891c5cbfcb233b0f93ad68056c14dbdb01d6a24cafa17a8e8685191f62bb2207

Sharing

Copy URL

Twitter E-mail

General

Target

891c5cbfcb233b0f93ad68056c14dbdb01d6a24cafa17a8e8685191f62bb2207
Size

864KB
MD5

ba3a9bacd62b8f27117afb796dca506f
SHA1

caa7b1589f426f795c74e4c5997ec8336abd5797
SHA256

891c5cbfcb233b0f93ad68056c14dbdb01d6a24cafa17a8e8685191f62bb2207
SHA512

cbcff658a52fc87d7693548a3d2c7b5cd643120ec925a837d4864e07be67225737310fd5e8e5b3d8efc5ae3614582c4df4bb5409ed738ea6982903f51bf4d657
SSDEEP

12288:6sbQJCj9C0htTegoPj1C0BbE6H7cbQbYAGG6CtO7f9vGs8PiZPajHyamrlq:X+CBC0htTLi3ZEk7c7o6Cmf9vAKFCh/

Score

N/A

Malware Config

Signatures

Files

891c5cbfcb233b0f93ad68056c14dbdb01d6a24cafa17a8e8685191f62bb2207
.exe windows x86

e5e646614ceafe0d02533b9488097a5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

traffic

TcSetFlowA
TcAddFlow
TcEnumerateFlows
TcQueryInterface
TcGetFlowNameW
TcModifyFlow
TcEnumerateInterfaces
TcSetFlowW
TcOpenInterfaceA
TcDeleteFlow
TcRegisterClient
TcOpenInterfaceW
TcGetFlowNameA
TcCloseInterface
TcSetInterface
TcAddFilter
TcDeregisterClient
TcQueryFlowA
TcDeleteFilter
TcQueryFlowW

kernel32

RequestWakeupLatency
CreateNamedPipeA
LCMapStringW
GetCommandLineA
HeapSummary
RegisterWowBaseHandlers
GetNumberOfConsoleMouseButtons
EnumCalendarInfoA
ScrollConsoleScreenBufferA
GetProfileIntW
GlobalUnlock
SetConsoleMaximumWindowSize
BeginUpdateResourceW
GetConsoleTitleA
_lwrite
GetPrivateProfileStructW
DebugBreak
EscapeCommFunction
SetupComm
Beep
GetUserDefaultLangID
FatalAppExitW
ScrollConsoleScreenBufferW
SetCurrentDirectoryA
CreateMemoryResourceNotification
LocalFlags
RegisterWowExec
GetStdHandle
GetEnvironmentStringsW
SwitchToThread
UTUnRegister
FindActCtxSectionGuid
CreateHardLinkA
LZCopy
GetConsoleAliasesA
VirtualAllocEx
VDMOperationStarted
MoveFileExA
SetConsoleMenuClose
GetStartupInfoA
WriteConsoleInputVDMW
SetConsoleDisplayMode
GetCommModemStatus
ReleaseMutex
GetCurrentProcess
HeapQueryInformation
Module32FirstW
GetFileSize
SetConsoleCursorMode
GetOEMCP
WriteProfileStringA
LoadLibraryA
GetConsoleFontSize
DisconnectNamedPipe
ReadConsoleInputA
SetLocaleInfoA
ActivateActCtx
RemoveDirectoryA
SetConsolePalette
VirtualFree
MapUserPhysicalPages
InitAtomTable
IsProcessorFeaturePresent
GetSystemDirectoryA
GlobalAddAtomW
SetThreadIdealProcessor
VDMConsoleOperation
GetEnvironmentVariableW
SetConsoleCP
BuildCommDCBAndTimeoutsW
ChangeTimerQueueTimer
SetLocalPrimaryComputerNameA
EnumDateFormatsExA
BeginUpdateResourceA
VirtualAlloc
lstrcpynA
SetTapeParameters
lstrcpynW
InitializeSListHead
PeekConsoleInputA
_hwrite
IsValidCodePage
SetCalendarInfoA
VirtualFreeEx
SetConsoleNumberOfCommandsW
SetThreadExecutionState
SetNamedPipeHandleState
GetNumaHighestNodeNumber
EnumUILanguagesA
GetPrivateProfileSectionA
GetNativeSystemInfo
CreateDirectoryExA
lstrcatA
GetConsoleFontInfo
GetSystemDirectoryW
GetStartupInfoW
EnumCalendarInfoExW
FindNextVolumeMountPointW
CreateEventA
DeleteFiber
FreeConsole
AddConsoleAliasA
SetConsoleScreenBufferSize
Heap32ListFirst
SetMailslotInfo
SystemTimeToFileTime
DosPathToSessionPathW
GetUserGeoID
_lopen

query

??0CPropertyStoreWids@@QAE@AAVCPropStoreManager@@@Z
?Marshall@CPropertyRestriction@@QBEXAAVPSerStream@@@Z
?BorrowBuffer@CPhysStorage@@QAEPAKKHH@Z
??0CAllocStorageVariant@@QAE@AAVPDeSerStream@@AAVPMemoryAllocator@@@Z
CiSvcMain
?ShrinkFromFront@CPhysStorage@@QAEKKK@Z
??1CNatLanguageRestriction@@QAE@XZ
?AddMachine@CCatState@@QAEXAAV?$XPtrST@G@@@Z
?InitializeForRead@CDynStream@@QAEXXZ
?MakePath@CFullPath@@QAEXPBG@Z
?BorrowNewBuffer@CPhysStorage@@QAEPAKK@Z
?ChangeCurrentScope@CCatState@@QAEXPBG@Z
?Add@CDbSortSet@@QAEHABVCDbColId@@KI@Z
?GetOleError@@YGJAAVCException@@@Z
?RemoveCatalog@CMachineAdmin@@QAEXPBGH@Z
?FPSToPROPID@CPidConverter@@UAEJABVCFullPropSpec@@AAK@Z
??0CiStorage@@QAE@PBGAAUICiCAdviseStatus@@KKH@Z
?WritePropertyInNewRecord@CPropStoreManager@@QAEKKABVCStorageVariant@@@Z
?ContainsDrive@CDriveInfo@@SGHPBG@Z
?GetDATE@CAllocStorageVariant@@QBENI@Z
?IsCIDialect@CDbPropertyRestriction@@QAEHXZ
?Clone@CNodeRestriction@@QBEPAV1@XZ
??0CFwAsyncWorkItem@@QAE@AAVCWorkManager@@AAVCWorkQueue@@@Z
?EnumerateValues@CRegAccess@@QAEXPAGAAVCRegCallBack@@@Z
?Marshall@CBaseStorageVariant@@QBEXAAVPSerStream@@@Z
?NewWordBreaker@CCiOle@@SGPAUIWordBreaker@@ABU_GUID@@@Z
?QueryScopeAdmin@CScopeEnum@@QAEPAVCScopeAdmin@@XZ
?SkipByte@CMemDeSerStream@@UAEXXZ
?Marshall@CFullPropSpec@@QBEXAAVPSerStream@@@Z
?Cleanup@CDbProp@@QAEXXZ
?GetVPathAuthorization@CMetaDataMgr@@QAEKPBG@Z
?SetValue@CPropertyRestriction@@QAEXAAUtagBLOB@@@Z
??0CFwEventItem@@QAE@GKGKPAX@Z
??1CImpersonationTokenCache@@QAE@XZ

msvcirt

??_7ios@@6B@
??0ostream_withassign@@QAE@PAVstreambuf@@@Z
??0logic_error@@QAE@ABQBD@Z
?lock@ios@@QAAXXZ
?tie@ios@@QAEPAVostream@@PAV2@@Z
?write@ostream@@QAEAAV1@PBCH@Z
?out_waiting@streambuf@@QBEHXZ
?attach@fstream@@QAEXH@Z
??0istrstream@@QAE@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??6ostream@@QAEAAV0@K@Z
?put@ostream@@QAEAAV1@E@Z
?endl@@YAAAVostream@@AAV1@@Z
?fd@filebuf@@QBEHXZ
??0istrstream@@QAE@PAD@Z
?setmode@ofstream@@QAEHH@Z
?clear@ios@@QAEXH@Z
??_Gistream_withassign@@UAEPAXI@Z
??4istream@@IAEAAV0@ABV0@@Z
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
??4strstreambuf@@QAEAAV0@ABV0@@Z
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
??0fstream@@QAE@ABV0@@Z
??_8ostream@@7B@
??_8stdiostream@@7Bostream@@@
??0ofstream@@QAE@XZ
??_7ifstream@@6B@

imagehlp

ReBaseImage
ImageGetDigestStream
MapFileAndCheckSumW
TouchFileTimes
SymMatchString
UpdateDebugInfoFileEx
SymUnDName64
ImageDirectoryEntryToDataEx
SymGetSymPrev64
ImageLoad
SymGetOptions
SymRegisterFunctionEntryCallback64
SymGetSymNext64
MapDebugInformation
SymSetSearchPath
FindDebugInfoFileEx
SymRegisterCallback
SymGetTypeFromName
SymFunctionTableAccess64
SymGetModuleBase64
SymEnumerateSymbolsW
SymFromAddr
SymCleanup
SymLoadModule
BindImage
UnDecorateSymbolName
SymEnumSymbols
SymGetSymNext
CheckSumMappedFile
ImageEnumerateCertificates
SymUnloadModule
SymSetOptions
EnumerateLoadedModules
FindExecutableImageEx
SymGetLineFromName
RemovePrivateCvSymbolic

sqlunirl

_EnumResourceTypes_@12
_MessageBoxEx_@20
_GetKeyboardLayoutName_@4
_OpenDesktop_@16
_PolyTextOut_@12
_QueryDosDevice_@12
_SystemParametersInfo_@16
_NDdeIsValidShareName_@4
_RegQueryInfoKey_@48
_WritePrivateProfileString_@16
_EnumFontFamilies_@16
_ReplaceText_@4
_LoadMenu@8
_GetProfileString_@20
_GetDiskFreeSpace_@20
_AppendMenu_@16
_GetFileAttributesEx_@12
_tsystem
_BeginUpdateResource_@8
_SendMessageCallback_@24
_GetCompressedFileSize_@8
_GetLocaleInfo_@16
_EnumServicesStatus_@32
_GetDlgItemText@16
_SetComputerName_@4
_GetEnvironmentVariable_@12
_DragQueryFile_@16
_NDdeIsValidAppTopicList_@4
_GetEnhMetaFileDescription_@12
_CreateDirectory_@8
_IsBadStringPtr_@8
_GetWindowsDirectory_@8
_SetICMProfile_@8
_LoadMenuIndirect_@4
_strerror_@4

modemui

InvokeControlPanel
QueryModemForCountrySettings
CountryRunOnce
ModemCplDlgProc
drvGetDefaultCommConfigA
UnimodemGetDefaultCommConfig
drvCommConfigDialogA
UnimodemDevConfigDialog
drvGetDefaultCommConfigW
ModemPropPagesProvider
drvSetDefaultCommConfigW
UnimodemGetExtendedCaps
drvCommConfigDialogW
drvSetDefaultCommConfigA

sqlsrv32

BCP_columns
SQLProceduresW
SQLExtendedFetch
SQLGetStmtAttrW
SQLPrepareW
SQLFreeStmt
SQLBindCol
WizIntSecurityDlgProc
SQLNumResultCols
SQLSetPos
SQLGetConnectAttrW
SQLGetCursorNameW
SQLGetInfoW
SQLGetDiagFieldW
SQLFreeHandle
SQLSetCursorNameW
SQLNativeSqlW
SQLExecDirectW
BCP_exec
SQLCancel
SQLSetScrollOptions
SQLGetTypeInfoW
SQLDisconnect
SQLSetDescRec
SQLConnectW
BCP_colfmt
BCP_colptr
TestDlgProc
SQLDescribeParam
SQLForeignKeysW
SQLColumnsW
SQLBulkOperations
SQLMoreResults
SQLProcedureColumnsW
SQLParamData
SQLTablePrivilegesW
BCP_setcolfmt
BCP_collen
SQLSetEnvAttr
SQLBindParameter

iasrad

?shutdown@VSAFilter@@QAEJXZ
?radiusToIAS@VSAFilter@@QBEJPAUIAttributesRaw@@@Z
?initialize@VSAFilter@@QAEJXZ
DllGetClassObject

ntdsapi

DsFreeDomainControllerInfoW
DsReplicaModifyA
DsReplicaUpdateRefsW
DsListServersForDomainInSiteA
DsReplicaFreeInfo
DsFreeSchemaGuidMapW
DsCrackSpn3W
DsReplicaAddW
DsListRolesW
DsGetSpnA
DsBindWithSpnW
DsClientMakeSpnForTargetServerA
DsRemoveDsServerW
DsListInfoForServerA
DsCrackSpn2W
DsReplicaVerifyObjectsW
DsReplicaGetInfo2W
DsListSitesA
DsListInfoForServerW
DsUnBindA
DsaopBindWithCred
DsQuoteRdnValueW
DsCrackSpnA
DsQuoteRdnValueA
DsListServersInSiteW
DsReplicaSyncAllA

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 288KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5e646614ceafe0d02533b9488097a5a

Headers

DLL Characteristics

File Characteristics

Imports

traffic

kernel32

query

msvcirt

imagehlp

sqlunirl

modemui

sqlsrv32

iasrad

ntdsapi

Sections

.text Size: 371KB - Virtual size: 371KB

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 288KB - Virtual size: 1.7MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 371KB - Virtual size: 371KB

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 288KB - Virtual size: 1.7MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B