93c8369a6468625b4e130ef115b4beb5a66a9382c84ec6aa6560a1a9d317952b

Sharing

Copy URL Twitter E-mail

General

Target

93c8369a6468625b4e130ef115b4beb5a66a9382c84ec6aa6560a1a9d317952b
Size

47KB
MD5

d8888a4e5cf27bdc02115ba460b7876f
SHA1

157a7dabe8beb8e0cfb14e355947d3644ad71fe9
SHA256

93c8369a6468625b4e130ef115b4beb5a66a9382c84ec6aa6560a1a9d317952b
SHA512

2e7f3ceab0b5778f9dc5138e0b7e707b265ddbd34f6752066f03a697bdfac78ea6e5aca0b9c862deb8ed5ce63505514777a589fa1b5d6f32390873769c859864
SSDEEP

768:AucSliw6f4AuFCuNRCxgiVWoe5CgWCPm7yNIF79ag3CZGMpsRd2j8vUVUr:AucSlwuFHRYcMgM59lOGMpsRY8vUVU

Score

N/A

Malware Config

Signatures

Files

93c8369a6468625b4e130ef115b4beb5a66a9382c84ec6aa6560a1a9d317952b
.exe windows x86

19e43610364d9099f5d9cc0d7b54c61c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapistub

HrQueryAllRows@24
ScUNCFromLocalPath@12
FBadEntryList@4
UFromSz@4
FreePadrlist@4
FBadRglpNameID@8
FGetComponentPath@20
ChangeIdleRoutine@28
MAPIOpenLocalFormContainer
DeregisterIdleRoutine@4
HexFromBin@12
OpenTnefStream@28
FBadRestriction@4
MAPIFreeBuffer@4
cmc_logon
ScMAPIXFromCMC
WrapCompressedRTFStream
FreeProws@4
DllCanUnloadNow
cmc_act_on
HrComposeMsgID@24
FtDivFtBogus@20
MNLS_WideCharToMultiByte@32
BMAPIReadMail
FtMulDw@12
FBadProp@4

kernel32

QueryPerformanceCounter
GetComputerNameExW
GetACP
CreateTimerQueueTimer
RemoveLocalAlternateComputerNameA
DnsHostnameToComputerNameW
EnumDateFormatsA
SetComputerNameExA
FreeConsole
HeapReAlloc
LZOpenFileW
DisconnectNamedPipe
GetConsoleScreenBufferInfo
LZRead
GetDefaultCommConfigA
SetComputerNameA
QueryPerformanceFrequency
NlsGetCacheUpdateCount
IsValidCodePage
GetCurrentThread
GetModuleHandleW
UnregisterWait
WriteTapemark
SetThreadIdealProcessor
GetConsoleKeyboardLayoutNameA
MoveFileExA
FindResourceA
LoadLibraryW
GetLocaleInfoW

olesvr32

OleUnblockServer
OleQueryServerVersion
DocWndProc
OleSavedServerDoc
FindItemWnd
OleBlockServer
EnumForTerminate
ItemCallBack
OleRevokeServerDoc
SrvrWndProc
OleRenameServerDoc
OleRegisterServer
TerminateClients
ItemWndProc
OleRevertServerDoc
OleRevokeObject
OleRegisterServerDoc
OleRevokeServer
DeleteClientInfo
SendDataMsg
TerminateDocClients
SendRenameMsg
WEP

acledit

DllMain
EditAuditInfo
SedDiscretionaryAclEditor
SedTakeOwnership
EditOwnerInfo
EditPermissionInfo
FMExtensionProcW
SedSystemAclEditor

msasn1

ASN1BEREncOctetString
ASN1BERDecZeroMultibyteString
ASN1BERDecFlush
ASN1BEREncEndOfContents
ASN1DecAlloc
ASN1DecRealloc
ASN1CEREncMultibyteString
ASN1BEREncChar32String
ASN1BERDecObjectIdentifier
ASN1intxisuint32
ASN1BERDecExplicitTag
ASN1BERDecBitString
ASN1BERDecBitString2
ASN1BERDecChar32String
ASN1CEREncOctetString
ASN1BERDecMultibyteString
ASN1_CloseEncoder2
ASN1_CreateModule
ASN1CEREncFlushBlkElement
ASN1BEREncObjectIdentifier2
ASN1BERDecU8Val
ASN1_CloseDecoder
ASN1BEREncDouble
ASN1ztcharstring_cmp
ASN1BEREncUTCTime

crypt32

CryptSIPRetrieveSubjectGuidForCatalogFile
CertAlgIdToOID
I_CryptTouchLruEntry
CertAddEncodedCTLToStore
CryptFindCertificateKeyProvInfo
CertFindCRLInStore
CertEnumCertificateContextProperties
CryptVerifyMessageSignature
CertSetStoreProperty
CryptGetAsyncParam
CertAddCTLLinkToStore
I_CryptAddSmartCardCertToStore
CryptGetKeyIdentifierProperty
CertFindChainInStore
PFXImportCertStore
CryptMsgEncodeAndSignCTL
CertOpenSystemStoreW
CryptSignAndEncryptMessage
CryptEncodeObjectEx
CryptStringToBinaryW
CertOIDToAlgId
I_CertSrvProtectFunction
CertDuplicateCertificateContext

sqlunirl

_QueryDosDevice_@12
_WriteProfileString_@12
_GetCommandLine_@0
_CreateFontIndirect@4
_WinHelp@16
_CreateDesktop_@24
_SHGetFileInfo_@20
_LoadLibraryEx_@12
_DlgDirListComboBox_@20
_FindText_@4
_SendDlgItemMessage@20

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19e43610364d9099f5d9cc0d7b54c61c

Headers

DLL Characteristics

File Characteristics

Imports

mapistub

kernel32

olesvr32

acledit

msasn1

crypt32

sqlunirl

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 7KB