72efecfaec969ea17de30d7e405ee41e745326baa40c03e0d4c1b6e542420fba

Sharing

Copy URL Twitter E-mail

General

Target

72efecfaec969ea17de30d7e405ee41e745326baa40c03e0d4c1b6e542420fba
Size

872KB
MD5

0412b7b7593d272e37fe882d0dcc8414
SHA1

c977bd545bc8ae2ccb6073897c4202e25fd67db3
SHA256

72efecfaec969ea17de30d7e405ee41e745326baa40c03e0d4c1b6e542420fba
SHA512

4f97f9190b59e1dfc964bbe7ca5ded787bc77e1ded84dc32eb8239b93c911a2d865a6a5f302fba957b5bdd8351fca7872dbbc9f45b4c4621ceb22e469c589b9c
SSDEEP

12288:87WmQnQ/bKSf6CEzjksfmq1jMaV8ySjKqiZzseT+koSXxGXSleAyYnh+nJ7O:vn2KzjksfmDaVrQvCYeq2GXSleR

Score

N/A

Malware Config

Signatures

Files

72efecfaec969ea17de30d7e405ee41e745326baa40c03e0d4c1b6e542420fba
.exe windows x86

c945518683e83b63f001056ec4ea41f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

untfs

??1NTFS_CLUSTER_RUN@@UAE@XZ
?QueryLcnFromVcn@NTFS_EXTENT_LIST@@QBEEVBIG_INT@@PAV2@1@Z
Format
?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_UPCASE_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
?Read@NTFS_MFT_FILE@@UAEEXZ
?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
?GetNext@NTFS_INDEX_TREE@@QAEPBU_INDEX_ENTRY@@PAKPAEE@Z
?IsAttributePresent@NTFS_FILE_RECORD_SEGMENT@@QAEEKPBVWSTRING@@E@Z
??0NTFS_INDEX_TREE@@QAE@XZ
?QueryName@NTFS_ATTRIBUTE_RECORD@@QBEEPAVWSTRING@@@Z
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
?QueryVolumeFlagsAndLabel@NTFS_SA@@QAEGPAE00PAVWSTRING@@@Z
?QueryNumberOfExtents@NTFS_EXTENT_LIST@@QBEKXZ
?Flush@NTFS_MFT_FILE@@QAEEXZ
??0NTFS_ATTRIBUTE_LIST@@QAE@XZ
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
?Initialize@NTFS_BITMAP_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?IsAllocated@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
??1NTFS_BAD_CLUSTER_FILE@@UAE@XZ
?Write@NTFS_BITMAP@@QAEEPAVNTFS_ATTRIBUTE@@PAV1@@Z
??0NTFS_BITMAP@@QAE@XZ
?Read@NTFS_SA@@UAEEXZ
??1NTFS_MFT_INFO@@UAE@XZ
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z

ntdll

RtlUpcaseUnicodeToCustomCPN
iswxdigit
NtAlertThread
RtlLargeIntegerShiftRight
RtlConsoleMultiByteToUnicodeN
DbgPrintReturnControlC
RtlZombifyActivationContext
RtlInitializeBitMap
KiUserExceptionDispatcher
RtlGetFullPathName_U
ZwSetVolumeInformationFile
RtlDoesFileExists_U
RtlImageRvaToSection
ZwSetTimerResolution
RtlImageRvaToVa
RtlEqualUnicodeString
NtQuerySecurityObject
NtLockRegistryKey
ZwYieldExecution
_ui64tow
RtlGetLengthWithoutTrailingPathSeperators
RtlGetSaclSecurityDescriptor
NtOpenThreadTokenEx
sprintf
RtlComputeCrc32
NtAssignProcessToJobObject
RtlCreateTagHeap
ZwQuerySymbolicLinkObject
ZwAssignProcessToJobObject
NtQueryIoCompletion
RtlActivateActivationContextEx
NtCancelIoFile
RtlAppendStringToString
RtlTimeToSecondsSince1980
NtOpenSymbolicLinkObject
RtlInterlockedPushEntrySList
_allshl
ZwPowerInformation

sqlsrv32

BCP_getcolfmt
SQLBindParameter
SQLColumnPrivilegesW
SQLDisconnect
SQLDebug
SQLBindCol
SQLSetDescFieldW
SQLGetTypeInfoW
SQLGetStmtAttrW
ConfigDriverW
SQLGetConnectOptionW
SQLExecute
ConfigDSNW
SQLProcedureColumnsW
SQLGetDescFieldW
BCP_done
SQLPrepareW
SQLSetPos
SQLPrimaryKeysW
SQLSetConnectAttrW
SQLGetDiagRecW
SQLGetConnectAttrW
SQLSetEnvAttr
WizLanguageDlgProc
BCP_colfmt
BCP_batch
BCP_bind
SQLColAttributeW
SQLGetInfoW
SQLForeignKeysW
SQLStatisticsW
SQLGetEnvAttr
SQLExecDirectW
SQLBulkOperations
BCP_writefmt
SQLTablesW
BCP_collen

query

?MinPageInUse@CBufferCache@@QAEHAAK@Z
??1CFwAsyncWorkItem@@UAE@XZ
?LookupSDID@CSdidLookupTable@@QAEKPAXK@Z
??1CNodeRestriction@@QAE@XZ
?FPSToPROPID@CPidConverter@@UAEJABVCFullPropSpec@@AAK@Z
?EnumerateFilesInDir@CiStorage@@SGXPBGAAVCEnumString@@@Z
?Clone@CRestriction@@QBEPAV1@XZ
??0CAllocStorageVariant@@QAE@PBU_GUID@@AAVPMemoryAllocator@@@Z
?PutMaxValue@CValueNormalizer@@QAEXKAAKW4VARENUM@@@Z
?Marshall@CDbPropSet@@QBEXAAVPSerStream@@@Z
?QueryCatalogAdmin@CCatalogEnum@@QAEPAVCCatalogAdmin@@XZ
?BuildRegistryPropertiesKey@@YGXAAV?$XArray@G@@PBG@Z
??1CFilterDaemon@@QAE@XZ
?AddRef@CEmptyPropertyList@@UAGKXZ
?StartCI@CMachineAdmin@@QAEHXZ
??1CDbQueryResults@@QAE@XZ
?UnMarshall@CDbByGuid@@QAEHAAVPDeSerStream@@@Z
??1CPropertyRestriction@@QAE@XZ
?SetUI2@CStorageVariant@@QAEXGI@Z
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
?ChangeCurrentMachine@CCatState@@QAEXPBG@Z
??0CImpersonationTokenCache@@QAE@PBG@Z
?Add@CDbSortSet@@QAEHABVCDbSortKey@@I@Z
?ClearList@CPropertyList@@QAEXXZ
?LokUpdate@CCatStateInfo@@QAEHXZ
?MakeBackupCopy@CPhysStorage@@QAEXAAV1@AAVPSaveProgressTracker@@@Z
??1CDbProp@@QAE@XZ
?NotifyWriteRead@CRequestClient@@QAEHPAX0K0KAAK@Z
?DumpWorkId@@YGJPBGKPAEAAK00K@Z
?ChangeCurrentScope@CCatState@@QAEXPBG@Z
?Add@CDbSortSet@@QAEHABVCDbColId@@KI@Z
?IsStarted@CCatalogAdmin@@QAEHXZ
CIGetGlobalPropertyList
??1CPropertyList@@UAE@XZ

msvcirt

?attach@fstream@@QAEXH@Z
??0strstreambuf@@QAE@ABV0@@Z
??0strstreambuf@@QAE@H@Z
??0filebuf@@QAE@H@Z
??1iostream@@UAE@XZ
??_Gistrstream@@UAEPAXI@Z
??1istrstream@@UAE@XZ
?setlock@streambuf@@QAEXXZ
?getline@istream@@QAEAAV1@PADHD@Z
??6ostream@@QAEAAV0@PBX@Z
??5istream@@QAEAAV0@AAN@Z
?openprot@filebuf@@2HB
?sh_read@filebuf@@2HB
??0istream_withassign@@QAE@PAVstreambuf@@@Z
?is_open@ifstream@@QBEHXZ
??0istream@@IAE@ABV0@@Z
?close@fstream@@QAEXXZ
??_Eistream_withassign@@UAEPAXI@Z
??_Gofstream@@UAEPAXI@Z
??6ostream@@QAEAAV0@D@Z
??6ostream@@QAEAAV0@F@Z
??_Distream_withassign@@QAEXXZ
??0stdiobuf@@QAE@ABV0@@Z
?pcount@ostrstream@@QBEHXZ
?pbase@streambuf@@IBEPADXZ
?sync@streambuf@@UAEHXZ
??_Estrstream@@UAEPAXI@Z
?sputn@streambuf@@QAEHPBDH@Z
??_8fstream@@7Bistream@@@
??0ofstream@@QAE@HPADH@Z
??0ifstream@@QAE@HPADH@Z
?tellp@ostream@@QAEJXZ
?clrlock@ios@@QAAXXZ
??_7ostream@@6B@
??_7istream_withassign@@6B@
??1stdiostream@@UAE@XZ
??5istream@@QAEAAV0@PAVstreambuf@@@Z
??4ostream@@IAEAAV0@ABV0@@Z
??4istream_withassign@@QAEAAVistream@@ABV1@@Z

user32

UnlockWindowStation
IsIconic
EnumPropsW
InSendMessage
CreateDialogIndirectParamW
CreateCaret
SetClipboardViewer
LockWindowStation
LoadCursorFromFileA
LoadMenuIndirectA
DefRawInputProc
OemToCharBuffW
CallWindowProcW
ValidateRect
CopyImage
EnumDisplayMonitors
EnableWindow
SystemParametersInfoW
DefDlgProcA
GetWindowPlacement
SendMessageTimeoutA
ImpersonateDdeClientWindow
DdeInitializeA
DdeAccessData
GetClassInfoExA
GetWindowWord
GetAltTabInfoW

url

TelnetProtocolHandlerA
TranslateURLA
FileProtocolHandlerA
MailToProtocolHandlerA
AutodialHookCallback
MIMEAssociationDialogW
FileProtocolHandler
OpenURL
AddMIMEFileTypesPS
URLAssociationDialogW
URLAssociationDialogA
MailToProtocolHandler
InetIsOffline
MIMEAssociationDialogA
TelnetProtocolHandler
OpenURLA
TranslateURLW

shdocvw

AddUrlToFavorites
HlinkFrameNavigate
SHGetIDispatchForFolder
DoPrivacyDlg
ImportPrivacySettings
DllRegisterWindowClasses
URLQualifyW
URLQualifyA
SetQueryNetSessionCount
DoAddToFavDlgW
DoFileDownload
HlinkFindFrame
DoAddToFavDlg
OpenURL
HlinkFrameNavigateNHL
DoOrganizeFavDlg
SoftwareUpdateMessageBox
DllGetClassObject
DllGetVersion
SHAddSubscribeFavorite
DoOrganizeFavDlgW

kernel32

GetFileAttributesW
HeapAlloc
GetExitCodeThread
ConvertThreadToFiber
GetWriteWatch
LeaveCriticalSection
VirtualFreeEx
DeleteCriticalSection
SetNamedPipeHandleState
LoadLibraryA
RequestDeviceWakeup
_lread
GetNamedPipeInfo
BeginUpdateResourceA
GetEnvironmentStringsA
SetEndOfFile
FileTimeToLocalFileTime
GetCommProperties
SetThreadPriorityBoost
OpenMutexA
GetFileType
EnterCriticalSection
GetCurrentThread
OpenSemaphoreA
FileTimeToDosDateTime
OpenMutexW
lstrcmpiA
GetConsoleKeyboardLayoutNameA
FindFirstVolumeMountPointW
SetConsoleCursorInfo
VirtualAlloc
SetConsoleNumberOfCommandsA
LCMapStringA
UnlockFileEx
CopyFileExA
GlobalFree

advapi32

RegSetKeySecurity
WmiSetSingleInstanceA
RegQueryMultipleValuesA
GetOverlappedAccessResults
RegSetValueExA
StartTraceW
SystemFunction029
LsaSetTrustedDomainInfoByName
SaferIdentifyLevel
OpenProcessToken
BuildTrusteeWithNameA
SaferCreateLevel
LockServiceDatabase
DecryptFileA
LookupPrivilegeNameA
RegLoadKeyA
CloseEncryptedFileRaw
RegRestoreKeyW
ObjectOpenAuditAlarmW
RegQueryMultipleValuesW
CreateServiceA
CryptDestroyKey
LookupAccountSidA
CryptEnumProviderTypesW
CreatePrivateObjectSecurityWithMultipleInheritance
LsaAddAccountRights
LsaDelete
RegisterTraceGuidsW
LsaICLookupSids
CredWriteDomainCredentialsA
LsaRemoveAccountRights
RegNotifyChangeKeyValue
BackupEventLogA
BuildTrusteeWithNameW
SystemFunction025
RegOpenKeyW
SystemFunction036
SetNamedSecurityInfoA
CredRenameW
CryptDuplicateHash
ElfReadEventLogW
CreateProcessAsUserW

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 331KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c945518683e83b63f001056ec4ea41f0

Headers

DLL Characteristics

File Characteristics

Imports

untfs

ntdll

sqlsrv32

query

msvcirt

user32

url

shdocvw

kernel32

advapi32

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 372KB - Virtual size: 371KB

.data Size: 331KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 372KB - Virtual size: 371KB

.data
Size: 331KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB