97844e1f93932ed31656b47cbbc1a1086351e542d07007b3ad1842905c357fee

Sharing

Copy URL

Twitter E-mail

General

Target

97844e1f93932ed31656b47cbbc1a1086351e542d07007b3ad1842905c357fee
Size

225KB
MD5

b24680364c43406c43f186962c531445
SHA1

8b0c3ea67c2caf2ef6c88985a60a816ed265a4ab
SHA256

97844e1f93932ed31656b47cbbc1a1086351e542d07007b3ad1842905c357fee
SHA512

591cae9e558f801986d22d36e35fc5f5f4215b779f84288d1deb9d512c15585c3e81497b4ce96dd3348c5a201a79e80f6bb242023b1281e1053dacad0428da18
SSDEEP

6144:No9fugZp2b5+Yu+8goNOBazN8O5O3gN9lKvJrNaVWQbM:NKmgZpfPNrL5sg4JrYBM

Score

N/A

Malware Config

Signatures

Files

97844e1f93932ed31656b47cbbc1a1086351e542d07007b3ad1842905c357fee
.zip
2014_11rechnungonline_pdf_vodafone_0095890374_537999190_82135674.exe
.exe windows x86

df814ab6ce2e28fa7cd8eb0e3a039837

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mssign32

PvkFreeCryptProv
SignerSignEx
SignerFreeSignerContext
PvkPrivateKeySaveToMemory
PvkPrivateKeyLoadFromMemory
PvkPrivateKeyLoadA
SignError
FreeCryptProvFromCert
PvkPrivateKeyAcquireContextFromMemoryA
SpcGetCertFromKey
SignerCreateTimeStampRequest
PvkPrivateKeySave
SignerAddTimeStampResponseEx

dbghelp

ExtensionApiVersion
SymUnloadModule
SymInitialize
SymGetLinePrev64
SymEnumerateModules64
ImageRvaToVa
EnumerateLoadedModules
EnumerateLoadedModules64
SymGetSymFromName64
SymGetSymNext64
SearchTreeForFile
SymGetSymFromAddr64
SymGetModuleBase
SymRegisterFunctionEntryCallback
FindFileInSearchPath
MapDebugInformation
SymGetLineFromAddr64
SymLoadModule

resutils

ResUtilGetSzProperty
ResUtilVerifyResourceService
ResUtilEnumResources
ResUtilPropertyListFromParameterBlock
ResUtilGetResourceDependencyByName
ResUtilSetExpandSzValue
ResUtilGetSzValue
ResUtilGetDwordProperty
ResUtilSetPropertyTableEx

dciman32

WinWatchClose
WinWatchDidStatusChange
DCIEndAccess
WinWatchGetClipList
WinWatchOpen
DCICreateOffscreen
GetWindowRegionData
DCISetDestination
DCIOpenProvider
DCICreatePrimary
DCICloseProvider
DCISetSrcDestClip
DCICreateOverlay
DCIDraw
DCIDestroy
DCISetClipList
DCIBeginAccess
GetDCRegionData
WinWatchNotify
DCIEnum

odbctrac

TraceSQLExecDirect
TraceSQLAllocStmt
TraceSQLDescribeColW
TraceSQLTablesW
TraceSQLDataSources
TraceSQLGetStmtAttr
TraceSQLBindParam
TraceSQLError
TraceSQLGetConnectAttrW
TraceSQLGetConnectAttr
TraceVersion
TraceSQLSetScrollOptions
TraceSQLBrowseConnect
TraceSQLGetConnectOption
TraceSQLNumResultCols
TraceSQLDriverConnect
TraceReturn
TraceSQLSetEnvAttr
TraceOpenLogFile
TraceSQLGetCursorNameW

schannel

QueryContextAttributesA
VerifySignature
QueryContextAttributesW
MakeSignature
DeleteSecurityContext
SealMessage
InitializeSecurityContextW
AcceptSecurityContext
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
InitializeSecurityContextA
ImpersonateSecurityContext
SslLoadCertificate
SpUserModeInitialize
SslGenerateRandomBits
InitSecurityInterfaceA
FreeContextBuffer
SslGetMaximumKeySize
SslFreeCertificate
RevertSecurityContext

glu32

gluDeleteQuadric
gluGetString
gluNewQuadric
gluNextContour
gluGetNurbsProperty
gluPartialDisk

msvbvm60

Zombie_AddRef
__vbaEraseNoPop
__vbaPrintFile
_CIlog
__vbaHresultCheckNonvirt
_adj_fdiv_m32
__vbaVarSub
__vbaR4Str
rtcSYD

loghours

ConnectionScheduleDialog
ReplicationScheduleDialog
DialinHoursDialogEx
LogonScheduleDialog
ConnectionScheduleDialogEx
ReplicationScheduleDialogEx
DirSyncScheduleDialogEx
LogonScheduleDialogEx
DialinHoursDialog
DirSyncScheduleDialog

kernel32

VirtualAlloc
SetCurrentDirectoryW
lstrcpynW
GetVersionExW
GetFileAttributesA
GetConsoleTitleA

Sections

.text
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df814ab6ce2e28fa7cd8eb0e3a039837

Headers

DLL Characteristics

File Characteristics

Imports

mssign32

dbghelp

resutils

dciman32

odbctrac

schannel

glu32

msvbvm60

loghours

kernel32

Sections

.text Size: 278KB - Virtual size: 277KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 278KB - Virtual size: 277KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 5KB - Virtual size: 4KB