590b440da21d72ee53221c65a795177421652a19b2833917a7bbaf9f6d9c8c2a

Sharing

Copy URL Twitter E-mail

General

Target

590b440da21d72ee53221c65a795177421652a19b2833917a7bbaf9f6d9c8c2a
Size

130KB
MD5

a3d3ff426c516d4956da20a0fe882f2b
SHA1

b9ea80340a2172e4cb7232458f06cbb4ab59dcd1
SHA256

590b440da21d72ee53221c65a795177421652a19b2833917a7bbaf9f6d9c8c2a
SHA512

ab02fac8ee385b4e7e73328330d937ff24f5ecb2595ce1c0143b51062f27ad578c784393e715ad1bfb4e2aaf8a87af205c3c04a631c0f7ba473b9ad710d5dfc4
SSDEEP

1536:s/iCNRKPMKptQS/K+P6ZyNJJN5QHCZ6mT0U7/lp1y2baawUNzJgIgVfVn9gEXQca:IiL3rgCp7/nU2baaBhgVfV9gEckA

Score

N/A

Malware Config

Signatures

Files

590b440da21d72ee53221c65a795177421652a19b2833917a7bbaf9f6d9c8c2a
.exe windows x86

dd2f826be56f380c2275f4a7f8cfdaa7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_NDdeSetTrustedShare_@12
_SetICMProfile_@8
_CopyFile_@12
_CharLowerBuff_@8
_PolyTextOut_@12
_GetEnhMetaFileDescription_@12
_PostThreadMessage_@16
_ShellExecuteEx_@4
_GlobalGetAtomName_@12
_LoadCursor@8
_RegSetValueEx_@24
_EnumResourceNames_@16
_strerror_@4
_CreateDirectory_@8
_TextOut@20
_CreateNamedPipe_@32
_CharPrev_@8
_GetCharABCWidths_@16
_IsBadStringPtr_@8
__lopen_@8
_FindResource@12
_GetKerningPairs_@12

printui

bFolderEnumPrinters
PnPInterface
PrintUIEntryW
DocumentPropertiesWrap
ConstructPrinterFriendlyName
vPrinterPropPages
ConnectToPrinterDlg
bPrinterSetup
vDocumentDefaults
ShowErrorMessageSC
PrintNotifyTray_Init
vQueueCreate
bFolderGetPrinter
DllGetClassObject
RegisterPrintNotify
ShowErrorMessageHR
DllMain
PrinterPropPageProvider
DllCanUnloadNow

snmpapi

SnmpSvcSetLogLevel
SnmpUtilAnsiToUnicode
SnmpUtilMemReAlloc
SnmpTfxOpen
SnmpSvcSetLogType
SnmpUtilDbgPrint
SnmpUtilOidCmp
SnmpUtilAsnAnyFree
SnmpUtilOctetsCmp
SnmpUtilAsnAnyCpy
SnmpSvcAddrToSocket
SnmpUtilIdsToA
SnmpUtilMemFree
SnmpUtilUnicodeToUTF8
SnmpUtilMemAlloc
SnmpSvcGetUptimeFromTime
SnmpUtilOidCpy
SnmpUtilOidToA
SnmpUtilUnicodeToAnsi
SnmpSvcGetEnterpriseOID
SnmpTfxQuery
SnmpUtilOidFree
SnmpUtilPrintAsnAny
SnmpSvcAddrIsIpx
SnmpUtilOctetsFree
SnmpSvcGetUptime
SnmpUtilOidNCmp
SnmpUtilOctetsCpy
SnmpUtilOidAppend
SnmpUtilVarBindListCpy

hhsetup

?RemoveAll@CFIFOString@@QAEXXZ
?SetId@CLocation@@QAEXPBG@Z
?ConfirmTitles@CCollection@@QAEXXZ
?SetOrder@CFolder@@QAEXK@Z
?GetNextLocation@CLocation@@QAEPAV1@XZ
?GetCollectionFileName@CCollection@@QAEPBDXZ
?GetOrder@CFolder@@QAEKXZ
?GetTail@CFIFOString@@QAEKPAPAD@Z
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?NewLocation@CCollection@@AAEPAVCLocation@@XZ
?GetRootFolder@CCollection@@QAEPAVCFolder@@XZ
?GetVisableRootFolder@CCollection@@QAEPAVCFolder@@XZ
?Next@CPointerList@@QAEPAUListItem@@PAU2@@Z
?MergeKeywords@CCollection@@QAEHPAD@Z
?AddFolder@CCollection@@QAEPAVCFolder@@PBGKPAKG@Z
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
?DeleteFolder@CCollection@@QAEKPAVCFolder@@@Z
?SetTitle@CLocation@@QAEXPBG@Z
??4CCollection@@QAEAAV0@ABV0@@Z

dnsapi

DnsCreateStringCopy
DnsDhcpSrvRegisterHostName
Dns_CreateSocketEx
Dns_InitializeMsgRemoteSockaddr
DnsDowncaseDnsNameLabel
DnsDhcpSrvRegisterInit
DnsReleaseContextHandle
Dns_SkipToRecord
DnsDhcpSrvRegisterTerm
DnsRecordSetCompare
DnsFree
DnsCopyStringEx
Dns_ReadRecordStructureFromPacket
Dns_WriteRecordStructureToPacketEx
NetInfo_IsForUpdate
DnsModifyRecordsInSet_A
DnsRecordSetCopyEx
DnsAcquireContextHandle_W
CombineRecordsInBlob
BreakRecordsIntoBlob
Dns_GetRandomXid

kernel32

HeapReAlloc
CreateEventW
IsSystemResumeAutomatic
RemoveDirectoryA
HeapDestroy
SetLocalTime
CreateConsoleScreenBuffer
GetComputerNameW
GetModuleHandleA
SetDefaultCommConfigA
LoadLibraryW
GlobalDeleteAtom
GetOEMCP

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd2f826be56f380c2275f4a7f8cfdaa7

Headers

File Characteristics

Imports

sqlunirl

printui

snmpapi

hhsetup

dnsapi

kernel32

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 2KB