971c4a5d5f5df1e95607a29854adb1ff57e97871c163b37aa3cd8391ef7f7cce

Sharing

Copy URL Twitter E-mail

General

Target

971c4a5d5f5df1e95607a29854adb1ff57e97871c163b37aa3cd8391ef7f7cce
Size

103KB
MD5

ea6d55be136201a0969df31e25ea1549
SHA1

7ddae35108515a7b663473053a53cd75511405c0
SHA256

971c4a5d5f5df1e95607a29854adb1ff57e97871c163b37aa3cd8391ef7f7cce
SHA512

393e3cb452a7505a06c6746d76dbc059816e03650f266236948b81edfc2ab2389cb9a282d14829d84780d7fee9346720b41a6f072ff2cc1347fb16ee6efce646
SSDEEP

3072:XuHq5ICQn/LJG0OhJAiH9noWTo7ANCJikvM:XSCI/VOhc7RM

Score

N/A

Malware Config

Signatures

Files

971c4a5d5f5df1e95607a29854adb1ff57e97871c163b37aa3cd8391ef7f7cce
.exe windows x86

b13b6c038ed088f897a84d2c1a98a35f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlGetVersion
iswlower
RtlValidSecurityDescriptor
ZwSignalAndWaitForSingleObject
ZwQueryDefaultUILanguage
ZwQueryVirtualMemory
RtlCreateTimer
RtlConsoleMultiByteToUnicodeN
_splitpath
NtDeleteValueKey
NtShutdownSystem
RtlEqualLuid
ZwQuerySecurityObject
NtUnlockVirtualMemory
NtLockRegistryKey
NtDebugActiveProcess
CsrAllocateCaptureBuffer
ZwQueryIntervalProfile
NtSetInformationThread
NtResumeProcess
wcscpy
NtStopProfile
NtQueryDirectoryObject
RtlSetThreadIsCritical
RtlUpcaseUnicodeToOemN
RtlSelfRelativeToAbsoluteSD
RtlGetUserInfoHeap
NlsAnsiCodePage
ZwWaitForMultipleObjects
ZwRenameKey
RtlGetAce
wcschr
DbgUiContinue
NtSetInformationProcess
ZwQueryBootEntryOrder
RtlIpv4AddressToStringW
NtSetBootEntryOrder

kernel32

ReadConsoleInputExW
GetCurrentDirectoryA
Heap32First
LocalLock
OpenMutexA
GetVersion
WriteConsoleInputVDMA
lstrcatW
GetAtomNameW
GetConsoleAliasesLengthA
MoveFileWithProgressW
IsProcessorFeaturePresent
VirtualQueryEx
GetModuleHandleExW
RemoveDirectoryW
GetUserDefaultLCID
GetSystemTimeAdjustment
VerLanguageNameW
WritePrivateProfileStructW
CopyLZFile
GetProcessShutdownParameters
GetComputerNameExW
DeleteFileA
InitAtomTable
LoadLibraryA
GetCommandLineA
LockFile
CreateEventA
WaitForMultipleObjects
ExpungeConsoleCommandHistoryW
WriteFile
ReadDirectoryChangesW
SetVolumeLabelW
RegisterWowExec
GetCommModemStatus
SetConsoleLocalEUDC
SetCommConfig
GetProcessIoCounters
LoadModule
GetCurrentThread
GetBinaryTypeA
FlushConsoleInputBuffer
EndUpdateResourceW
GetComputerNameW
OpenConsoleW
SetEnvironmentVariableA
FindNextVolumeMountPointA
TlsSetValue
ClearCommBreak
CancelIo
GetModuleHandleA
GetConsoleAliasesW
PrivCopyFileExW
GetConsoleFontInfo
GetNumberOfConsoleInputEvents
SetHandleInformation
SetComputerNameExW
VirtualAlloc
PostQueuedCompletionStatus
LocalHandle
AddVectoredExceptionHandler
SetHandleCount
DnsHostnameToComputerNameW
SetCalendarInfoW
SystemTimeToTzSpecificLocalTime
SetLocalPrimaryComputerNameA
GetNumaHighestNodeNumber
SetCriticalSectionSpinCount
GetSystemDirectoryA
IsDBCSLeadByteEx
TlsGetValue
GetConsoleNlsMode
GetConsoleAliasesLengthW
SizeofResource
CreateNamedPipeA
WriteProcessMemory
UnregisterConsoleIME
CreateJobObjectW
ClearCommError
GetVolumeInformationA
MoveFileExA
GetDateFormatA
InitializeSListHead
DnsHostnameToComputerNameA
GetConsoleAliasExesLengthA
GlobalFix
HeapSetInformation
InterlockedFlushSList
ExitVDM
EnumSystemLocalesW
GetConsoleKeyboardLayoutNameW
FreeEnvironmentStringsA
LocalSize
LocalAlloc
GetModuleFileNameW
EnumResourceNamesW

odbc32

SQLColumnsA
SQLExecDirectW
SQLError
SQLColAttributesA
SQLDriversA
SQLStatisticsW
SQLSetStmtOption
SQLErrorA
SQLSpecialColumnsW
SQLColAttributesW
GetODBCSharedData
SQLBrowseConnect
SQLFreeConnect
g_hHeapMalloc
SQLGetTypeInfoW
SQLDescribeCol
SQLColumnPrivileges
SQLBrowseConnectW
SQLGetDescField
SQLGetConnectOptionW
SQLGetDiagFieldA
OpenODBCPerfData
SQLGetDiagRec
SQLSetDescFieldW
SQLTablePrivilegesW
SQLPrepareW
SQLStatistics
SQLSetStmtAttrW
SQLForeignKeys
SQLDescribeParam
CursorLibLockDbc
SQLAllocHandleStd
VRetrieveDriverErrorsRowCol
SQLProceduresW
SQLForeignKeysA
SQLDrivers
SQLSetConnectOption
SQLGetCursorNameW
SQLBrowseConnectA
SQLDataSources
SQLExtendedFetch
SQLGetTypeInfo
CollectODBCPerfData

ufat

??1REAL_FAT_SA@@UAE@XZ
??0ROOTDIR@@QAE@XZ
??1FAT_DIRENT@@UAE@XZ
??0CLUSTER_CHAIN@@QAE@XZ
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?InitFATChkDirty@REAL_FAT_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@@Z
?Set12@FAT@@AAEXKK@Z
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
?SearchForDirEntry@FATDIR@@QAEPAXPBVWSTRING@@@Z
?Initialize@FAT_DIRENT@@QAEEPAXE@Z
?FreeChain@FAT@@QAEXK@Z
ChkdskEx
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
?IsValidLastWriteTime@FAT_DIRENT@@QBEEXZ
Format
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
??1FAT_SA@@UAE@XZ
?AllocChain@FAT@@QAEKKPAK@Z
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??1FILEDIR@@UAE@XZ
?Write@CLUSTER_CHAIN@@UAEEXZ
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?Read@CLUSTER_CHAIN@@UAEEXZ
??1CLUSTER_CHAIN@@UAE@XZ
??0FAT_SA@@QAE@XZ
Recover
?QueryAllocatedClusters@FAT@@QBEKXZ
?Read@EA_SET@@UAEEXZ
?GetEa@EA_SET@@QAEPAU_EA@@KPAJPAE@Z
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?Index12@FAT@@ABEKK@Z
?QueryNthCluster@FAT@@QBEKKK@Z
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
??0FILEDIR@@QAE@XZ

advapi32

RegQueryInfoKeyA
GetMultipleTrusteeOperationA
GetSecurityDescriptorLength
LsaEnumerateAccountsWithUserRight
CryptDestroyKey
SaferIdentifyLevel
QueryTraceW
MD5Final
AccessCheckByTypeAndAuditAlarmA
CryptGetHashParam
QueryServiceObjectSecurity
BuildTrusteeWithObjectsAndNameW
LsaGetRemoteUserName
A_SHAUpdate
RegReplaceKeyW
ConvertAccessToSecurityDescriptorW
SystemFunction003
StartServiceA
SetInformationCodeAuthzPolicyW
ElfRegisterEventSourceW
LsaSetDomainInformationPolicy
QueryServiceConfigA
LsaCreateTrustedDomainEx
GetTraceEnableFlags
SetSecurityDescriptorSacl
RegQueryMultipleValuesA
ClearEventLogA
DestroyPrivateObjectSecurity
SetEntriesInAccessListW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b13b6c038ed088f897a84d2c1a98a35f

Headers

File Characteristics

Imports

ntdll

kernel32

odbc32

ufat

advapi32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 34KB - Virtual size: 163KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 980B

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 34KB - Virtual size: 163KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 980B