4360647154d18f3ecc8ec1b4ab0bdcf2221121a0d030e71ef6a45cd770bcb739

Sharing

Copy URL Twitter E-mail

General

Target

4360647154d18f3ecc8ec1b4ab0bdcf2221121a0d030e71ef6a45cd770bcb739
Size

929KB
MD5

67eb8665bf3c601c260f5985e99cf32d
SHA1

920c8cbc9c9447b540b738b733310c88306d94a7
SHA256

4360647154d18f3ecc8ec1b4ab0bdcf2221121a0d030e71ef6a45cd770bcb739
SHA512

b3453cb50fbda54e5d1ed8f65d1680e3d6f5c449fd80c194845c80a1507bea3e83f0b98142fd5f8217ae7c411727dc10c58834a5176a6f85060e98ec0ad61cf6
SSDEEP

24576:Td4EEsTmfLKinuVcRZ4yAQWxTboHbOOii/Oj:ZZEsqD0cRZXAQoTbeSOii/

Score

N/A

Malware Config

Signatures

Files

4360647154d18f3ecc8ec1b4ab0bdcf2221121a0d030e71ef6a45cd770bcb739
.exe windows x86

c5aaaabef16a19a96e5e071a4f92aa78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasExesLengthA
lstrcpynW
FindFirstVolumeMountPointA
GetThreadContext
GetConsoleCursorInfo
Module32NextW
GetTimeFormatA
GetCPInfoExA
GetPrivateProfileIntW
GetConsoleAliasExesA
BaseUpdateAppcompatCache
FoldStringW
FreeUserPhysicalPages
CreateMemoryResourceNotification
FindActCtxSectionStringA
SetThreadLocale
VirtualAlloc
SetFileValidData
MoveFileA
VerifyVersionInfoA
IsBadWritePtr
GetCurrentProcessId
LoadLibraryA
SetThreadAffinityMask
SetFileAttributesW
SwitchToThread
SearchPathA
GetCurrentConsoleFont
_lread
RegisterWaitForSingleObjectEx
MapUserPhysicalPagesScatter
SetCriticalSectionSpinCount
RegisterConsoleVDM
FreeLibraryAndExitThread
WriteProfileStringA
IsBadReadPtr
GetSystemTimeAsFileTime
_lclose
GetFileAttributesW
FindFirstFileExW

odbc32

CursorLibLockDesc
SQLColAttributes
SQLGetData
SQLBindCol
SQLConnectW
SQLGetConnectAttr
SQLParamOptions
SQLSetConnectOptionW
SQLExecDirectW
SQLTables
SQLAllocConnect
SQLPrimaryKeys
LockHandle
SQLForeignKeys
SQLProcedureColumnsA
VFreeErrors
SQLGetDiagFieldW
SQLGetDescField
SQLSpecialColumnsA
SQLNativeSql
SQLSetStmtAttrA
SQLExecute
SQLGetInfoW
SQLProceduresW
SQLGetStmtAttrW
GetODBCSharedData

gdi32

GdiDeleteLocalDC
GdiConvertEnhMetaFile
EngFillPath
GetRelAbs
SetFontEnumeration
GetBitmapAttributes
SetRelAbs
OffsetWindowOrgEx
RoundRect
GetGlyphOutlineWow
GetMiterLimit
CopyEnhMetaFileA
EndDoc
CreateHatchBrush
CreateDiscardableBitmap
PATHOBJ_bEnumClipLines
GdiPlayPrivatePageEMF
GdiGetPageHandle
ResetDCA
CopyMetaFileA
SelectClipRgn
GetLayout
DrawEscape
GdiGetSpoolFileHandle
GdiStartDocEMF
GetDCPenColor
GetCharacterPlacementW
GetOutlineTextMetricsW
SetPolyFillMode
FONTOBJ_pvTrueTypeFontFile
DeviceCapabilitiesExA
EngStretchBlt
XLATEOBJ_hGetColorTransform
DdEntry52
ColorCorrectPalette

mfcsubs

?GetLength@CString@@QBEHXZ
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
?Left@CString@@QBE?AV1@H@Z
??1CMapStringToPtr@@UAE@XZ
?AssignCopy@CString@@IAEXHPBG@Z
?FormatV@CString@@IAEXPBGPAD@Z
?Append@CStringArray@@QAEHABV1@@Z
?GetAt@CString@@QBEGH@Z
??ACStringArray@@QAEAAVCString@@H@Z
?AfxGetEmptyString@@YGABVCString@@XZ
??H@YG?AVCString@@ABV0@G@Z
??_7CCriticalSection@@6B@
?LoadStringW@CString@@QAEHI@Z
??N@YG_NABVCString@@0@Z
?Empty@CString@@QAEXXZ
?FreeAssoc@CMapStringToPtr@@IAEXPAUCAssoc@1@@Z
??9@YG_NABVCString@@0@Z
?GetSize@CStringArray@@QBEHXZ
?AfxW2AHelper@@YGPADPADPBGH@Z
?ConcatInPlace@CString@@IAEXHPBG@Z
??0CStringArray@@QAE@XZ
??8@YG_NABVCString@@0@Z
?CompareNoCase@CString@@QBEHPBG@Z
??0CString@@QAE@PBGH@Z
??YCString@@QAEABV0@ABV0@@Z
??4CString@@QAEABV0@PBE@Z

query

?IsStopped@CCatalogAdmin@@QAEHXZ
?Remove@CDbSortSet@@QAEXI@Z
?_ftFile@CGlobalPropFileRefresher@@0U_FILETIME@@A
?ReadProperty@CPropertyStore@@QAEHKKAAUtagPROPVARIANT@@@Z
??1CInternalPropertyRestriction@@QAE@XZ
??1CSizeSerStream@@UAE@XZ
?Flush@CDynStream@@QAEXXZ
??0CUnfilteredRestriction@@QAE@XZ
?SkipLong@CMemDeSerStream@@UAEXXZ
?Eof@CMmStreamConsecBuf@@QAEHXZ
?UnMarshall@CDbByGuid@@QAEHAAVPDeSerStream@@@Z
?GetTotalSizeInKB@CPropertyStore@@QAEKXZ
?DecodeURLEscapes@@YGXPAEAAKPAGK@Z
?SetDATE@CStorageVariant@@QAEXNI@Z
?GetBackupSize@CPropStoreManager@@QAEKK@Z
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
??0CImpersonateRemoteAccess@@QAE@PAVCImpersonationTokenCache@@@Z
??0CScopeRestriction@@QAE@PBGHH@Z
?PropertyToPropId@CStandardPropMapper@@QAEKABVCFullPropSpec@@H@Z
?Marshall@CPropNameArray@@QBEXAAVPSerStream@@@Z
?SetRunningAsSystem@CImpersonateSystem@@SGXXZ
??1CSynRestriction@@QAE@XZ
?Shrink@CDynStream@@QAEXAAVPStorage@@K@Z
?InitIterator@CStaticPropertyList@@UAEXXZ
?My_wcstoui64@@YA_KPBGPAPAGH@Z
?StartCI@CMachineAdmin@@QAEHXZ
??1CAllocStorageVariant@@IAE@XZ
??0CTransaction@@QAE@XZ
?_FindOrAddValueNode@CDbPropertyRestriction@@AAEPAVCDbScalarValue@@XZ
??0CMmStreamConsecBuf@@QAE@XZ
?GetBrowserCodepage@@YGKAAVCWebServer@@K@Z
??0CPidLookupTable@@QAE@XZ
?SetScopeProperties@@YGXPAUICommand@@IPBQBGPBK11@Z
?AddChild@CNodeRestriction@@QAEXPAVCRestriction@@AAI@Z
BindIFilterFromStream
?CiNtOpenNoThrow@@YGJAAPAXPBGKKK@Z
??1?$XPtr@VCDbColumnNode@@@@QAE@XZ
?SystemExceptionTranslator@@YAXIPAU_EXCEPTION_POINTERS@@@Z
?SetBSTR@CStorageVariant@@QAEXPAGI@Z
?IsScopeValid@@YGJPBGIH@Z
?IsSameDrive@CDriveInfo@@QAEHPBG@Z
??1CMemSerStream@@UAE@XZ
?StrLen@CKey@@QBEIXZ
?Marshall@CDbPropSet@@QBEXAAVPSerStream@@@Z
??0CDbColId@@QAE@ABUtagDBID@@@Z
??0CPathParser@@QAE@PBGK@Z
?CreateSubdirs@CMachineAdmin@@QAEXPBG@Z
CICreateCommand
??0CPropertyValueParser@@QAE@AAVCQueryScanner@@GK@Z
??0CTimeLimit@@QAE@KK@Z
?SetScopePropertiesNoThrow@@YGJPAUICommand@@IPBQBGPBK11@Z
?PeekULong@CMemDeSerStream@@UAEKXZ
?Close@CPipeClient@@IAEXXZ
??1CPidRemapper@@QAE@XZ
??1CDbPropSet@@QAE@XZ

msvcrt40

?egptr@streambuf@@IBEPADXZ
_dup2
?overflow@stdiobuf@@UAEHH@Z
?rdbuf@ios@@QBEPAVstreambuf@@XZ
__iscsym
??6ostream@@QAEAAV0@PBD@Z
??_Eostream@@UAEPAXI@Z
??_Dstrstream@@QAEXXZ
_outpw
_access
??1type_info@@UAE@XZ
_HUGE
??4ios@@IAEAAV0@ABV0@@Z
strncpy
??_Efstream@@UAEPAXI@Z
_getch
_hypot
vprintf
srand
??2@YAPAXI@Z
?setmode@fstream@@QAEHH@Z
?get@istream@@QAEAAV1@PADHD@Z
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
?ipfx@istream@@QAEHH@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
?bitalloc@ios@@SAJXZ
??1ifstream@@UAE@XZ
??0ostream_withassign@@QAE@PAVstreambuf@@@Z

crypt32

CryptCloseAsyncHandle
CryptMsgSignCTL
CertFindCertificateInCRL
CreateFileU
CryptMsgGetAndVerifySigner
CertVerifyCertificateChainPolicy
CryptUnregisterDefaultOIDFunction
I_CryptGetOssGlobal
CertFindCTLInStore
I_CryptGetLruEntryIdentifier
RegCreateHKCUKeyExU
PFXExportCertStoreEx
CryptCreateKeyIdentifierFromCSP
CryptDecodeMessage
CryptImportPublicKeyInfo
CertCloseStore
I_CryptEnumMatchingLruEntries
CertGetNameStringA
I_CertProtectFunction
CertEnumCertificateContextProperties
CryptInstallOIDFunctionAddress
CertCreateCRLContext
CertComparePublicKeyInfo
CertGetStoreProperty
I_CryptInsertLruEntry

expsrv

rtcGetHourOfDay
__vbaPutOwner4
__vbaBoolStr
__vbaStrCopy
rtcIsArray
rtcFreeFile
__vbaI4Abs
rtcPPMT
rtcNPV
EbResetProject
SetMemObj
__vbaCopyBytesZero
__vbaHresultCheckNonvirt
BASIC_CLASS_GetIDsOfNames
__vbaFreeVar
__vbaOnError
__vbaLateMemCallSt
__vbaFpCDblR4
__vbaResume
EVENT_SINK_GetIDsOfNames
rtcVarBstrFromAnsi
rtcFormatDateTime
__vbaI2ErrVar
rtcNPer
__vbaVarIndexLoadRefLock
__vbaVarTextCmpGe
__vbaFPInt
__vbaLateMemStAd
Zombie_QueryInterface
__vbaError
rtcVarType
_CIatan
rtcByteValueBstr
__vbaStrUI1
__vbaRedimPreserveVar2
__vbaWriteFile
__vbaDerefAry
__vbaR8IntI2
__vbaCyFix
__vbaVarLateMemCallLdRf
rtcDir
__vbaVarCmpEq

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 612KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5aaaabef16a19a96e5e071a4f92aa78

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

odbc32

gdi32

mfcsubs

query

msvcrt40

crypt32

expsrv

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 612KB - Virtual size: 1.9MB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 344B

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 612KB - Virtual size: 1.9MB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 344B