7d8e51d15cfba4c6393c8c8c704c9e796a6878c647b7cfc4fd74a98a42293a29

Sharing

Copy URL

Twitter E-mail

General

Target

7d8e51d15cfba4c6393c8c8c704c9e796a6878c647b7cfc4fd74a98a42293a29
Size

848KB
MD5

1aa370950729c3c6f87856ef14852f1e
SHA1

3b99483d20776ebd3d7518b935a998e68a8300e0
SHA256

7d8e51d15cfba4c6393c8c8c704c9e796a6878c647b7cfc4fd74a98a42293a29
SHA512

09086101ae6f511412139a9795fb81b1be9ad21b6d59531d1bdd52f55c4daa8ffce75ef0f4a2a684b6d7915bf8f684854a2069ff5262c239fb48af94fb19f31a
SSDEEP

12288:J6F0+nD/Auuy2XDiHayTLCP6/EZGWiIshm4B8ArzN3DODkaAAqQ3K0tzZxw3:J66+DoHTiajP0E9ry8GUDkyZzs

Score

N/A

Malware Config

Signatures

Files

7d8e51d15cfba4c6393c8c8c704c9e796a6878c647b7cfc4fd74a98a42293a29
.exe windows x86

43309a4803a939cfdda1e609024c8841

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlsrv32

BCP_control
SQLSetDescFieldW
BCP_bind
SQLConnectW
FinishDlgProc
SQLPutData
SQLCloseCursor
SQLNumResultCols
SQLSetCursorNameW
BCP_collen
BCP_writefmt
BCP_setcolfmt
WizDatabaseDlgProc
BCP_columns
SQLParamData
SQLSetConnectAttrW

kernel32

CompareStringA
ReadConsoleInputExA
WritePrivateProfileStringW
FindNextVolumeMountPointW
SetFilePointer
VirtualAlloc
GetBinaryTypeW
lstrcmpiW
ExitVDM
lstrcpynA
SetConsoleMenuClose
_lopen
SetEnvironmentVariableA
GetProfileStringW
BackupRead
FindFirstVolumeW
CreateFileA
IsValidCodePage
GetCommConfig
LoadLibraryA
InitializeCriticalSection

msvcrt

_ismbbalnum
??_Eexception@@UAEPAXI@Z
__getmainargs
wscanf
_daylight
vfprintf
_ismbbalpha
_findclose
putwchar
_CIpow
_lsearch
wcsftime
_adj_fdivr_m16i
_time64
_memccpy
_tell
_copysign
_getcwd
??0exception@@QAE@ABQBD@Z
_wgetcwd
_aligned_malloc
_write
_seh_longjmp_unwind
_isctype
sqrt
_gmtime64

regapi

RegWdCreateW
RegWinStationQueryEx
RegWinStationCreateA
RegCdDeleteA
RegDefaultUserConfigQueryW
RegCdCreateA
RegWinStationEnumerateW
RegCdDeleteW
RegGetMachinePolicy
RegCdQueryW
RegGetUserConfigFromUserParameters
RegQueryUtilityCommandList
RegWinStationCreateW
RegDefaultUserConfigQueryA
RegQueryOEMId
RegGetUserPolicy
RegWdDeleteA
RegWinStationQueryNumValueW
RegWdDeleteW

sqlunirl

_DlgDirList_@20
_NDdeIsValidShareName_@4
_CallNamedPipe_@28
AbortSystemShutdown_
_LoadBitmap@8
_GetCharacterPlacement_@24
_CreateFile@28
_EnumFontFamiliesEx_@20
_SetWindowText@8
_SendMessage@16
_LoadImage_@24
_RegisterWindowMessage_@4
_ShellExecuteEx_@4
_BeginUpdateResource_@8
_BuildCommDCBAndTimeouts_@12
_GetKeyNameText_@12
_NDdeTrustedShareEnum_@24
_SetComputerName_@4
_EnumResourceLanguages_@20
_GetToolsFilePath@16

Sections

.text
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43309a4803a939cfdda1e609024c8841

Headers

DLL Characteristics

File Characteristics

Imports

sqlsrv32

kernel32

msvcrt

regapi

sqlunirl

Sections

.text Size: 740KB - Virtual size: 740KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 740KB - Virtual size: 740KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB