827b88e5778d87de8b9a6954fac8fefbde24866d7a6605ef978e13e6615f8407

Sharing

Copy URL Twitter E-mail

General

Target

827b88e5778d87de8b9a6954fac8fefbde24866d7a6605ef978e13e6615f8407
Size

826KB
MD5

e89b3e718f7d1766dfe487d0e88f5982
SHA1

76d910447274aba00ce2d7955d099199325f0070
SHA256

827b88e5778d87de8b9a6954fac8fefbde24866d7a6605ef978e13e6615f8407
SHA512

3e423cc8a609f84a2ea2f891e745da53914861e37f6beb8365213f9414582e14df98e46f3cbad90e5c04a89361bb45c200fce8c17fc843d912bb356029002c6e
SSDEEP

24576:wgaYopRl4eMvnGNij9JK9WD2V2Ftsc158vTIad:VaYo5mvGUW9i/sxr

Score

N/A

Malware Config

Signatures

Files

827b88e5778d87de8b9a6954fac8fefbde24866d7a6605ef978e13e6615f8407
.exe windows x86

1401826f6a90bafe96a6c2a1af0dced3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalShrink
FindNextVolumeMountPointA
AllocateUserPhysicalPages
DebugBreak
GetModuleHandleW
GetCurrencyFormatW
Module32NextW
GlobalUnlock
lstrcpyn
CreateActCtxA
_lwrite
SetFirmwareEnvironmentVariableW
LZOpenFileW
FindActCtxSectionGuid
GetCurrentThread
IsBadWritePtr
GetOEMCP
InitializeCriticalSectionAndSpinCount
LoadLibraryW
WriteFileEx
RtlUnwind
QueryPerformanceCounter
UnmapViewOfFile
ExpandEnvironmentStringsA
WriteConsoleInputA
GetLocaleInfoW
UTRegister
PeekConsoleInputA
VirtualFreeEx
OutputDebugStringA

sqlwoa

_GetClassInfo@12
_CallWindowProc@20
_MessageBox@16
_CharLower@4
newMultiByteFromWideCharSize
_LoadMenu@8
newMultiByteFromWideCharEx
_CharUpper@4
_MoveFile@8
_GetComputerName@8
_SetDlgItemText@12
ConvertMultiSZNameToW
_GetProp@8
_RemoveProp@8
_CreateDialogIndirectParam@20
AllocConvertMultiSZNameToA
_LoadLibrary@4
_GetVersionEx@4
_CreateFontIndirect@4
_IsDialogMessage@8
_GetWindowTextLength@4
_trename
_GetObject@12
_CreateFont@56
_GetUserName@8
_MAKEINTRESOURCE@4
_tsystem
_GetFileTitle@12
newWideCharFromMultiByte
_CommDlg_OpenSave_GetFilePath@12

ntdll

RtlSetUserValueHeap
ZwRequestWaitReplyPort
ZwPulseEvent
NtSetHighWaitLowEventPair
NtOpenProcessToken
strtol
NtCreateKey
RtlCopyLuid
NtTerminateJobObject
NtMapUserPhysicalPages
NtReplyWaitReplyPort
RtlGetFrame

mapistub

MAPIOpenFormMgr@8
MAPIOpenLocalFormContainer@4
FBadPropTag@4
UNKOBJ_Free@8
DllCanUnloadNow
DeinitMapiUtil@0
FBadProp@4
MAPISendMail
HrValidateIPMSubtree@20
SwapPword@8
HrIStorageFromStream@16
FtMulDw@12
BMAPIAddress
MAPISaveMail
HrGetOneProp@12
HrSetOneProp@8
LpValFindProp@12
UNKOBJ_ScAllocateMore@16
HrDecomposeMsgID@24
MAPILogonEx@20

gdi32

CreateDCW
SetRelAbs
GdiSetAttrs
GdiConvertPalette
EnableEUDC
GdiAlphaBlend
SetColorAdjustment
EngMultiByteToUnicodeN
SetPolyFillMode
GetCharWidthFloatW
EngGradientFill
GdiCreateLocalEnhMetaFile
AddFontResourceTracking
GetTextCharacterExtra
SwapBuffers
DdEntry42
GetHFONT
CreateRectRgn
EnumFontsA
GdiGetDC
GdiReleaseDC
GetSystemPaletteUse
GetOutlineTextMetricsW
GetBitmapBits
BRUSHOBJ_pvGetRbrush
FlattenPath
SetBitmapAttributes
GetDIBColorTable

Sections

.text
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1401826f6a90bafe96a6c2a1af0dced3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

sqlwoa

ntdll

mapistub

gdi32

Sections

.text Size: 413KB - Virtual size: 412KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 157KB - Virtual size: 1.5MB

.rsrc Size: 147KB - Virtual size: 147KB

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 413KB - Virtual size: 412KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 157KB - Virtual size: 1.5MB

.rsrc
Size: 147KB - Virtual size: 147KB

.reloc
Size: 1024B - Virtual size: 852B