840adda53702ad0bdfa28740a52fc2bf6ce3c95e134f9ed5a17692074eac4de3

Sharing

Copy URL

Twitter E-mail

General

Target

840adda53702ad0bdfa28740a52fc2bf6ce3c95e134f9ed5a17692074eac4de3
Size

866KB
MD5

59ba5b645a3eedd9e4b7b33c40b82851
SHA1

02bf39b08ed7f02cb12685bbd81b8e73e558df44
SHA256

840adda53702ad0bdfa28740a52fc2bf6ce3c95e134f9ed5a17692074eac4de3
SHA512

66be98b6e26c64e93b4b45bfec9c320999e2c8f372d0580a332054689375b37c48902920da7b348ef0d7dc13f0cc9da96ff93b8bad2a6e84fe19ae964bd8c40a
SSDEEP

24576:h7ctLiTgriH5B+twvBm00v49CoLdoLGLAZk:6qBEwvBtFD5oLGkZk

Score

N/A

Malware Config

Signatures

Files

840adda53702ad0bdfa28740a52fc2bf6ce3c95e134f9ed5a17692074eac4de3
.exe windows x86

51151ff5befca96261c03f817e89a856

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlInitializeContext
RtlHashUnicodeString
ZwListenPort
NtTerminateJobObject
NtQueryInformationProcess
NtSetLowWaitHighEventPair
RtlPcToFileHeader
CsrClientCallServer
NtImpersonateAnonymousToken
NtOpenProcessTokenEx
ZwQueryFullAttributesFile
ZwTerminateThread
RtlDowncaseUnicodeString
RtlAreBitsSet
_lfind
KiUserCallbackDispatcher
RtlFreeThreadActivationContextStack
_memccpy
NtOpenSection
RtlFirstEntrySList
RtlDefaultNpAcl
ZwWaitLowEventPair
ZwSetDefaultUILanguage
ZwDisplayString
RtlpNotOwnerCriticalSection
NtReadFileScatter
RtlDosPathNameToNtPathName_U
RtlSetIoCompletionCallback
RtlExpandEnvironmentStrings_U
RtlUnicodeToMultiByteN
LdrFindResourceEx_U
NtCancelTimer
tan
_i64toa
ZwOpenThreadToken
RtlSetUserFlagsHeap
NtOpenTimer
RtlGetNativeSystemInformation
ZwQueryPerformanceCounter
NtNotifyChangeMultipleKeys
ZwOpenJobObject
RtlGetElementGenericTableAvl
RtlFindLastBackwardRunClear
RtlEnableEarlyCriticalSectionEventCreation
_CIcos

odbc32

SQLSetDescField
SQLBindParam
SQLGetTypeInfoA
SQLSpecialColumnsW
SQLGetDescRecA
SQLSetEnvAttr
CursorLibLockStmt
SQLDescribeColA
SQLTablePrivilegesA
SQLSetDescRec
SQLSetCursorNameW
SQLForeignKeysA
SQLProcedures
SQLGetStmtAttrW
SQLSpecialColumnsA
SQLTablesA
SQLExecDirect
SQLAllocHandle
SQLNativeSql
SQLDescribeParam
ODBCGetTryWaitValue
SQLSetConnectOptionW
SQLSetDescFieldW
SQLNativeSqlW
CursorLibLockDbc
SQLColumnsA
SQLGetData
SQLPrepare
SQLFreeConnect
SQLGetInfoW
SearchStatusCode
SQLSetConnectAttrW
VRetrieveDriverErrorsRowCol
SQLDriverConnect
SQLProceduresA
SQLProceduresW
SQLSetConnectOption
SQLSetScrollOptions
SQLExecDirectA
PostODBCError
SQLFetchScroll
SQLColumnsW

kernel32

EnumSystemCodePagesA
GetModuleHandleW
FatalAppExitA
IsBadHugeReadPtr
SetNamedPipeHandleState
VirtualLock
GetSystemTimeAsFileTime
VirtualAlloc
GlobalFindAtomW
GetWindowsDirectoryA
SetFileAttributesA
PrepareTape
IsDBCSLeadByte
QueryPerformanceCounter
SetProcessWorkingSetSize
QueryDepthSList
Thread32Next
GetLogicalDriveStringsW
CreateEventA
GetStartupInfoW
GetConsoleAliasExesLengthW
LoadLibraryA
HeapSummary
SetEndOfFile
FindNextFileA
GetDateFormatW
SetConsoleNumberOfCommandsW
LoadLibraryExA
BackupSeek
SetTapePosition
DeleteFileW
GetLocaleInfoW
WaitForSingleObject
EnumerateLocalComputerNamesA
CreateJobObjectW
OpenSemaphoreA
GetConsoleAliasExesA
RemoveLocalAlternateComputerNameW
Toolhelp32ReadProcessMemory

advpack

TranslateInfStringEx
NeedRebootInit
DelNode
SetPerUserSecValues
RegSaveRestoreOnINF
IsNTAdmin
OpenINFEngine
LaunchINFSectionEx
UserUnInstStubWrapper
AdvInstallFile
UserInstStubWrapper
DelNodeRunDLL32
FileSaveRestoreOnINF
FileSaveMarkNotExist
CloseINFEngine
RegSaveRestore
RebootCheckOnInstall
RegisterOCX
ExecuteCab
FileSaveRestore
GetVersionFromFile
RegRestoreAll
ExtractFiles
LaunchINFSection
TranslateInfString
GetVersionFromFileEx
AddDelBackupEntry
RegInstall
DoInfInstall
RunSetupCommand
NeedReboot

msdart

?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z
?WriteLock@CReaderWriterLock2@@QAEXXZ
??4CReaderWriterLock2@@QAEAAV0@ABV0@@Z
?IsWriteLocked@CSpinLock@@QBE_NXZ
?_Lock@CSpinLock@@AAEXXZ
?Unlock@CLockedSingleList@@QAEXXZ
?IsUsable@CLKRHashTable@@QBE_NXZ
?IsReadLocked@CReaderWriterLock@@QBE_NXZ
FXMemAttach
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?IsWriteLocked@CLKRLinearHashTable@@QBE_NXZ
?BucketSize@CLKRHashTableStats@@SGJJ@Z
?GetSpinCount@CSpinLock@@QBEGXZ
?FindRecord@CLKRHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?WriteLock@CReaderWriterLock@@QAEXXZ
?IsWinNT4@CMdVersionInfo@@SAHXZ
?FindKey@CLKRHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
??1CSingleList@@QAE@XZ
??4CLockedSingleList@@QAEAAV0@ABV0@@Z
?IsReadLocked@CCritSec@@QBE_NXZ
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
MpGetHeapHandle
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
?Clear@CLKRLinearHashTable@@QAEXXZ
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?RemoveEntry@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?ValidSignature@CLKRHashTable@@QBE_NXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
??4CFakeLock@@QAEAAV0@ABV0@@Z
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?SetDefaultSpinCount@CReaderWriterLock@@SGXG@Z
MPInitializeCriticalSection
mpCalloc
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?_Clear@CLKRLinearHashTable@@AAEX_N@Z
?SetDefaultSpinAdjustmentFactor@CFakeLock@@SGXN@Z
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ

query

??0CPropertyValueParser@@QAE@AAVCQueryScanner@@GK@Z
?SetUI4@CStorageVariant@@QAEXKI@Z
?InitializeForRead@CDynStream@@QAEXXZ
?NotifyWriteRead@CRequestClient@@QAEHPAX0K0KAAK@Z
?Clone@CNodeRestriction@@QBEPAV1@XZ
??0CValueNormalizer@@QAE@AAVPKeyRepository@@@Z
?GetTotalSizeInKB@CPropertyStore@@QAEKXZ
?RefreshParams@CWorkQueue@@QAEXKK@Z
??0CSvcQuery@@QAE@PBGPAUIDBProperties@@@Z
??0CDbSortSet@@QAE@I@Z
?TransferNode@CDbCmdTreeNode@@QAEXPAV1@@Z
?GetPropInfoFromName@CEmptyPropertyList@@UAGJPBGPAPAUtagDBID@@PAGPAI@Z
??1CDbSortKey@@QAE@XZ
?PutWString@@YGXAAVPSerStream@@PBG@Z
?SetPath@CScopeAdmin@@QAEXPBG@Z
?Setup@CPropStoreManager@@QAEXKKKKHK@Z
?Marshall@CNodeRestriction@@QBEXAAVPSerStream@@@Z
?GetBlob@CMemDeSerStream@@UAEXPAEK@Z
?ReadProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@PAEPAI@Z
?StopCI@CMachineAdmin@@QAEHXZ
?SetExclude@CScopeAdmin@@QAEXH@Z
??0CPropertyRestriction@@QAE@XZ
?GetStorage@CPropStoreManager@@QAEAAVPStorage@@K@Z
?QueryScopeAdmin@CScopeEnum@@QAEPAVCScopeAdmin@@XZ
?IsImpersonated@CImpersonateSystem@@SGHXZ
??0CAllocStorageVariant@@QAE@PBU_GUID@@AAVPMemoryAllocator@@@Z
??1CPropertyRestriction@@QAE@XZ
?CloseRecord@CPropStoreManager@@QAEXPAVCCompositePropRecordForWrites@@@Z
?Init@CRcovStorageHdr@@QAEXK@Z
?Unmap@CRcovStrmTrans@@IAEXW4DataCopyNum@CRcovStorageHdr@@@Z
?ReadPrimaryProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
??1CMemSerStream@@UAE@XZ
?GetI4@CAllocStorageVariant@@QBEJI@Z
?AddRefWorkThreads@CWorkQueue@@QAEXXZ
??0CPerfMon@@QAE@PBG@Z
?AppendListElement@CDbProjectListAnchor@@QAEHABUtagDBID@@PAG@Z

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 380KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51151ff5befca96261c03f817e89a856

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

odbc32

kernel32

advpack

msdart

query

Sections

.text Size: 145KB - Virtual size: 145KB

.rdata Size: 337KB - Virtual size: 337KB

.data Size: 380KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 145KB - Virtual size: 145KB

.rdata
Size: 337KB - Virtual size: 337KB

.data
Size: 380KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B