8079967d301ad53a4f20201d1c093864986634c812c1a7fe33626fe0f1a7abd4

Sharing

Copy URL

Twitter E-mail

General

Target

8079967d301ad53a4f20201d1c093864986634c812c1a7fe33626fe0f1a7abd4
Size

46KB
MD5

a4df29fc08d556df8990436ff548d700
SHA1

4fbcdc850aff77faf8fecf63e243b0d10b7dabc6
SHA256

8079967d301ad53a4f20201d1c093864986634c812c1a7fe33626fe0f1a7abd4
SHA512

2bf61a26ba06e7ca70e80923c4904afb7a7434d72db746cd5d0b8ffe70229b85e3f4b9d79665e72fb99d4375f31fcc78f3a9b829f9cecbba887928683aa526c6
SSDEEP

768:KcgB6y+6HidUoGy9ec5IaXsDLvHE7VZlDy+fb8FfVgapp4fRafSQA7/4ZVFZ38ZR:H2L+AiaoLqaXs3oOJFfV0EW/4ZVOC9wt

Score

N/A

Malware Config

Signatures

Files

8079967d301ad53a4f20201d1c093864986634c812c1a7fe33626fe0f1a7abd4
.exe windows x86

bf4672cc0d0656da4a5149843f6118ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptSIPAddProvider
CertRemoveEnhancedKeyUsageIdentifier
CertDeleteCertificateFromStore
CryptHashToBeSigned
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CertSetCRLContextProperty
CertGetCTLContextProperty
I_CryptEnableLruOfEntries
CertEnumCertificatesInStore
CryptHashMessage
CryptVerifyCertificateSignature
CryptVerifyMessageSignature
CertGetPublicKeyLength
RegQueryValueExU
CryptBinaryToStringW
I_CryptGetDefaultCryptProv
CryptVerifyCertificateSignatureEx
CertGetCertificateChain
CryptMsgGetParam
CertGetNameStringW
RegCreateHKCUKeyExU

kernel32

GetTempPathA
SetConsolePalette
SizeofResource
SetProcessAffinityMask
GetPriorityClass
SetProcessShutdownParameters
GetEnvironmentStringsW
SetConsoleMode
GetFileType
TzSpecificLocalTimeToSystemTime
InitializeCriticalSectionAndSpinCount
FindFirstFileExA
IsDebuggerPresent
Heap32Next
GetProfileSectionA
VerifyConsoleIoHandle
SetLastError
CallNamedPipeA
GlobalDeleteAtom
CreateMutexW
LCMapStringW
VirtualAlloc
IsValidLocale
GetConsoleAliasW
UnlockFile
LoadLibraryA
InitializeCriticalSection
OutputDebugStringA
ExitProcess

sqlwoa

_SendMessage@16
_TranslateAccelerator@12
_MAKEINTRESOURCE@4
newMultiByteFromWideChar
_GetWindowTextLength@4
_GetDlgItemText@16
_GetComputerName@8
_CreateFontIndirect@4
_LoadLibrary@4
_CharLower@4
_CommDlg_OpenSave_GetSpec@12
_PostMessage@16
_trename
_FormatMessage@28
_RemoveProp@8
_LoadIcon@8
_TextOut@20
AllocConvertMultiSZNameToA
newMultiByteFromWideCharSize
_LoadBitmap@8
_SetProp@12
_IsDialogMessage@8
_CallWindowProc@20
_LoadCursor@8
_CreateFont@56

user32

RegisterClassA
DefWindowProcA
PostQuitMessage

d3d8thk

OsThunkDdCreateSurface
OsThunkDdGetFlipStatus
OsThunkDdGetMoCompBuffInfo
OsThunkDdColorControl
OsThunkDdWaitForVerticalBlank
OsThunkDdGetDriverState
OsThunkDdEndMoCompFrame
OsThunkDdCanCreateD3DBuffer
OsThunkDdGetAvailDriverMemory
OsThunkDdResetVisrgn
OsThunkD3dContextDestroy
OsThunkDdQueryDirectDrawObject
OsThunkD3dDrawPrimitives2
OsThunkDdAlphaBlt
OsThunkDdDestroyD3DBuffer
OsThunkDdCreateD3DBuffer
OsThunkDdCreateDirectDrawObject
OsThunkDdGetScanLine
OsThunkDdGetBltStatus

mscat32

CryptCATAdminAcquireContext
MsCatConstructHashTag
CryptCATEnumerateAttr
CryptCATEnumerateMember
CryptCATCDFEnumAttributesWithCDFTag
CryptCATVerifyMember
CryptCATAdminReleaseCatalogContext
CryptCATClose
CryptCATAdminAddCatalog
CryptCATStoreFromHandle
CryptCATCDFEnumMembers
IsCatalogFile
CryptCATPutCatAttrInfo
CryptCATEnumerateCatAttr
CryptCATCDFEnumMembersByCDFTag
CryptCATCDFOpen
CryptCATGetMemberInfo
CryptCATHandleFromStore
CryptCATGetCatAttrInfo
CryptCATPersistStore
CryptCATGetAttrInfo
CryptCATCDFClose
CryptCATAdminEnumCatalogFromHash

msvcrt

strpbrk
_wcsnicmp
_mbscat
_execlp
_vscprintf
_Getdays
__toascii
_mbsspn
_CIcosh
___mb_cur_max_func
fwscanf
vprintf
_vscwprintf
__argv
_lsearch
_wsplitpath
system
_setsystime
_wfindfirsti64
__lc_codepage
_mbsdup
_execlpe
_ismbbprint
__p__osver

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

enxwfzx
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf4672cc0d0656da4a5149843f6118ca

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

sqlwoa

user32

d3d8thk

mscat32

msvcrt

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 1024B - Virtual size: 890B

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 30KB

enxwfzx Size: - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 1024B - Virtual size: 890B

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 30KB

enxwfzx
Size: - Virtual size: 4KB