a7f54cf327c4c1937370ba67d4226b6e932bc2fe79e16d8270541e1f01205dc5

Sharing

Copy URL Twitter E-mail

General

Target

a7f54cf327c4c1937370ba67d4226b6e932bc2fe79e16d8270541e1f01205dc5
Size

210KB
MD5

cd5869b791c21c4790ce382276f4a6cf
SHA1

eb1ae2258301eb3896fe62b1cf3321b4e50c7c7f
SHA256

a7f54cf327c4c1937370ba67d4226b6e932bc2fe79e16d8270541e1f01205dc5
SHA512

b1bf1b54fd5d840583823c5d3ea0e76a3c701e255f8a5f48db9f77cb9f6357ec1c69755e21a45446473b407fa2d125b303cdae17f1343fef0f688bf255e5d3df
SSDEEP

6144:J1tJG1wnTD2onVrD1DeZRh3GCyq7vpeAYojCi:FsQRh1MD7YojCi

Score

N/A

Malware Config

Signatures

Files

a7f54cf327c4c1937370ba67d4226b6e932bc2fe79e16d8270541e1f01205dc5
.exe windows x86

0a61991b41dfe81c738c4e1a166c7adf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winsta

WinStationEnumerateProcesses
WinStationGetMachinePolicy
WinStationSendWindowMessage
LogonIdFromWinStationNameW
WinStationQueryLogonCredentialsW
WinStationShutdownSystem
_WinStationReInitializeSecurity
_WinStationCallback
WinStationShadow
_WinStationBeepOpen
WinStationRemoveLicense
WinStationRenameW
WinStationFreeMemory
ServerLicensingLoadPolicy
WinStationQueryInformationA
ServerLicensingFreePolicyInformation
WinStationGetLanAdapterNameA

odbc32

SQLErrorW
SQLAllocStmt
SQLGetInfoA
SQLDrivers
g_hHeapMalloc
OpenODBCPerfData
GetODBCSharedData
SQLGetTypeInfoA
SQLGetTypeInfoW
SQLColAttributesW
SQLColumnPrivilegesW
SQLDriversW
SQLSetDescField
SQLPrimaryKeysA
SQLGetConnectOptionA
SQLProcedureColumnsA
SQLError
SQLExtendedFetch
SQLGetDiagField
SQLGetStmtAttrA
ODBCQualifyFileDSNW
SQLGetEnvAttr
SQLGetCursorName

kernel32

GetComputerNameW
HeapDestroy
GetDiskFreeSpaceA
LoadLibraryA
LZDone
AddAtomA
RtlCaptureContext
GetModuleHandleA
GetConsoleAliasExesA
VirtualAlloc
GetSystemInfo
FormatMessageA
BuildCommDCBAndTimeoutsW
GetTimeZoneInformation
lstrlenW
VirtualQuery
LocalAlloc
CreateIoCompletionPort
GetAtomNameA
RemoveVectoredExceptionHandler
LZRead
BackupRead
SetVolumeMountPointA
OpenProcess
FreeEnvironmentStringsA

mapistub

CreateTable@36
OpenTnefStreamEx
FBadPropTag@4
MAPIInitialize
MAPIAdminProfiles
HrThisThreadAdviseSink@8
UNKOBJ_ScCOReallocate@12
CchOfEncoding@4
OpenTnefStreamEx@32
SzFindLastCh@8
HrSzFromEntryID@12
MAPIFreeBuffer
FBadRglpszW@8
ScCountNotifications@12
MNLS_IsBadStringPtrW@8
MAPIFindNext
PropCopyMore@16

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 513KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a61991b41dfe81c738c4e1a166c7adf

Headers

File Characteristics

Imports

winsta

odbc32

kernel32

mapistub

Sections

.text Size: 184KB - Virtual size: 184KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 123KB - Virtual size: 513KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 184KB - Virtual size: 184KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 123KB - Virtual size: 513KB

.rsrc
Size: 18KB - Virtual size: 18KB