80ccc1edaba1fe9097d8459973b115bd9c28eda36f636761f59aa42aa6868c3e

Sharing

Copy URL Twitter E-mail

General

Target

80ccc1edaba1fe9097d8459973b115bd9c28eda36f636761f59aa42aa6868c3e
Size

826KB
MD5

530e4903ab5c930f66bf97fb7e5eda76
SHA1

46beb4745ad1f2fb66c616f4f2937c0cd0036c31
SHA256

80ccc1edaba1fe9097d8459973b115bd9c28eda36f636761f59aa42aa6868c3e
SHA512

b22ef3b14b56e9d4b37b96fc8bd89b4a0941875e07c072317ba8d215697d92b6940b802f124f455843dad8ce3918b1424640d6e4a8cef5e917fa5186244e6169
SSDEEP

24576:3h2yjqQrou4Y5DfVHtFLfJnqD5hsh38U:345Mou4uVHttRnqNK9

Score

N/A

Malware Config

Signatures

Files

80ccc1edaba1fe9097d8459973b115bd9c28eda36f636761f59aa42aa6868c3e
.exe windows x86

f3bba1a77ba72d2ba1b6ea657aa2c91b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??0exception@@QAE@XZ
__getmainargs
_spawnlpe
fwrite
fputws
_i64tow
_mbsncpy
_XcptFilter
_memicmp
_mbsnbcpy
__set_app_type
_except_handler2
exit
_fstati64
_execv
_osplatform
wcscmp
_execl
_ultoa
_cwait
iswalnum
_fpclass
__lc_collate_cp
__p__commode
iswlower
_wtoi64
strrchr
_fsopen
_chgsign

catsrv

OpenComponentLibraryTS
?CancelWriteICR@@YGJPAPAUIComponentRecords@@@Z
CreateComponentLibraryTS
DllGetClassObject
?SaveWriteICR@@YGJPAPAUIComponentRecords@@@Z
DllUnregisterServer

kernel32

CallNamedPipeW
GetLocaleInfoW
GetModuleHandleW
CreateFileMappingA
IsBadStringPtrW
SetupComm
SetTimerQueueTimer
GetTapePosition
GetConsoleHardwareState
QueryDosDeviceA
WaitForMultipleObjects
RegisterWaitForSingleObjectEx
GetLogicalDrives
GetModuleHandleExA
SetThreadExecutionState
DebugSetProcessKillOnExit
GlobalMemoryStatus
GetNumberOfConsoleFonts
DnsHostnameToComputerNameA
GetCurrentThread
DeleteTimerQueueTimer
LoadLibraryW
LocalHandle
WideCharToMultiByte
GetTapeParameters
GetUserDefaultLangID
QueryPerformanceCounter
HeapCompact
Process32NextW
GetTempPathA
DeleteTimerQueue

mtxclu

MtxCluGetDTCVirtualServerNameW
Startup
MtxCluGetComputerNameW
MtxCluIsSameClusterW
MtxCluIsClusterPresent
MtxCluIsClusterPresentExW
MtxCluTakeOfflineDTCW
MtxCluGetSecurityRegValue
MtxCluBringOnlineDTCW
MtxCluSetSecurityRegValue
MtxCluIsSameNodeW
MtxCluGetDTCStatusW
MtxCluIsNetworkNameInLocalClusterW

advapi32

RegQueryValueA
QueryServiceLockStatusA
UnregisterIdleTask
GetOverlappedAccessResults
LsaCreateSecret
ConvertStringSDToSDRootDomainA
InitiateSystemShutdownA
SetNamedSecurityInfoExA
CryptEnumProvidersA
GetTraceEnableLevel
IsTokenUntrusted
EnumServicesStatusExW
LsaCreateTrustedDomainEx
AddAccessAllowedAce
LsaQueryInfoTrustedDomain
SystemFunction020
I_ScSetServiceBitsW
LookupPrivilegeNameA
ElfReadEventLogA
ConvertToAutoInheritPrivateObjectSecurity
CredpConvertTargetInfo
PrivilegedServiceAuditAlarmW
AllocateLocallyUniqueId
ConvertSidToStringSidW
RegDeleteKeyA

shell32

SHGetMalloc

odbc32

SQLAllocHandleStd
SQLTablesA
SQLProceduresW
SQLConnectW
SQLGetDiagRecW
OpenODBCPerfData
SQLDriverConnectA
SQLDataSourcesA
SQLColAttributeA
SQLGetTypeInfoW
SQLPrimaryKeys
SQLDriverConnectW
SQLTablePrivileges

winsta

WinStationUnRegisterConsoleNotification
_WinStationNotifyDisconnectPipe
WinStationQueryInformationA
WinStationConnectCallback
_WinStationUpdateUserConfig
WinStationEnumerateLicenses
WinStationNtsdDebug
WinStationGetLanAdapterNameA
WinStationFreeGAPMemory
_WinStationFUSCanRemoteUserDisconnect

netapi32

NetUserModalsGet
I_NetDfsGetVersion
NetReplSetInfo
NetGetAnyDCName
I_BrowserSetNetlogonState
DsAddressToSiteNamesExA
NetUserSetInfo
NetQueryDisplayInformation
NetReplImportDirLock
DsRoleDemoteDc
NetMessageNameGetInfo
NetErrorLogClear
I_NetLogonUasLogon
NetServiceEnum
Netbios
I_BrowserDebugCall

user32

EndDialog
MessageBoxA

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3bba1a77ba72d2ba1b6ea657aa2c91b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

catsrv

kernel32

mtxclu

advapi32

shell32

odbc32

winsta

netapi32

user32

Sections

.text Size: 372KB - Virtual size: 372KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 197KB - Virtual size: 1.6MB

.rsrc Size: 155KB - Virtual size: 155KB

.reloc Size: 1024B - Virtual size: 804B

.text
Size: 372KB - Virtual size: 372KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 197KB - Virtual size: 1.6MB

.rsrc
Size: 155KB - Virtual size: 155KB

.reloc
Size: 1024B - Virtual size: 804B