b43dc9e36a416f44dbf07baeb2a40ab4abd5b7f69cb340ee720701fa9f19a045

Sharing

Copy URL Twitter E-mail

General

Target

b43dc9e36a416f44dbf07baeb2a40ab4abd5b7f69cb340ee720701fa9f19a045
Size

46KB
MD5

7445b004e0f4d691705ccbb3f70c2cb9
SHA1

6b71b025bf8b5059a814d6e815ebfb3b48eb5543
SHA256

b43dc9e36a416f44dbf07baeb2a40ab4abd5b7f69cb340ee720701fa9f19a045
SHA512

da18e5f63ba9821ef3c035c10eb73fed0648057f57290a31cf48c857606a1dfea2ede281e5fccd38cad0d38928320b71cdf2887c70b222f7f6c92c8eb1dd6777
SSDEEP

768:09/2paw5nkDPo5IiGrDHcKoYev944EvxAs7Kf7CiDFEcVesubvb/V1Hbigm/b4qP:01eNPBGrD8nvv99EJT82gd+vHHbigm/r

Score

N/A

Malware Config

Signatures

Files

b43dc9e36a416f44dbf07baeb2a40ab4abd5b7f69cb340ee720701fa9f19a045
.exe windows x86

f4ba848977e08e7e63aac653b52c401b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

UNKOBJ_ScAllocate@12
SetAttribIMsgOnIStg@16
MAPIAllocateMore
__CPPValidateParameters@8
DeinitMapiUtil@0
MAPILogon
ScInitMapiUtil@4
FreeProws@4
MNLS_WideCharToMultiByte@32
MAPISendMail
HrThisThreadAdviseSink@8
HrQueryAllRows@24
ScRelocProps@20
CreateTable@36
BMAPIResolveName
cmc_free
OpenIMsgOnIStg@44
UlRelease@4
MNLS_IsBadStringPtrW@8
LpValFindProp@12
cmc_read
UFromSz@4
BMAPIFindNext
BuildDisplayTable@40
HrSetOmiProvidersFlagsInvalid@4
WrapStoreEntryID@24
cmc_query_configuration
ScGenerateMuid@4
BMAPISendMail
MAPIOpenFormMgr@8

sqlunirl

_LoadLibrary@4
_CreateWaitableTimer_@12
_OpenFileMapping_@12
_MapVirtualKey_@8
_RemoveFontResource_@4
_ExtractAssociatedIcon_@12
_SHGetPathFromIDList_@8
_GetOutlineTextMetrics_@12
_lstrcmp_@8
_GetICMProfile_@12
AllocConvertMultiSZNameToAEx
_GetBinaryType_@8
_RegEnumValue_@32
_WritePrivateProfileString_@16
_GetDiskFreeSpaceEx@16
_CreatePropertySheetPage_@4
_GetUnicodeRedirectionLayer@0
_EndUpdateResource_@8
_InitiateSystemShutdown_@20
_StartService_@12
_CreateDialogIndirectParam@20
_CreateFileMapping_@24
_DefMDIChildProc_@16
_DialogBoxIndirectParam_@20
_GlobalFindAtom_@4
_GetPrivateProfileInt_@16

advapi32

WmiFileHandleToInstanceNameA
SetServiceObjectSecurity
AddAce
AccessCheck
SystemFunction026
LsaLookupNames2
I_ScSendTSMessage
LsaEnumeratePrivileges
SystemFunction036
CredpDecodeCredential
LsaLookupNames
CryptSignHashA
WmiQueryGuidInformation
SaferSetLevelInformation
CreateRestrictedToken
DecryptFileW
RegQueryValueExW
LookupAccountSidA
OpenEventLogA
WmiDevInstToInstanceNameA
CredProfileLoaded
ElfReadEventLogA
RegisterServiceCtrlHandlerExW
I_ScSetServiceBitsW
SystemFunction014
CreateServiceW
CryptImportKey
RegQueryMultipleValuesW
SetSecurityInfoExA
SaferiRecordEventLogEntry
LsaCreateTrustedDomainEx
QueryServiceLockStatusW
SaferSetPolicyInformation
AllocateLocallyUniqueId

msrating

RatingCustomCrackData
RatingCustomDeleteCrackedData
ClickedOnRAT
RatingEnable
RatingInit
RatingCheckUserAccess
RatingAccessDeniedDialog2
RatingCustomSetUserOptions
RatingCustomSetDefaultBureau
VerifySupervisorPassword
RatingCustomRemoveRatingHelper
RatingSetupUI
RatingCustomInit
RatingCustomAddRatingHelper
ClickedOnPRF
RatingAddPropertyPages
RatingFreeDetails
RatingObtainQuery
ChangeSupervisorPassword
RatingEnabledQuery
RatingCustomAddRatingSystem
RatingAccessDeniedDialog
RatingObtainCancel

dhcpsapi

DhcpCreateOption
DhcpSetClientInfoV4
DhcpRemoveSubnetElementV4
DhcpDsClearHostServerEntries
DhcpGetOptionValue
DhcpRemoveOption
DhcpSetServerBindingInfo
DhcpServerGetConfigV4
DhcpDeleteClass
DhcpGetMScopeInfo
DhcpGetMCastMibInfo
DhcpEnumOptions
DhcpServerQueryAttributes
DhcpDsInit
DhcpEnumMScopeElements
DhcpCreateClass
DhcpSetOptionInfoV5
DhcpEnumClasses
DhcpGetClientInfo
DhcpDeleteMClientInfo
DhcpServerSetConfig
DhcpEnumSubnetElementsV5
DhcpGetOptionValueV5
DhcpGetServerBindingInfo
DhcpSetOptionValueV5
DhcpAddMScopeElement
DhcpGetAllOptionValues

kernel32

IsValidLocale
ConvertDefaultLocale
GetCommandLineW
AddRefActCtx
GetEnvironmentVariableW
GetDiskFreeSpaceExA
SetConsoleActiveScreenBuffer
RemoveDirectoryA
EnumResourceTypesW
ReleaseActCtx
GetStartupInfoA
LoadLibraryA
SetThreadPriorityBoost
ReadConsoleOutputA
SignalObjectAndWait
SetVolumeLabelW
PeekConsoleInputA
GetCurrencyFormatA
GetPrivateProfileStructA
DeactivateActCtx
CloseHandle
IsBadReadPtr
WTSGetActiveConsoleSessionId
VerLanguageNameA
GetLocaleInfoA
GlobalSize
VirtualAlloc
RtlFillMemory
OutputDebugStringA
lstrcpyn
GetEnvironmentVariableA

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4ba848977e08e7e63aac653b52c401b

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

sqlunirl

advapi32

msrating

dhcpsapi

kernel32

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB