81b890564fbc3109e39c69027ee5e8f2f144226faebafbfae58b434ee1ef3716

Sharing

Copy URL Twitter E-mail

General

Target

81b890564fbc3109e39c69027ee5e8f2f144226faebafbfae58b434ee1ef3716
Size

824KB
MD5

f098d89db594c5f2f8cd40b3a8ac62c2
SHA1

25383bd78b505047697bb52334797ce8e73908a4
SHA256

81b890564fbc3109e39c69027ee5e8f2f144226faebafbfae58b434ee1ef3716
SHA512

1014d3255eefeebb5a3d654d8f1b3b18b94c72b0d527bfceecaee76a2f3f164983199e5274250e3b0c0519c996ba76df6392e7c1cc14374f94f5599e2b521074
SSDEEP

24576:c5n9nKDs7YEH+ZAlRr8Y2y4g2RsNS0mXy6G4+M8kDg/:PDA4O9hK1

Score

N/A

Malware Config

Signatures

Files

81b890564fbc3109e39c69027ee5e8f2f144226faebafbfae58b434ee1ef3716
.exe windows x86

eb92cdb2ecd71ec1cb2aaf1e76be154f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmInstallIMEW
ImmSetCompositionFontW
ImmSetCompositionFontA
ImmGetImeMenuItemsW
ImmConfigureIMEA
ImmReSizeIMCC
ImmSetCompositionWindow
ImmRequestMessageA
ImmGetRegisterWordStyleW
ImmUnregisterWordA
ImmUnlockIMCC
ImmSetActiveContextConsoleIME
ImmPutImeMenuItemsIntoMappedFile
ImmLockImeDpi
ImmIMPQueryIMEA
ImmGetCandidateWindow
ImmLockIMCC
ImmInstallIMEA
ImmShowSoftKeyboard
ImmLockIMC
ImmLoadIME
ImmGetVirtualKey
ImmRequestMessageW
ImmRegisterWordA
ImmGetContext
ImmConfigureIMEW
ImmGetDefaultIMEWnd
ImmEscapeA
ImmGetImeInfoEx

kernel32

CancelTimerQueueTimer
WaitNamedPipeW
WideCharToMultiByte
CreateMemoryResourceNotification
EnumSystemGeoID
SearchPathW
FindActCtxSectionStringW
GetCurrentThread
OpenWaitableTimerW
EnumDateFormatsW
GetModuleFileNameW
DosPathToSessionPathW
GetModuleHandleW
SetStdHandle
CreateProcessInternalA
SetLocalPrimaryComputerNameW
lstrcpynW
InterlockedPushEntrySList
GlobalFree
GetLocaleInfoW
LZCloseFile
Toolhelp32ReadProcessMemory
GetLastError
GetProcessIoCounters
EnumUILanguagesA
LoadLibraryW
GlobalAlloc
GetTapePosition
GetConsoleAliasesLengthW
GetEnvironmentStrings
SetConsoleCursorMode
SetFileApisToOEM

mfcsubs

??1CSyncObject@@UAE@XZ
??YCString@@QAEABV0@PBG@Z
??9@YG_NPBGABVCString@@@Z
??0CSyncObject@@QAE@PBG@Z
?Left@CString@@QBE?AV1@H@Z
??4CString@@QAEABV0@ABV0@@Z
??H@YG?AVCString@@ABV0@G@Z
??N@YG_NPBGABVCString@@@Z
?Right@CString@@QBE?AV1@H@Z
?AfxW2AHelper@@YGPADPADPBGH@Z
?ConcatCopy@CString@@IAEXHPBGH0@Z
?GetAt@CStringArray@@QBE?AVCString@@H@Z
??8@YG_NABVCString@@0@Z
?GetData@CStringArray@@QBEPBVCString@@XZ
?Create@CPlex@@SGPAU1@AAPAU1@II@Z
?RemoveAll@CStringArray@@QAEXXZ
?Find@CString@@QBEHPBG@Z
??ACStringArray@@QAEAAVCString@@H@Z
??ACStringArray@@QBE?AVCString@@H@Z
??0CString@@QAE@PBD@Z

certcli

CAEnumCertTypesEx
CACertTypeQuery
CAOIDAdd
CASetCertTypeExpiration
CAUpdateCA
DllCanUnloadNow
CAAccessCheck
CAFreeCertTypeProperty
CACertTypeAccessCheck
CAGetCAFlags
CADeleteCertType
CASetCertTypeFlagsEx
CACertTypeAccessCheckEx
CASetCertTypeExtension
CADeleteLocalAutoEnrollmentObject
CACountCertTypes
CADeleteCA
CACertTypeRegisterQuery
CASetCertTypePropertyEx
CAOIDGetLdapURL
CACreateAutoEnrollmentObjectEx
CAGetCAProperty
CAOIDCreateNew
CAGetCertTypeProperty
CAEnumFirstCA
CAEnumNextCertType
CASetCAExpiration
CAEnumCertTypesForCAEx
CAOIDFreeLdapURL

dssenh

CPVerifySignature
CPSetKeyParam
CPReleaseContext
CPCreateHash
CPImportKey
CPHashData
CPSetHashParam
CPGetKeyParam
DllRegisterServer
CPEncrypt
CPDuplicateKey
CPSetProvParam
CPHashSessionKey
CPGetHashParam
CPDuplicateHash
CPAcquireContext
CPDestroyHash
CPSignHash
CPDestroyKey
CPDecrypt
CPDeriveKey
CPGenRandom
CPGetUserKey
DllUnregisterServer
CPGenKey
CPGetProvParam
CPExportKey

hhsetup

?GetTitleW@CFolder@@QAEPBGXZ
?AddTitle@CCollection@@QAEPAVCTitle@@PBG0000GIPAVCLocation@@PAKH0@Z
?GetRootFolder@CCollection@@QAEPAVCFolder@@XZ
?GetVersion@CCollection@@QAEKXZ
?HandleCollection@CCollection@@AAEKPAVCParseXML@@PAD@Z
?IncrementRefTitleCount@CCollection@@QAEXXZ
?GetSampleLocation@CCollection@@QAEPADXZ
?MergeKeywords@CCollection@@QAEHPAD@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?AddTitle@CCollection@@QAEPAVCTitle@@PBD0000GIPAVCLocation@@PAKH0@Z
?SetParent@CFolder@@QAEXPAV1@@Z
?SetVolume@CLocation@@QAEXPBD@Z
?RemoveAll@CPointerList@@QAEXXZ
?SetPath@CLocation@@QAEXPBG@Z
?GetLanguage@CFolder@@QAEGXZ
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?SetTitle@CLocation@@QAEXPBG@Z
??4CFIFOString@@QAEAAV0@ABV0@@Z
?Dirty@CCollection@@QAEXXZ
?GetRefTitleCount@CCollection@@QAEKXZ
?GetVolume@CLocation@@QAEPADXZ
?MergeKeywords@CCollection@@QAEHPAG@Z
?GetMasterCHM@CCollection@@QAEHPAPAGPAG@Z

vfpodbc

ConfigDSN
fnVfpodbc
SQLSetConnectOption
??4CVfpodbc@@QAEAAV0@ABV0@@Z
LibMain
ConfigDSNEx

Sections

.text
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb92cdb2ecd71ec1cb2aaf1e76be154f

Headers

DLL Characteristics

File Characteristics

Imports

imm32

kernel32

mfcsubs

certcli

dssenh

hhsetup

vfpodbc

Sections

.text Size: 395KB - Virtual size: 394KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 181KB - Virtual size: 1.6MB

.rsrc Size: 154KB - Virtual size: 153KB

.reloc Size: 1024B - Virtual size: 872B

.text
Size: 395KB - Virtual size: 394KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 181KB - Virtual size: 1.6MB

.rsrc
Size: 154KB - Virtual size: 153KB

.reloc
Size: 1024B - Virtual size: 872B