705b6c8abe8da17374dfa919dcedbdba85d8f54614133c78324d1bf5df59aafc

Sharing

Copy URL Twitter E-mail

General

Target

705b6c8abe8da17374dfa919dcedbdba85d8f54614133c78324d1bf5df59aafc
Size

116KB
MD5

1227ddc8a59fb18df45b233e98e680d0
SHA1

f17b6fbb6e90bf9451023bb06bf576c277ac11c3
SHA256

705b6c8abe8da17374dfa919dcedbdba85d8f54614133c78324d1bf5df59aafc
SHA512

84be54c3bb4d68619de28cd623a6f98c452c066f72b1aef68aa27144540da5b945d914f01db7ec0fd5deb0cffdc850789911b2993dfefade61b7f919ffff3270
SSDEEP

3072:ITLN8uBJdQI4V+g+BFr5M6y6BW9VKMlh78raMiHQ9dmzF:dTcW/lJnw9oz

Score

N/A

Malware Config

Signatures

Files

705b6c8abe8da17374dfa919dcedbdba85d8f54614133c78324d1bf5df59aafc
.exe windows x86

5f2dcff519870f28cee3a719095a3289

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

odbcbcp

bcp_done
bcp_writefmtA
bcp_initW

cfgmgr32

CM_Add_Range
CM_Register_Device_Interface_ExA
CM_Get_Version
CM_Merge_Range_List
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_List_SizeA
CMP_WaitNoPendingInstallEvents
CM_Next_Range
CM_Delete_DevNode_Key_Ex
CM_Open_Class_KeyW
CM_Query_Arbitrator_Free_Data_Ex
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeA
CM_Get_Depth
CM_Get_Device_Interface_List_Size_ExW
CM_Add_IDW
CM_Run_Detection_Ex
CM_Uninstall_DevNode
CM_First_Range
CM_Get_DevNode_Registry_PropertyW
CM_Query_Arbitrator_Free_Size_Ex
CM_Open_DevNode_Key_Ex
CM_Get_Resource_Conflict_DetailsW
CM_Unregister_Device_InterfaceA

iasrad

?initialize@VSAFilter@@QAEJXZ
?radiusToIAS@VSAFilter@@QBEJPAUIAttributesRaw@@@Z
DllGetClassObject
DllUnregisterServer
DllRegisterServer
DllCanUnloadNow

wldap32

ldap_free_controls
ldap_parse_extended_resultW
ldap_modrdn_sA
ber_next_element
ldap_get_valuesW
ber_first_element
ldap_add_sA
ber_bvecfree
ldap_parse_result
ldap_control_free
LdapGetLastError
ldap_delete_extW
ldap_next_reference
ldap_parse_sort_controlW
ldap_count_values_len
ldap_controls_freeW
ldap_simple_bind_s
ldap_bind_s
ldap_add_ext_sA
ldap_unbind
LdapMapErrorToWin32
ldap_close_extended_op
ldap_search_ext
ldap_set_dbg_flags
ldap_set_optionW
ldap_get_values_lenW
ldap_compare
ber_scanf
ldap_modrdn_s
ldap_modify_ext_s
ldap_err2stringW
ldap_check_filterW
ldap_first_attributeW
ldap_extended_operation
ldap_get_dn
ldap_sslinit
ldap_compareW
ldap_value_free
ldap_add_extW
ldap_msgfree
ldap_modify_s
ldap_set_optionA
ldap_simple_bind
ldap_startup
ldap_parse_referenceW
ldap_ufn2dnA
LdapUTF8ToUnicode
ldap_searchA
cldap_openW
ldap_compare_ext_sA
ldap_compare_sA
ber_printf

wsock32

GetAcceptExSockaddrs
gethostbyaddr
WSAUnhookBlockingHook
closesocket
WSASetBlockingHook
__WSAFDIsSet
getservbyname
WSAAsyncGetProtoByNumber
send
sendto
getsockname
GetServiceW
WSAIsBlocking
GetAddressByNameA
WSAAsyncGetHostByAddr
WSACleanup
GetTypeByNameW
WSApSetPostRoutine
listen
GetNameByTypeW
shutdown
GetNameByTypeA
WSAAsyncGetServByPort
EnumProtocolsW
GetAddressByNameW
connect
gethostname
getsockopt
WSAAsyncGetHostByName
bind
TransmitFile
htonl
SetServiceA
WSAAsyncGetServByName
gethostbyname
ioctlsocket
accept
s_perror
NPLoadNameSpaces
getservbyport
setsockopt
WSAStartup
EnumProtocolsA
recv
inet_addr
socket
MigrateWinsockConfiguration
inet_ntoa
getpeername
SetServiceW
WSACancelBlockingCall
GetTypeByNameA
WSASetLastError
WSARecvEx
WSACancelAsyncRequest

kbdur

KbdLayerDescriptor

kernel32

ReadFile
VirtualFree
GetVersion
GetConsoleTitleA
GetFileAttributesA
CopyFileA
GetConsoleWindow
GetSystemTime
GetConsoleTitleW
GetCommandLineW
CreateFileA
lstrlenA
lstrcmpA
WriteFile
GetFileAttributesW
GetStartupInfoW
GetCommandLineA
lstrlenW
GetCompressedFileSizeW
GetLocalTime
CloseHandle
VirtualAlloc
GetCompressedFileSizeA
lstrcmpW

iassvcs

IASReportEvent
DllUnregisterServer
IASRegisterComponent
IASAdler32
IASSetMaxThreadIdle
IASSetMaxNumberOfThreads
DllRegisterServer

iepeers

DllUnregisterServer
DllRegisterServer
DllGetClassObject
DllEnumClassObjects
DllCanUnloadNow

dxtmsft

DllGetClassObject
DllEnumClassObjects
DllRegisterServer
DllCanUnloadNow
DllUnregisterServer

msisip

MsiSIPIsMyTypeOfFile
MsiSIPVerifyIndirectData
MsiSIPRemoveSignedDataMsg
DllRegisterServer
MsiSIPPutSignedDataMsg
MsiSIPGetSignedDataMsg
MsiSIPCreateIndirectData
DllUnregisterServer

netapi32

NetpwNameValidate
RxNetAccessGetUserPerms

resutils

ResUtilIsResourceClassEqual
ResUtilFindSzProperty
ResUtilFindDwordProperty
ResUtilGetMultiSzProperty
ResUtilGetResourceDependentIPAddressProps
ClusWorkerCreate
ClusWorkerCheckTerminate
ClusWorkerStart
ResUtilSetPrivatePropertyList
ResUtilAddUnknownProperties
ResUtilGetBinaryValue
ResUtilIsPathValid
ResUtilFindDependentDiskResourceDriveLetter
ResUtilGetResourceNameDependency
ResUtilGetSzValue
ResUtilFreeEnvironment
ResUtilSetUnknownProperties
ResUtilStartResourceService
ResUtilResourceTypesEqual
ResUtilSetPropertyTable
ResUtilGetEnvironmentWithNetName
ResUtilVerifyPrivatePropertyList
ResUtilResourcesEqual
ResUtilExpandEnvironmentStrings
ResUtilGetDwordProperty
ResUtilGetProperties
ResUtilPropertyListFromParameterBlock
ResUtilGetPrivateProperties
ResUtilGetResourceDependencyByName
ResUtilGetBinaryProperty
ResUtilSetBinaryValue
ResUtilEnumPrivateProperties
ResUtilGetAllProperties
ResUtilGetProperty
ResUtilVerifyResourceService
ResUtilGetResourceDependency
ResUtilGetPropertySize
ResUtilSetSzValue
ResUtilGetDwordValue
ResUtilFindMultiSzProperty
ResUtilDupParameterBlock
ResUtilSetResourceServiceStartParameters
ResUtilFindExpandSzProperty
ResUtilEnumResources
ResUtilFindBinaryProperty
ResUtilDupString
ResUtilSetPropertyParameterBlock
ResUtilGetResourceDependencyByClass

clusapi

ClusterRegEnumKey
GetClusterNetworkId
FailClusterResource
ClusterGroupControl
ClusterResourceTypeEnum
ClusterEnum
CreateClusterResourceType
ClusterNodeCloseEnum
SetClusterResourceName
ClusterGroupCloseEnum
RemoveClusterResourceNode
ClusterRegSetValue
ClusterResourceTypeCloseEnum
ClusterNodeControl
OpenCluster
GetClusterInformation
DeleteClusterResourceType
CanResourceBeDependent
GetClusterNetworkState
AddClusterResourceDependency
CreateClusterGroup
CreateClusterNotifyPort
SetClusterNetworkName
ClusterNodeEnum
ClusterRegDeleteValue
ClusterRegOpenKey
RemoveClusterResourceDependency
OnlineClusterGroup
OpenClusterNetInterface
SetClusterGroupNodeList
ClusterRegCreateKey
CloseClusterNode
RestoreClusterDatabase
GetClusterNetInterface
GetClusterQuorumResource
GetClusterResourceNetworkName
GetClusterResourceKey
ClusterNetInterfaceControl
CloseClusterNetwork
ClusterRegQueryValue
ClusterGroupOpenEnum
GetClusterNotify

msorcl32

SQLProcedures
SQLColumns
SQLNumParams
SQLExecute
SQLError
SQLStatistics
SQLGetStmtOption
SQLSetPos
SQLSetCursorName
SQLAllocConnect
LoadByOrdinal
DllUnregisterServer
SQLFreeConnect
SQLGetInfo
SQLDisconnect
SQLDescribeCol
SQLFreeEnv
SQLNativeSql
SQLTransact
SQLBrowseConnect
SQLSetStmtOption
SQLTables
SQLGetConnectOption
SQLExtendedFetch
SQLSetConnectOption
SQLExecDirect
DllMain
SQLRowCount
SQLAllocStmt
SQLAllocEnv
SQLDriverConnect
SQLNumResultCols
DllRegisterServer
SQLPutData
SQLBindCol
SQLPrimaryKeys
ConfigDSN
SQLFetch
SQLBindParameter
SQLCancel
SQLGetCursorName
SQLGetTypeInfo
SQLFreeStmt
SQLSetScrollOptions
SQLGetData
SQLConnect
SQLParamData
SQLProcedureColumns

dskquoui

DllCanUnloadNow
DllGetClassObject

wshext

IsFileSupportedName
CreateIndirectData
PutSignedDataMsg
DllUnregisterServer
RemoveSignedDataMsg
VerifyIndirectData
DllGetClassObject
DllRegisterServer
GetSignedDataMsg
DllCanUnloadNow

msi

MsiGetProductInfoExA
MsiDatabaseImportA
MsiSetInstallLevel
MsiDatabaseExportA
MsiProvideComponentA
MsiGetFeatureUsageW
MsiSummaryInfoSetPropertyW
MsiRecordDataSize
MsiSourceListAddSourceExA
MsiMessageBoxW
MsiUseFeatureA
MsiUseFeatureW
MsiQueryFeatureStateA
MsiGetTargetPathA
MsiSourceListClearAllExW
MsiSourceListSetInfoA
MsiSourceListClearAllA
MsiApplyMultiplePatchesW
MsiDecomposeDescriptorW
MsiGetUserInfoA
MsiGetLastErrorRecord
DllGetVersion
MsiEnumPatchesExA
MsiEvaluateConditionW
MsiRecordGetFieldCount
MsiSourceListAddSourceExW
MsiSummaryInfoPersist
MsiRecordIsNull
MsiSummaryInfoSetPropertyA
MsiDatabaseGenerateTransformA
MsiSetTargetPathW
MsiLoadStringA
MsiQueryFeatureStateFromDescriptorA
MsiSetExternalUIA
MsiRecordReadStream
MsiOpenDatabaseW
MsiNotifySidChangeA
MsiVerifyPackageW
MsiOpenProductA
MsiRecordSetStreamW
MsiEnumComponentsW
MsiProvideComponentW
DllRegisterServer

dsauth

DhcpDsAddServer
StoreDeleteObject
DhcpDsGetRoot
DhcpDsValidateService
DhcpAddServerDS
DhcpEnumServersDS
StoreSetSearchOneLevel
DhcpDsInitDS

msvcrt

__crtLCMapStringA
__p__amblksiz
_vsnwprintf
_mbspbrk
?before@type_info@@QBEHABV1@@Z
free
modf
_execv
_fmode
_c_exit
_dup2
??1bad_typeid@@UAE@XZ
_wfindnexti64
_spawnlpe
clock
wctomb
acos
isspace
_wfreopen
_wstrtime
_mbsdup
_Gettnames
_getcwd
_adj_fptan
fprintf
_flushall
_stat64
atoi
_wspawnvp
fgetwc
__setlc_active
iswalpha
_lseek
_wtmpnam
_mbsicmp
malloc
_cwait
__argc

iasnap

DllRegisterServer
DllUnregisterServer
DllGetClassObject
DllCanUnloadNow

Sections

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f2dcff519870f28cee3a719095a3289

Headers

File Characteristics

Imports

odbcbcp

cfgmgr32

iasrad

wldap32

wsock32

kbdur

kernel32

iassvcs

iepeers

dxtmsft

msisip

netapi32

resutils

clusapi

msorcl32

dskquoui

wshext

msi

dsauth

msvcrt

iasnap

Sections

.reloc Size: 5KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 872B

.data Size: 16KB - Virtual size: 15KB

.rdata Size: 80KB - Virtual size: 80KB

.text Size: 13KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 872B

.data
Size: 16KB - Virtual size: 15KB

.rdata
Size: 80KB - Virtual size: 80KB

.text
Size: 13KB - Virtual size: 12KB