620585b3a4c0da06484b7800e1ec745bcd4094dc83fc4e4468f05d678a309586

Sharing

Copy URL

Twitter E-mail

General

Target

620585b3a4c0da06484b7800e1ec745bcd4094dc83fc4e4468f05d678a309586
Size

45KB
MD5

0651c1762bc5d2615fe4b8ac389b8c7c
SHA1

ee455ec73e42bc094d964ca07a5c9b25e4cada25
SHA256

620585b3a4c0da06484b7800e1ec745bcd4094dc83fc4e4468f05d678a309586
SHA512

b630ee0f91e3e59a494fd0564718fbcb14ad27af349d46f62da84f217334ba091bd8be5b0e8e59b5c9340ee1f3adec2c021757f018b2947119171f98590a4c71
SSDEEP

768:zAsbDeSUXG4tDfJHJamWxM0xYu6oUynZKuaRnrTztSzvHIpDNnxD:0sXPWpt7NcmWOuBUuQ9AvGDt9

Score

N/A

Malware Config

Signatures

Files

620585b3a4c0da06484b7800e1ec745bcd4094dc83fc4e4468f05d678a309586
.exe windows x86

0b25599225d5061e18a5b1a968b72568

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
SetProcessPriorityBoost
GetConsoleMode
SetNamedPipeHandleState
ReleaseActCtx
IsValidLocale
IsBadWritePtr
SetHandleInformation
ZombifyActCtx
SetConsoleFont
lstrcat
LZRead
GetStartupInfoA
GetSystemWow64DirectoryA
WriteProfileSectionW
GetThreadContext
VDMOperationStarted
GetSystemTimeAsFileTime
CallNamedPipeA
LocalAlloc
QueryActCtxW
LoadLibraryA

shlwapi

PathIsContentTypeW
StrFromTimeIntervalA
SHRegEnumUSValueW
PathRemoveBackslashA
PathUndecorateW
StrDupA
SHDeleteEmptyKeyA
StrRChrA
SHDeleteKeyW
UrlCombineW
StrFromTimeIntervalW
UrlGetPartW
AssocCreate
PathSearchAndQualifyA
wvnsprintfA
StrCSpnIW
SHRegCreateUSKeyA
SHRegEnumUSValueA
StrRetToBufW
PathUnmakeSystemFolderA
PathCreateFromUrlA
StrRChrIW
PathRemoveBackslashW

winsta

WinStationReset
WinStationGenerateLicense
WinStationVirtualOpen
_WinStationShadowTarget
WinStationIsHelpAssistantSession
WinStationWaitSystemEvent
WinStationEnumerateProcesses
LogonIdFromWinStationNameA
WinStationFreeGAPMemory
ServerLicensingOpenW
_WinStationWaitForConnect
WinStationDisconnect
ServerLicensingGetAvailablePolicyIds
WinStationCheckLoopBack
WinStationGetLanAdapterNameA
ServerLicensingGetPolicyInformationA

odbccu32

SQLExecute
SQLSetDescField
SQLTransact
SQLRowCount
SQLMoreResults
SQLBindCol
SQLSetScrollOptions
SQLExecDirect
SQLNumParams
SQLGetStmtOption
SQLExtendedFetch
ReleaseCLStmtResources
SQLGetDescField
SQLPutData
SQLGetDescRec

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b25599225d5061e18a5b1a968b72568

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

winsta

odbccu32

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB