
?SetMappedCacheSize@CPropStoreManager@@QAEXKK@Z
?GetCGIVariableW@CWebServer@@QAEHPBGAAV?$XArray@G@@AAK@Z
?Read@CRcovStrmTrans@@QAEKPAXK@Z
?GetBrowserCodepage@@YGKAAVCWebServer@@K@Z
?IsCatalogInactive@CCatalogAdmin@@QAEHXZ
?PidToRealPid@CPidMapper@@QAEKK@Z
??0CRcovStrmMDTrans@@QAE@AAVPRcovStorageObj@@W4MDOp@0@K@Z
?IsSameDrive@CDriveInfo@@QAEHPBG@Z
?IsWriteProtected@CDriveInfo@@QAEHXZ
?GetWeight@CDbCmdTreeNode@@QBEJXZ
?Rewind@CMmStreamConsecBuf@@QAEXXZ
??0CEventItem@@QAE@GGKGKPBX@Z
?AcceptWord@CQueryScanner@@QAEXXZ

crtdll

log
_wcsset
_stricoll
_y1
_mbsstr
_wcsicoll
_winmajor_dll
wcsncat
_putenv
_spawnv
_mbctombb
atexit
_getdiskfree
feof
_getcwd
iswlower
_errno
_mktemp
_cabs
_statusfp
strstr
_spawnle
iswxdigit
_rmdir
_cgets
fputc
_CIatan
fgetwc
log10
strcat
_getdrive
_ultow
_execlp
_rotl

msi

MsiGetProductPropertyW
MsiEnumPatchesW
MsiGetFeatureStateW
MsiSetTargetPathA
MsiAdvertiseProductW
MsiPreviewDialogA
MsiViewGetErrorW
MsiGetComponentStateW
MsiGetProductCodeFromPackageCodeA
MsiSequenceW
MsiSourceListForceResolutionW
MsiEnumClientsA
MsiRecordDataSize
MsiQueryProductStateW
MsiGetFileSignatureInformationA
MsiAdvertiseScriptA
MsiDatabaseExportW
MsiRecordSetStringW
MsiViewModify
MsiQueryFeatureStateFromDescriptorW
MsiAdvertiseProductExA
MsiGetUserInfoA
MsiAdvertiseScriptW
MsiReinstallProductW
MsiGetPropertyA
MsiViewGetErrorA
MsiOpenProductW
MsiUseFeatureA
MsiGetFeatureInfoA
MsiGetTargetPathW
MsiGetFileHashA
MsiGetShortcutTargetW
MsiGetSourcePathA
MsiDatabaseGenerateTransformA
MsiRecordReadStream
MsiInstallMissingFileW
MsiRecordSetStreamA
MsiGetPatchInfoA
MsiSourceListClearAllA

wininet

LoadUrlCacheContent
IsUrlCacheEntryExpiredA
HttpOpenRequestA
SetUrlCacheGroupAttributeW
DeleteUrlCacheGroup
InternetConfirmZoneCrossingW
FtpGetFileSize
GetUrlCacheConfigInfoA
FtpGetFileW
HttpEndRequestW
GetUrlCacheEntryInfoExA
InternetSetPerSiteCookieDecisionW
DeleteIE3Cache
ShowCertificate
InternetAlgIdToStringA
InternetSecurityProtocolToStringA
FindFirstUrlCacheContainerA
InternetQueryFortezzaStatus
InternetAutodialHangup
InternetUnlockRequestFile
FindNextUrlCacheEntryExW
InternetSetDialStateA
InternetGetConnectedStateEx
DllInstall
InternetWriteFileExW
InternetOpenW
UrlZonesDetach
HttpEndRequestA
InternetShowSecurityInfoByURLA
PrivacySetZonePreferenceW
FindNextUrlCacheGroup
HttpOpenRequestW
InternetAlgIdToStringW
InternetCreateUrlW

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8328772bfa62a10ea8be7acc2300af2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

query

crtdll

msi

wininet

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 132KB - Virtual size: 132KB

.data Size: 151KB - Virtual size: 592KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 132KB - Virtual size: 132KB

.data
Size: 151KB - Virtual size: 592KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 1024B - Virtual size: 1024B