d4d76534ffe47ff823148ca34f373bc0c626452afe53b181e77a63a77c30a373

Sharing

Copy URL Twitter E-mail

General

Target

d4d76534ffe47ff823148ca34f373bc0c626452afe53b181e77a63a77c30a373
Size

86KB
MD5

4ffa7e73632a19c1b781b4c8ae04bf2f
SHA1

fe8561c0d12cd21e7e9a3c42b7f61157d38e95dd
SHA256

d4d76534ffe47ff823148ca34f373bc0c626452afe53b181e77a63a77c30a373
SHA512

0c5f9aa308991677c41cf3a04b186bf4402245fd26771921d37fb13d84c91919f2ee8d02551a999ab409d2ea5813b57b741f5575e1e13eb4f8d1aa3cfcfc7cc6
SSDEEP

1536:iC0mhzRn4glVcglBaNSCyv/rt6Rr/1oENv6jrbeaY:gmXn4g7cglBMtynrtG1oC6jH9Y

Score

N/A

Malware Config

Signatures

Files

d4d76534ffe47ff823148ca34f373bc0c626452afe53b181e77a63a77c30a373
.exe windows x86

dd7e6c93f3ada936e730cea1e4db1948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

DeleteIpForwardEntry
GetUdpStatistics
GetIcmpStatistics
_PfUnBindInterface@4
_PfAddFiltersToInterface@24
InternalSetIpForwardEntry
_PfSetLogBuffer@28
Icmp6SendEcho2
GetBestRoute
GetIfTable
InternalGetTcpTable
_PfAddGlobalFilterToInterface@8
SendARP
InternalGetIfTable
IpRenewAddress
NhGetInterfaceNameFromGuid

kernel32

GetCurrentProcessId
FreeLibraryAndExitThread
FindNextVolumeA
BaseInitAppcompatCacheSupport
VirtualAlloc
Module32Next
SetCommConfig
GetCurrencyFormatA
CreateNamedPipeA
GetConsoleAliasesLengthA
GetTickCount
GetLogicalDriveStringsW
SetConsoleHardwareState
GetProfileSectionA
TransactNamedPipe
SetThreadIdealProcessor
SetComputerNameA
GetExitCodeProcess
EnumResourceLanguagesA
lstrcmpW
VerSetConditionMask
GetLastError
FileTimeToLocalFileTime
SetThreadAffinityMask
EnumSystemCodePagesA
GetThreadContext
QueryPerformanceCounter
LoadLibraryA
GetSystemTimeAsFileTime
GetStartupInfoA
GetConsoleOutputCP
GetCurrentThreadId
CreateFiberEx
ReadFileEx
HeapCreate

sqlunirl

_EnumResourceTypes_@12
_NDdeShareGetInfo_@28
_RegisterWindowMessage_@4
_NDdeIsValidAppTopicList_@4
_RegSaveKey_@12
_GetPrivateProfileStruct_@20
_ObjectDeleteAuditAlarm_@12
_GetUserName@8
_MessageBoxIndirect_@4
_GetServiceKeyName_@16
_FindFirstFile_@8
newMultiByteFromWideChar
_MessageBoxEx_@20
_FatalAppExit_@8
_BuildCommDCB_@8
_EnumFontFamilies_@16
_GetDriveType_@4
_GlobalAddAtom_@4
_EnumFontFamiliesEx_@20
_OemToChar_@8
_GetMenuString_@20
_GetGlyphOutline_@28
_RegisterServiceCtrlHandler_@8
__lwrite_@12
_WritePrivateProfileString_@16
_DialogBoxParam_@20
_ChangeDisplaySettings_@8
_EnumDependentServices_@24
_GetObject@12
_WritePrivateProfileStruct_@20
_GetFileSecurity_@20
_ObjectOpenAuditAlarm_@48
_EnumDesktops_@12
_NDdeShareAdd_@20
_ShellExecuteEx_@4
_GetPrivateProfileSection_@16
_CreateMDIWindow_@40

ntdll

RtlOpenCurrentUser
ZwSetLowEventPair
RtlUpperChar
RtlQueryEnvironmentVariable_U
ZwQueryInstallUILanguage
NtImpersonateThread
NtQueryAttributesFile
RtlTraceDatabaseAdd
RtlCompareString
NtSetInformationProcess
KiUserApcDispatcher
RtlEnumProcessHeaps
RtlQueryInformationActiveActivationContext
RtlCompareMemoryUlong
RtlDecompressBuffer
RtlInitializeRXact
RtlSetControlSecurityDescriptor
RtlTraceDatabaseDestroy
_strlwr
RtlUlonglongByteSwap
RtlGetNtVersionNumbers

t2embed

TTRunValidationTestsEx
_TTDeleteEmbeddedFont@12
TTGetEmbeddedFontInfo
_TTIsEmbeddingEnabledForFacename@8
_TTEnableEmbeddingForFacename@8
_TTIsEmbeddingEnabled@8
_TTGetEmbeddingType@8
TTIsEmbeddingEnabledForFacename
TTEmbedFont
TTEmbedFontEx
_TTRunValidationTests@8
_TTCharToUnicode@24
TTRunValidationTests
TTLoadEmbeddedFont
TTIsEmbeddingEnabled
_TTGetEmbeddedFontInfo@28
TTEmbedFontFromFileA
TTDeleteEmbeddedFont
TTGetNewFontName

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd7e6c93f3ada936e730cea1e4db1948

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

kernel32

sqlunirl

ntdll

t2embed

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 22KB - Virtual size: 46KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 22KB - Virtual size: 46KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 300B