5bff81c08d00e1f3c1174f1774b2a4f40ac13fff633ce34bd665b0ce2bf1303d

Sharing

Copy URL Twitter E-mail

General

Target

5bff81c08d00e1f3c1174f1774b2a4f40ac13fff633ce34bd665b0ce2bf1303d
Size

794KB
MD5

1569d29d716cc81349a17f54346fc966
SHA1

4397fa52c6699dd6ece3385056b4e9c516e0cb0c
SHA256

5bff81c08d00e1f3c1174f1774b2a4f40ac13fff633ce34bd665b0ce2bf1303d
SHA512

8b7f1448c2ef7313258c0709d3af6e277ea2341aa7a23bac09afe33f47300c2d816d662ab47944b01d4e49f733cf321f1325d6172b92e2ef1aae45607e827fd7
SSDEEP

12288:7kdkPVrZ72+FMOantJgWKlYhb4K9a/VCISX+Y1+KB4sjVzfgM:7kwVt7NvatCWZhn9VIftO4sjN

Score

N/A

Malware Config

Signatures

Files

5bff81c08d00e1f3c1174f1774b2a4f40ac13fff633ce34bd665b0ce2bf1303d
.exe windows x86

b811d5a9762515da7103ad89dd54f536

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarBstrFromBool
VarUI1FromR8
LHashValOfNameSysA
QueryPathOfRegTypeLib
VarUI1FromI2
VarBoolFromUI1
VarUI4FromUI2
VarUI1FromI4
DispGetIDsOfNames
SafeArrayGetVartype
OleTranslateColor
SafeArrayAccessData
VarDecFromUI1
VarI2FromI8
VarI1FromStr
OACreateTypeLib2
VarI2FromI1
OaBuildVersion
VarBoolFromR4
VarCyFromUI4
CreateTypeLib2
VarDateFromI2
SysReAllocStringLen

advapi32

OpenSCManagerW
GetUserNameA
SaferComputeTokenFromLevel
RegSetValueExW
LsaNtStatusToWinError
CryptGetKeyParam
LsaQuerySecurityObject
EnumDependentServicesA
LsaCreateSecret
LookupAccountSidW
SystemFunction013
LsaClearAuditLog
ElfRegisterEventSourceA
LookupPrivilegeNameA
ObjectPrivilegeAuditAlarmW
CryptHashData
ElfOpenEventLogW
WmiQueryAllDataA
CreateProcessAsUserA
QueryServiceConfigA
CredReadDomainCredentialsA
AdjustTokenGroups
LsaDelete
SystemFunction020
CryptDuplicateHash

untfs

??1NTFS_UPCASE_TABLE@@UAE@XZ
??1NTFS_ATTRIBUTE@@UAE@XZ
??0NTFS_UPCASE_TABLE@@QAE@XZ
ChkdskEx
??1NTFS_CLUSTER_RUN@@UAE@XZ
??0NTFS_CLUSTER_RUN@@QAE@XZ
?CopyIterator@NTFS_INDEX_TREE@@QAEEPAV1@@Z
??0NTFS_MFT_FILE@@QAE@XZ
?QueryNumberOfExtents@NTFS_EXTENT_LIST@@QBEKXZ
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
?ResetIterator@NTFS_INDEX_TREE@@QAEXXZ
?Initialize@NTFS_MFT_INFO@@QAEEVBIG_INT@@PAVNTFS_UPCASE_TABLE@@EE_K@Z
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z
??0NTFS_FRS_STRUCTURE@@QAE@XZ
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
??0NTFS_ATTRIBUTE@@QAE@XZ
?Flush@NTFS_MFT_FILE@@QAEEXZ
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
?Read@NTFS_MFT_FILE@@UAEEXZ
??0NTFS_UPCASE_FILE@@QAE@XZ
?QueryName@NTFS_ATTRIBUTE_RECORD@@QBEEPAVWSTRING@@@Z
??0NTFS_EXTENT_LIST@@QAE@XZ
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z

kernel32

FindResourceA
FlushInstructionCache
GetCurrentThread
OutputDebugStringA
TerminateThread
WaitForMultipleObjectsEx
SetVolumeLabelW
CopyFileExW
GetTimeFormatA
SetUnhandledExceptionFilter
VirtualAlloc
IsValidLocale
FindNextVolumeW
SetFileApisToOEM
GlobalReAlloc
SetDefaultCommConfigA
GetUserDefaultLCID
GetVolumePathNameW
AddAtomA
QueryDepthSList
LoadLibraryA
GlobalUnlock
GlobalLock
SetConsoleLocalEUDC
SetHandleContext
GetStartupInfoA

odbc32

SQLSetStmtAttrA
ODBCQualifyFileDSNW
SQLGetStmtAttr
CursorLibLockDesc
SQLDrivers
SQLGetDiagField
SQLForeignKeysA
SQLSetDescFieldW
ODBCInternalConnectW
SQLDescribeParam
SQLFreeHandle
SQLGetData
SQLGetDescRecW
SQLBindParameter
SQLColAttributeA
SQLForeignKeys
SQLDataSourcesW

lz32

GetExpandedNameA
LZSeek
LZClose
LZOpenFileA
LZStart
LZOpenFileW
LZInit
LZCloseFile
LZDone
LZRead
CopyLZFile

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b811d5a9762515da7103ad89dd54f536

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

advapi32

untfs

kernel32

odbc32

lz32

Sections

.text Size: 371KB - Virtual size: 371KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 188KB - Virtual size: 1.5MB

.rsrc Size: 114KB - Virtual size: 114KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 371KB - Virtual size: 371KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 188KB - Virtual size: 1.5MB

.rsrc
Size: 114KB - Virtual size: 114KB

.reloc
Size: 1024B - Virtual size: 1024B