99ec9ec4d65a908e4154d6e961389117b535eb8179fd671941f912f317741aba

Sharing

Copy URL

Twitter E-mail

General

Target

99ec9ec4d65a908e4154d6e961389117b535eb8179fd671941f912f317741aba
Size

225KB
MD5

0040e0e665184a6f6798cbba37675b16
SHA1

e7d466410f8f72676e593408284a1fa420e10302
SHA256

99ec9ec4d65a908e4154d6e961389117b535eb8179fd671941f912f317741aba
SHA512

66be1a95fa4677fdd16fe3704759626cb850729f45900215cf8a004a7601e42728470a3b4dd84a4dfb98d2f05336233dda54a16e5d71e787b7c295b18bbdd3c0
SSDEEP

6144:So9fugZp2b5+Yu+8goNOBazN8O5O3gN9lKvJrNaVWQbH:SKmgZpfPNrL5sg4JrYBH

Score

N/A

Malware Config

Signatures

Files

99ec9ec4d65a908e4154d6e961389117b535eb8179fd671941f912f317741aba
.zip
2014_11rechnung_K4768955881_pdf_sign_telekom_de_deutschland_gmbh.exe
.exe windows x86

df814ab6ce2e28fa7cd8eb0e3a039837

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mssign32

PvkFreeCryptProv
SignerSignEx
SignerFreeSignerContext
PvkPrivateKeySaveToMemory
PvkPrivateKeyLoadFromMemory
PvkPrivateKeyLoadA
SignError
FreeCryptProvFromCert
PvkPrivateKeyAcquireContextFromMemoryA
SpcGetCertFromKey
SignerCreateTimeStampRequest
PvkPrivateKeySave
SignerAddTimeStampResponseEx

dbghelp

ExtensionApiVersion
SymUnloadModule
SymInitialize
SymGetLinePrev64
SymEnumerateModules64
ImageRvaToVa
EnumerateLoadedModules
EnumerateLoadedModules64
SymGetSymFromName64
SymGetSymNext64
SearchTreeForFile
SymGetSymFromAddr64
SymGetModuleBase
SymRegisterFunctionEntryCallback
FindFileInSearchPath
MapDebugInformation
SymGetLineFromAddr64
SymLoadModule

resutils

ResUtilGetSzProperty
ResUtilVerifyResourceService
ResUtilEnumResources
ResUtilPropertyListFromParameterBlock
ResUtilGetResourceDependencyByName
ResUtilSetExpandSzValue
ResUtilGetSzValue
ResUtilGetDwordProperty
ResUtilSetPropertyTableEx

dciman32

WinWatchClose
WinWatchDidStatusChange
DCIEndAccess
WinWatchGetClipList
WinWatchOpen
DCICreateOffscreen
GetWindowRegionData
DCISetDestination
DCIOpenProvider
DCICreatePrimary
DCICloseProvider
DCISetSrcDestClip
DCICreateOverlay
DCIDraw
DCIDestroy
DCISetClipList
DCIBeginAccess
GetDCRegionData
WinWatchNotify
DCIEnum

odbctrac

TraceSQLExecDirect
TraceSQLAllocStmt
TraceSQLDescribeColW
TraceSQLTablesW
TraceSQLDataSources
TraceSQLGetStmtAttr
TraceSQLBindParam
TraceSQLError
TraceSQLGetConnectAttrW
TraceSQLGetConnectAttr
TraceVersion
TraceSQLSetScrollOptions
TraceSQLBrowseConnect
TraceSQLGetConnectOption
TraceSQLNumResultCols
TraceSQLDriverConnect
TraceReturn
TraceSQLSetEnvAttr
TraceOpenLogFile
TraceSQLGetCursorNameW

schannel

QueryContextAttributesA
VerifySignature
QueryContextAttributesW
MakeSignature
DeleteSecurityContext
SealMessage
InitializeSecurityContextW
AcceptSecurityContext
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
InitializeSecurityContextA
ImpersonateSecurityContext
SslLoadCertificate
SpUserModeInitialize
SslGenerateRandomBits
InitSecurityInterfaceA
FreeContextBuffer
SslGetMaximumKeySize
SslFreeCertificate
RevertSecurityContext

glu32

gluDeleteQuadric
gluGetString
gluNewQuadric
gluNextContour
gluGetNurbsProperty
gluPartialDisk

msvbvm60

Zombie_AddRef
__vbaEraseNoPop
__vbaPrintFile
_CIlog
__vbaHresultCheckNonvirt
_adj_fdiv_m32
__vbaVarSub
__vbaR4Str
rtcSYD

loghours

ConnectionScheduleDialog
ReplicationScheduleDialog
DialinHoursDialogEx
LogonScheduleDialog
ConnectionScheduleDialogEx
ReplicationScheduleDialogEx
DirSyncScheduleDialogEx
LogonScheduleDialogEx
DialinHoursDialog
DirSyncScheduleDialog

kernel32

VirtualAlloc
SetCurrentDirectoryW
lstrcpynW
GetVersionExW
GetFileAttributesA
GetConsoleTitleA

Sections

.text
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df814ab6ce2e28fa7cd8eb0e3a039837

Headers

DLL Characteristics

File Characteristics

Imports

mssign32

dbghelp

resutils

dciman32

odbctrac

schannel

glu32

msvbvm60

loghours

kernel32

Sections

.text Size: 278KB - Virtual size: 277KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 278KB - Virtual size: 277KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 5KB - Virtual size: 4KB