fdada05268c177b3102d8c6b9f70291ca7b015ffe803ee0d959e0efdd5f87155

Sharing

Copy URL Twitter E-mail

General

Target

fdada05268c177b3102d8c6b9f70291ca7b015ffe803ee0d959e0efdd5f87155
Size

807KB
MD5

77612af7bbf19d2788858e26c1bc5964
SHA1

03fe63fac3ced771ef08ec0b5c544f3c815e3489
SHA256

fdada05268c177b3102d8c6b9f70291ca7b015ffe803ee0d959e0efdd5f87155
SHA512

a751735d97e6e465640b62031951adb3bf23bfdfb3ee1353fd3e42ed01d263c14fff007c2cb6472550dc0827320ccdaae4c05f0b3442375428b6352ac1d5d509
SSDEEP

12288:gEXrtC5sK82RTz/Nx8WP64Wa84GNOF5mxno04OlOLT2PSZdtCkOCg0fQ/CD:jJq9Tbn8uBGnxno7OlWMkRo

Score

N/A

Malware Config

Signatures

Files

fdada05268c177b3102d8c6b9f70291ca7b015ffe803ee0d959e0efdd5f87155
.exe windows x86

e9ad5302799fa29c312256c05248dca9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

GetAllUsersProfileDirectoryW
LeaveCriticalPolicySection
GetAppliedGPOListW
CreateEnvironmentBlock
EnterCriticalPolicySection
WaitForMachinePolicyForegroundProcessing
RegisterGPNotification
RefreshPolicy
GetDefaultUserProfileDirectoryA
RsopLoggingEnabled
GetProfilesDirectoryA
GetAllUsersProfileDirectoryA
WaitForUserPolicyForegroundProcessing
ProcessGroupPolicyCompletedEx
GetNextFgPolicyRefreshInfo
GetUserProfileDirectoryA
GetPreviousFgPolicyRefreshInfo
DestroyEnvironmentBlock
GetGPOListW
LoadUserProfileW
GetUserProfileDirectoryW
ProcessGroupPolicyCompleted
GetGPOListA
ForceSyncFgPolicy
RsopSetPolicySettingStatus
FreeGPOListA
GetProfilesDirectoryW
UnloadUserProfile
RsopResetPolicySettingStatus

sqlunirl

_RegisterClassEx_@4
_GetCharABCWidthsFloat_@16
_CreateDC_@16
_CreateProcess_@40
_LoadMenuIndirect_@4
_NDdeShareAdd_@20
_DrawTextEx_@24
_RegEnumValue_@32
wsprintf_
_NDdeGetShareSecurity_@24
_DialogBoxParam_@20
_GetEnvironmentVariable_@12
_RegUnLoadKey_@8
newMultiByteFromWideCharEx
_GetObject@12
_LookupAccountSid_@28
_RegCreateKey_@12
_WritePrivateProfileString_@16
_GetMessage_@16
_StartDoc@8
_LoadKeyboardLayout_@8
_LoadMenu@8
AllocConvertMultiSZNameToA
_SHGetFileInfo_@20
_NDdeShareEnum_@24
_GetEnvironmentStrings_@4
_SHBrowseForFolder_@4

resutils

ResUtilStartResourceService
ResUtilSetResourceServiceStartParameters
ResUtilGetPropertyFormats
ResUtilTerminateServiceProcessFromResDll
ResUtilFindExpandSzProperty
ResUtilAddUnknownProperties
ResUtilGetResourceDependencyByName
ResUtilStopResourceService
ResUtilSetPropertyParameterBlock
ResUtilSetExpandSzValue
ResUtilFindExpandedSzProperty
ResUtilResourceTypesEqual
ResUtilGetDwordValue
ResUtilGetBinaryProperty
ResUtilEnumResourcesEx
ResUtilFreeParameterBlock
ResUtilIsResourceClassEqual
ResUtilGetResourceDependencyByClass
ResUtilGetBinaryValue
ResUtilGetSzProperty
ResUtilVerifyPrivatePropertyList
ResUtilSetSzValue
ResUtilSetBinaryValue
ResUtilCreateDirectoryTree
ResUtilGetEnvironmentWithNetName
ResUtilDupString
ResUtilGetResourceNameDependency
ResUtilGetSzValue
ResUtilGetMultiSzProperty
ClusWorkerCheckTerminate
ResUtilStopService
ResUtilFindLongProperty
ResUtilGetPropertySize
ClusWorkerTerminate
ResUtilGetProperties

crtdll

_mbsnbcat
vprintf
_ismbbkana
_y0
bsearch
isleadbyte
_execlpe
_memicmp
strftime
_timezone_dll
_sleep
_write
wcscspn
free
_global_unwind2
_heapset
isupper
fscanf
puts
_initterm
_flsbuf
_winmajor_dll
sprintf
iswalnum
calloc
_wcsicmp
_spawnlp
_strupr
_spawnve
_memccpy
iswctype
_itoa
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z

cmutil

?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
CmStripPathAndExtW
?FormatWrite@CmLogFile@@AAEXW4_CMLOG_ITEM@@PAG@Z
CmLoadImageW
?GetLogFilePath@CmLogFile@@QAEPBGXZ
CmStrStrW
?SetReadICSData@CIniA@@QAEXH@Z
GetOSVersion
?GetSection@CIniW@@QBEPBGXZ
?GetPrimaryFile@CIniA@@QBEPBDXZ
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
?WPPB@CIniA@@QAEXPBD0H@Z
?SetEntryFromIdx@CIniA@@QAEXK@Z
?SetPrimaryFile@CIniW@@QAEXPBG@Z
?SetReadICSData@CIniW@@QAEXH@Z
?DeInit@CmLogFile@@QAEJXZ
?CIni_SetFile@CIniA@@KGXPAPADPBD@Z
??4CmLogFile@@QAEAAV0@ABV0@@Z
WzToSz
CmLoadSmallIconW
?WPPB@CIniW@@QAEXPBG0H@Z
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
?Write@CmLogFile@@AAEJPAG@Z
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
CmAtolA

kernel32

GetConsoleCommandHistoryA
GetModuleHandleW
DebugBreakProcess
SetThreadExecutionState
GetCompressedFileSizeW
GetProcessHeap
SetCurrentDirectoryA
DebugSetProcessKillOnExit
GetAtomNameA
LocalFlags
ReadFile
InterlockedPushEntrySList
EscapeCommFunction
GetFileSize
GetExpandedNameA
GetCurrentConsoleFont
GetDefaultCommConfigW
GetThreadPriority
GetFileAttributesExA
GetTickCount
OpenSemaphoreA
SetComputerNameExW
VirtualAlloc
OpenFileMappingW
SetConsoleWindowInfo
SleepEx
VDMOperationStarted
LoadLibraryA
WideCharToMultiByte
SetComputerNameA
GetFirmwareEnvironmentVariableA
ConsoleMenuControl
GetModuleHandleA
WriteProfileSectionW

Sections

.text
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9ad5302799fa29c312256c05248dca9

Headers

DLL Characteristics

File Characteristics

Imports

userenv

sqlunirl

resutils

crtdll

cmutil

kernel32

Sections

.text Size: 366KB - Virtual size: 366KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 161KB - Virtual size: 1.5MB

.rsrc Size: 140KB - Virtual size: 140KB

.reloc Size: 1024B - Virtual size: 960B

.text
Size: 366KB - Virtual size: 366KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 161KB - Virtual size: 1.5MB

.rsrc
Size: 140KB - Virtual size: 140KB

.reloc
Size: 1024B - Virtual size: 960B