3cf0b361a36cd324bc87bdaa687bd2d7084b1fa069ac519f006f61a8f201751b

Sharing

Copy URL Twitter E-mail

General

Target

3cf0b361a36cd324bc87bdaa687bd2d7084b1fa069ac519f006f61a8f201751b
Size

322KB
MD5

00352b50f2628c0030b858733237cfb0
SHA1

75e5ed83f5b6ee741b3edd7eceae59fe9a53d3b0
SHA256

3cf0b361a36cd324bc87bdaa687bd2d7084b1fa069ac519f006f61a8f201751b
SHA512

0e261ecb760ec9ccac48bc69b1412a88581508350ce02e0611e4fab8b2a481ba5d3f5e5d62ad51222d5820f70d5e007e25d28e044ff9c7be28bfa0a8813ba788
SSDEEP

6144:47fT5RBr2DXSGujFTNIJWH/t5/yPdGsHS9zLxm1g/42:q75RBrEXVuj+q15acsytLxk

Score

N/A

Malware Config

Signatures

Files

3cf0b361a36cd324bc87bdaa687bd2d7084b1fa069ac519f006f61a8f201751b
.exe windows x86

e03c711f60d08729d3c6620b73c2255a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ntdll

RtlValidSecurityDescriptor
RtlPushFrame
NtSecureConnectPort
RtlDecompressBuffer
RtlAddAccessDeniedObjectAce
DbgUiGetThreadDebugObject
NtCreateJobObject
ZwQueryMutant
ZwNotifyChangeMultipleKeys
ZwMapUserPhysicalPages
RtlRaiseException
iscntrl
NtLockRegistryKey
NtWaitHighEventPair
ZwGetDevicePowerState
RtlSetSecurityObjectEx
LdrUnloadDll
RtlAreAnyAccessesGranted
NtQuerySymbolicLinkObject
ZwWaitForSingleObject

kernel32

GetNumberOfConsoleMouseButtons
GetFileType
GetFirmwareEnvironmentVariableA
EnumerateLocalComputerNamesW
AddLocalAlternateComputerNameA
GetCurrentProcessId
BaseUpdateAppcompatCache
GetConsoleAliasExesLengthW
GetStringTypeExW
OpenSemaphoreW
GetEnvironmentStringsA
WriteProfileSectionW
GetProcessTimes
CreateSocketHandle
IsDebuggerPresent
GetCommandLineW
VirtualAlloc
QueryPerformanceCounter
ConvertDefaultLocale
_lwrite
InterlockedPushEntrySList
LoadLibraryA
VirtualAllocEx
CreateJobObjectW
HeapQueryInformation
RemoveDirectoryA
SetMessageWaitingIndicator
CloseHandle
GetConsoleAliasExesA
GetConsoleTitleW
GetVolumeInformationA
DeleteFileA

odbcconf

SetActionEnum
UnregisterApplication
RegisterApplication
CloseAppRegEnum
SetSilent
QueryApplication
RefreshAppRegEnum
OpenAppRegEnum
SetActionLogMode
ExecuteAction
AppRegEnum
RunDLL32_UnregisterApplication
SetActionLogModeSz
RunDLL32_RegisterApplication
SetActionName
SetActionLogFile

opengl32

glTexCoord4dv
glMultMatrixf
glClearColor
glRasterPos4dv
glIndexf
glLoadIdentity
glTexCoord1d
GlmfEndGlsBlock
glPixelTransferf
glAccum
wglSwapMultipleBuffers
glRasterPos4fv
glIndexubv
glFrustum
glIndexsv
glMap2f
glEvalCoord2fv
glEnd

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e03c711f60d08729d3c6620b73c2255a

Headers

File Characteristics

Imports

ntdll

kernel32

odbcconf

opengl32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 209KB - Virtual size: 208KB

.data Size: 1024B - Virtual size: 363KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 209KB - Virtual size: 208KB

.data
Size: 1024B - Virtual size: 363KB

.rsrc
Size: 11KB - Virtual size: 10KB