9e044b5194d1834cc512f6b4276bea818782381a0087a5e8a6f8c8c132170293

Sharing

Copy URL

Twitter E-mail

General

Target

9e044b5194d1834cc512f6b4276bea818782381a0087a5e8a6f8c8c132170293
Size

225KB
MD5

32b6c49d279d2e2055898256b556273e
SHA1

35a56e0618fa217fa3f597a79c0edabfed1a644a
SHA256

9e044b5194d1834cc512f6b4276bea818782381a0087a5e8a6f8c8c132170293
SHA512

071125004404e0a3d99bf18536a4a8a5217404f04bcf528e9c744d02518cb0999b355cb4266105e055b06e6f3f5292d4b664b63001383e3a98a3a789b5e374ea
SSDEEP

6144:po9fugZp2b5+Yu+8goNOBazN8O5O3gN9lKvJrNaVWQbw:pKmgZpfPNrL5sg4JrYBw

Score

N/A

Malware Config

Signatures

Files

9e044b5194d1834cc512f6b4276bea818782381a0087a5e8a6f8c8c132170293
.zip
2014_11rechnung_K4768955881_pdf_sign_telekom_de_deutschland_gmbh.exe
.exe windows x86

df814ab6ce2e28fa7cd8eb0e3a039837

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mssign32

PvkFreeCryptProv
SignerSignEx
SignerFreeSignerContext
PvkPrivateKeySaveToMemory
PvkPrivateKeyLoadFromMemory
PvkPrivateKeyLoadA
SignError
FreeCryptProvFromCert
PvkPrivateKeyAcquireContextFromMemoryA
SpcGetCertFromKey
SignerCreateTimeStampRequest
PvkPrivateKeySave
SignerAddTimeStampResponseEx

dbghelp

ExtensionApiVersion
SymUnloadModule
SymInitialize
SymGetLinePrev64
SymEnumerateModules64
ImageRvaToVa
EnumerateLoadedModules
EnumerateLoadedModules64
SymGetSymFromName64
SymGetSymNext64
SearchTreeForFile
SymGetSymFromAddr64
SymGetModuleBase
SymRegisterFunctionEntryCallback
FindFileInSearchPath
MapDebugInformation
SymGetLineFromAddr64
SymLoadModule

resutils

ResUtilGetSzProperty
ResUtilVerifyResourceService
ResUtilEnumResources
ResUtilPropertyListFromParameterBlock
ResUtilGetResourceDependencyByName
ResUtilSetExpandSzValue
ResUtilGetSzValue
ResUtilGetDwordProperty
ResUtilSetPropertyTableEx

dciman32

WinWatchClose
WinWatchDidStatusChange
DCIEndAccess
WinWatchGetClipList
WinWatchOpen
DCICreateOffscreen
GetWindowRegionData
DCISetDestination
DCIOpenProvider
DCICreatePrimary
DCICloseProvider
DCISetSrcDestClip
DCICreateOverlay
DCIDraw
DCIDestroy
DCISetClipList
DCIBeginAccess
GetDCRegionData
WinWatchNotify
DCIEnum

odbctrac

TraceSQLExecDirect
TraceSQLAllocStmt
TraceSQLDescribeColW
TraceSQLTablesW
TraceSQLDataSources
TraceSQLGetStmtAttr
TraceSQLBindParam
TraceSQLError
TraceSQLGetConnectAttrW
TraceSQLGetConnectAttr
TraceVersion
TraceSQLSetScrollOptions
TraceSQLBrowseConnect
TraceSQLGetConnectOption
TraceSQLNumResultCols
TraceSQLDriverConnect
TraceReturn
TraceSQLSetEnvAttr
TraceOpenLogFile
TraceSQLGetCursorNameW

schannel

QueryContextAttributesA
VerifySignature
QueryContextAttributesW
MakeSignature
DeleteSecurityContext
SealMessage
InitializeSecurityContextW
AcceptSecurityContext
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
InitializeSecurityContextA
ImpersonateSecurityContext
SslLoadCertificate
SpUserModeInitialize
SslGenerateRandomBits
InitSecurityInterfaceA
FreeContextBuffer
SslGetMaximumKeySize
SslFreeCertificate
RevertSecurityContext

glu32

gluDeleteQuadric
gluGetString
gluNewQuadric
gluNextContour
gluGetNurbsProperty
gluPartialDisk

msvbvm60

Zombie_AddRef
__vbaEraseNoPop
__vbaPrintFile
_CIlog
__vbaHresultCheckNonvirt
_adj_fdiv_m32
__vbaVarSub
__vbaR4Str
rtcSYD

loghours

ConnectionScheduleDialog
ReplicationScheduleDialog
DialinHoursDialogEx
LogonScheduleDialog
ConnectionScheduleDialogEx
ReplicationScheduleDialogEx
DirSyncScheduleDialogEx
LogonScheduleDialogEx
DialinHoursDialog
DirSyncScheduleDialog

kernel32

VirtualAlloc
SetCurrentDirectoryW
lstrcpynW
GetVersionExW
GetFileAttributesA
GetConsoleTitleA

Sections

.text
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df814ab6ce2e28fa7cd8eb0e3a039837

Headers

DLL Characteristics

File Characteristics

Imports

mssign32

dbghelp

resutils

dciman32

odbctrac

schannel

glu32

msvbvm60

loghours

kernel32

Sections

.text Size: 278KB - Virtual size: 277KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 278KB - Virtual size: 277KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 5KB - Virtual size: 4KB