be4063525a80c94ae07d606fec7717a1b776169fdba176c536a16324d033f8e9

Sharing

Copy URL Twitter E-mail

General

Target

be4063525a80c94ae07d606fec7717a1b776169fdba176c536a16324d033f8e9
Size

41KB
MD5

3046462aba7d0a0818eb8c80c324e732
SHA1

67977061e91b3481cf4d28203fe5b971b9a93c13
SHA256

be4063525a80c94ae07d606fec7717a1b776169fdba176c536a16324d033f8e9
SHA512

48b852d66650fc2f4506f539016b74afeb6e8a58f25ba435cddd1a381142d76d8a3a142c51aa98b477f52f683a818fd7fc96ce97f9383e85c939384ec9608e81
SSDEEP

768:OI/89pnbVl52sE/DGTJpkL+pZNIZSXb6Sw6PMiEAVWL97:mbVE/mkLQ/b6v6/La97

Score

N/A

Malware Config

Signatures

Files

be4063525a80c94ae07d606fec7717a1b776169fdba176c536a16324d033f8e9
.exe windows x86

b842afc3c0e4e6af60a0016a2f803a7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CancelIo
IsWow64Process
FindFirstVolumeA
VirtualFree
CommConfigDialogA
FindResourceExW
GlobalAlloc
RegisterWaitForInputIdle
ConvertDefaultLocale
SetComputerNameExW
EnumSystemCodePagesW
GetStartupInfoA
BaseDumpAppcompatCache
GetConsoleAliasExesLengthW
GetVolumeNameForVolumeMountPointA
HeapAlloc
AddLocalAlternateComputerNameW
GetGeoInfoW
CreateTapePartition
GetConsoleCharType
lstrlen
SetLastError
VirtualAlloc
GetModuleHandleA
CreateNamedPipeW
GetCurrentProcess
LocalFlags
InterlockedPushEntrySList
MapUserPhysicalPagesScatter
EnumResourceNamesW
GetACP
GetConsoleCursorInfo
LoadLibraryA
QueryMemoryResourceNotification
ResetEvent
VirtualUnlock
ShowConsoleCursor
FreeLibraryAndExitThread

gdi32

EngMultiByteToWideChar
GetKerningPairsW
DdEntry43
SetLayout
DdEntry51
SetROP2
RoundRect
GetCharWidthInfo
GetCharABCWidthsFloatW
GetAspectRatioFilterEx
EngStrokePath
DdEntry50
GetTextExtentPoint32A
FixBrushOrgEx
OffsetClipRgn
EnumFontsA
ChoosePixelFormat
CreateEllipticRgn
GdiComment
GdiEntry12
CreateRectRgnIndirect
GdiPlayScript
GetTextExtentPointI
GdiFlush
GetDCBrushColor
GetTextExtentExPointWPri
EngDeletePath
EngDeleteSurface
PATHOBJ_bEnumClipLines
FONTOBJ_pvTrueTypeFontFile
GetSystemPaletteUse

odbcjt32

SQLSetScrollOptions
SQLSetDescRec
SQLGetTypeInfoW
SQLFreeStmt
SQLConnectW
DefTxtFmtDlgProc
SelectIndexDlgProc
SQLFetchScroll
SQLSetConnectAttrW
SQLColumnsW
SQLSetPos
SQLMoreResults
LoadByOrdinal
SQLSetEnvAttr
SQLNumParams
SQLGetConnectAttrW
SQLCloseCursor
SQLGetStmtAttrW
SQLDescribeColW
SQLGetData
SQLSetStmtAttrW
SelectUIdxDlgProc
SQLDisconnect
SQLFreeEnv
SQLAllocHandle
ConfigDialogProc
SQLTablesW
SQLBulkOperations
OpenDirHook
SQLNativeSqlW
SQLNumResultCols
InvisibleSelectDb
SQLProcedureColumnsW
SQLFreeHandle
SQLGetInfoW

ifsutil

?Sort@TLINK@@QAEXXZ
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?AddEdge@DIGRAPH@@QAEEKK@Z
?Remove@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?RemoveAll@NUMBER_SET@@QAEEXZ
?GetData@TLINK@@QAEAAVBIG_INT@@G@Z
?CheckAndAdd@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?ShellSort@TLINK@@QAEXXZ
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z
??1VOL_LIODPDRV@@UAE@XZ
??1DP_DRIVE@@UAE@XZ
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?DumpHashTable@SPARSE_SET@@QAEXXZ
?QueryDriveHandle@DP_DRIVE@@QBEPAXXZ
?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@@Z
?Initialize@SUPERAREA@@IAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KPAVMESSAGE@@@Z
??1INTSTACK@@UAE@XZ
?FlushCache@IO_DP_DRIVE@@QAEEXZ
?Initialize@INTSTACK@@QAEEXZ
??1LOG_IO_DP_DRIVE@@UAE@XZ
?GetSortedNext@TLINK@@QAEPAXPAX@Z
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?QuerySectors@DP_DRIVE@@UBE?AVBIG_INT@@XZ
?EnableFileSystem@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Initialize@MOUNT_POINT_MAP@@QAEEXZ

dbghelp

MapDebugInformation
SymMatchFileName
SymFunctionTableAccess64
SymEnumerateSymbols64
StackWalk64
SymGetLineNext
SymGetModuleInfo
SymSetContext
DbgHelpCreateUserDumpW
SymLoadModule64
SymGetSearchPath
SymGetTypeInfo
SymGetSymFromAddr64
SymFunctionTableAccess
SymGetSymFromName64
SymGetLineFromName
SymLoadModule
FindDebugInfoFileEx
SymRegisterCallback64
SymEnumSymbols
SymEnumerateModules
SymFromAddr
SymGetSymNext64
SymGetSymPrev
SymUnloadModule
SymGetLineNext64
EnumerateLoadedModules
SymEnumerateModules64

rasman

RasGetCustomScriptDll
RasRefConnection
RasSetEapUserInfo
RasSetDeviceConfigInfo
RasCreateConnection
RasBundleGetStatistics
RasRpcConnect
RasServerPortClose
RasPortEnumProtocols
RasRpcRemoteRasDeleteEntry
RasSendCreds
RasAddNotification
RasGetPortUserData
RasConnectionGetStatistics
RasGetCalledIdInfo
RasGetNumPortOpen
RasRpcPortGetInfo
RasPortGetStatisticsEx
RasmanUninitialize
RasCompressionSetInfo
RasSetKey
RasPortGetBundle
RasPortBundle
RasGetHConnFromEntry
RasSetCachedCredentials
RasPortClearStatistics
RasReferenceCustomCount

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b842afc3c0e4e6af60a0016a2f803a7a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

odbcjt32

ifsutil

dbghelp

rasman

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 2KB