167a2cc44f72dc47f12534dc3d77e4c708d1e5ba9e5460c784ec1ec55acd2270

Sharing

Copy URL

Twitter E-mail

General

Target

167a2cc44f72dc47f12534dc3d77e4c708d1e5ba9e5460c784ec1ec55acd2270
Size

225KB
MD5

01856eece165424b647c00241ecb118f
SHA1

affe0e26dc4be914f4b23739aeeb60675b814d70
SHA256

167a2cc44f72dc47f12534dc3d77e4c708d1e5ba9e5460c784ec1ec55acd2270
SHA512

9fb70315da251da18b6688d8b4352f072bf565dd0604d09c1b76480a94c0c6a9a58e8e395a52eac5ad13ab06bd6ad2c6f9104e2686aa0281adb5a48127f81aa9
SSDEEP

6144:bo9fugZp2b5+Yu+8goNOBazN8O5O3gN9lKvJrNaVWQbe:bKmgZpfPNrL5sg4JrYBe

Score

N/A

Malware Config

Signatures

Files

167a2cc44f72dc47f12534dc3d77e4c708d1e5ba9e5460c784ec1ec55acd2270
.zip
2014_11rechnung_K4768955881_pdf_sign_telekom_de_deutschland_gmbh.exe
.exe windows x86

df814ab6ce2e28fa7cd8eb0e3a039837

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mssign32

PvkFreeCryptProv
SignerSignEx
SignerFreeSignerContext
PvkPrivateKeySaveToMemory
PvkPrivateKeyLoadFromMemory
PvkPrivateKeyLoadA
SignError
FreeCryptProvFromCert
PvkPrivateKeyAcquireContextFromMemoryA
SpcGetCertFromKey
SignerCreateTimeStampRequest
PvkPrivateKeySave
SignerAddTimeStampResponseEx

dbghelp

ExtensionApiVersion
SymUnloadModule
SymInitialize
SymGetLinePrev64
SymEnumerateModules64
ImageRvaToVa
EnumerateLoadedModules
EnumerateLoadedModules64
SymGetSymFromName64
SymGetSymNext64
SearchTreeForFile
SymGetSymFromAddr64
SymGetModuleBase
SymRegisterFunctionEntryCallback
FindFileInSearchPath
MapDebugInformation
SymGetLineFromAddr64
SymLoadModule

resutils

ResUtilGetSzProperty
ResUtilVerifyResourceService
ResUtilEnumResources
ResUtilPropertyListFromParameterBlock
ResUtilGetResourceDependencyByName
ResUtilSetExpandSzValue
ResUtilGetSzValue
ResUtilGetDwordProperty
ResUtilSetPropertyTableEx

dciman32

WinWatchClose
WinWatchDidStatusChange
DCIEndAccess
WinWatchGetClipList
WinWatchOpen
DCICreateOffscreen
GetWindowRegionData
DCISetDestination
DCIOpenProvider
DCICreatePrimary
DCICloseProvider
DCISetSrcDestClip
DCICreateOverlay
DCIDraw
DCIDestroy
DCISetClipList
DCIBeginAccess
GetDCRegionData
WinWatchNotify
DCIEnum

odbctrac

TraceSQLExecDirect
TraceSQLAllocStmt
TraceSQLDescribeColW
TraceSQLTablesW
TraceSQLDataSources
TraceSQLGetStmtAttr
TraceSQLBindParam
TraceSQLError
TraceSQLGetConnectAttrW
TraceSQLGetConnectAttr
TraceVersion
TraceSQLSetScrollOptions
TraceSQLBrowseConnect
TraceSQLGetConnectOption
TraceSQLNumResultCols
TraceSQLDriverConnect
TraceReturn
TraceSQLSetEnvAttr
TraceOpenLogFile
TraceSQLGetCursorNameW

schannel

QueryContextAttributesA
VerifySignature
QueryContextAttributesW
MakeSignature
DeleteSecurityContext
SealMessage
InitializeSecurityContextW
AcceptSecurityContext
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
InitializeSecurityContextA
ImpersonateSecurityContext
SslLoadCertificate
SpUserModeInitialize
SslGenerateRandomBits
InitSecurityInterfaceA
FreeContextBuffer
SslGetMaximumKeySize
SslFreeCertificate
RevertSecurityContext

glu32

gluDeleteQuadric
gluGetString
gluNewQuadric
gluNextContour
gluGetNurbsProperty
gluPartialDisk

msvbvm60

Zombie_AddRef
__vbaEraseNoPop
__vbaPrintFile
_CIlog
__vbaHresultCheckNonvirt
_adj_fdiv_m32
__vbaVarSub
__vbaR4Str
rtcSYD

loghours

ConnectionScheduleDialog
ReplicationScheduleDialog
DialinHoursDialogEx
LogonScheduleDialog
ConnectionScheduleDialogEx
ReplicationScheduleDialogEx
DirSyncScheduleDialogEx
LogonScheduleDialogEx
DialinHoursDialog
DirSyncScheduleDialog

kernel32

VirtualAlloc
SetCurrentDirectoryW
lstrcpynW
GetVersionExW
GetFileAttributesA
GetConsoleTitleA

Sections

.text
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df814ab6ce2e28fa7cd8eb0e3a039837

Headers

DLL Characteristics

File Characteristics

Imports

mssign32

dbghelp

resutils

dciman32

odbctrac

schannel

glu32

msvbvm60

loghours

kernel32

Sections

.text Size: 278KB - Virtual size: 277KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 278KB - Virtual size: 277KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 5KB - Virtual size: 4KB