94bcf08282c3dbefdaeb96d4e394d41eca6b80837754e360c8f1ec1997224e55

Sharing

Copy URL

Twitter E-mail

General

Target

94bcf08282c3dbefdaeb96d4e394d41eca6b80837754e360c8f1ec1997224e55
Size

833KB
MD5

aa7568aea6993efc03278e631cd5f441
SHA1

94e4839d1d487a4e7341e10359558e466695a500
SHA256

94bcf08282c3dbefdaeb96d4e394d41eca6b80837754e360c8f1ec1997224e55
SHA512

7bcd7ef50a11a403899069cdf37ec3e8be800ee60a48d6678c8e478d0a4923f532abedc306713e762c678fdba678971c3ecd50198383821056ea425e3a63d4c7
SSDEEP

24576:i95ePPXvc7CHKFsOnl+wW3aZCu6LhgPVN9C52dN/:iHePnc7OKnnY16QgPV3C52dN/

Score

N/A

Malware Config

Signatures

Files

94bcf08282c3dbefdaeb96d4e394d41eca6b80837754e360c8f1ec1997224e55
.exe windows x86

c5333275c8bc23af7057d8dd9c3e30d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfcsubs

?GetUpperBound@CStringArray@@QBEHXZ
?FreeAssoc@CMapStringToPtr@@IAEXPAUCAssoc@1@@Z
??_7CCriticalSection@@6B@
??1CMapStringToPtr@@UAE@XZ
?FormatMessageW@CString@@QAAXPBGZZ
?FreeExtra@CStringArray@@QAEXXZ
?SetAt@CString@@QAEXHG@Z
??0CString@@QAE@GH@Z
??0CObject@@IAE@XZ
?SafeStrlen@CString@@KGHPBG@Z
?FormatMessageW@CString@@QAAXIZZ
?Add@CStringArray@@QAEHPBG@Z
??0CString@@QAE@PBD@Z
??0CString@@QAE@PBG@Z
??8@YG_NABVCString@@0@Z
?Format@CString@@QAAXIZZ
?ReverseFind@CString@@QBEHG@Z
?FreeDataChain@CPlex@@QAEXXZ
?UnlockBuffer@CString@@QAEXXZ
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
??_FCMapStringToPtr@@QAEXXZ
?Lock@CCriticalSection@@QAEHXZ
?AfxA2WHelper@@YGPAGPAGPBDH@Z
??4CString@@QAEABV0@PBD@Z
??H@YG?AVCString@@ABV0@0@Z
?FormatV@CString@@IAEXPBGPAD@Z
?ElementAt@CStringArray@@QAEAAVCString@@H@Z
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
??ACStringArray@@QBE?AVCString@@H@Z
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
??1CSyncObject@@UAE@XZ
?Right@CString@@QBE?AV1@H@Z
??O@YG_NABVCString@@PBG@Z
??9@YG_NABVCString@@0@Z
??9@YG_NPBGABVCString@@@Z
?data@CPlex@@QAEPAXXZ
?TrimRight@CString@@QAEXXZ
?Create@CPlex@@SGPAU1@AAPAU1@II@Z
??0CString@@QAE@XZ
?Release@CString@@KGXPAUCStringData@@@Z
??_7CObject@@6B@
??P@YG_NPBGABVCString@@@Z

msvcrt40

_wrmdir
srand
?write@ostream@@QAEAAV1@PBEH@Z
__dllonexit
?gptr@streambuf@@IBEPADXZ
iswctype
?sync@stdiobuf@@UAEHXZ
_heapadd
_mbscpy
__p__iob
log
_ismbchira
??_Distream@@QAEXXZ
_ismbbkpunct
??5istream@@QAEAAV0@PAE@Z
getc
vwprintf
fsetpos
??0bad_cast@@QAE@ABQBD@Z
sscanf
?tie@ios@@QAEPAVostream@@PAV2@@Z
_mbslwr
realloc
_wspawnlpe
?gcount@istream@@QBEHXZ

sqlsrv32

BCP_moretext
SQLSetEnvAttr
SQLBindParameter
SQLNumResultCols
BCP_sendrow
SQLMoreResults
SQLGetDescFieldW
WizDSNDlgProc
SQLGetCursorNameW
SQLExtendedFetch
SQLExecute
BCP_exec
SQLGetDiagRecW
ConfigDriverW
SQLEndTran
SQLColumnPrivilegesW
WizLanguageDlgProc
SQLPutData
SQLColAttributeW
WizDatabaseDlgProc
FinishDlgProc
SQLProcedureColumnsW
SQLFreeHandle
SQLDebug
BCP_readfmt
SQLAllocHandle
SQLForeignKeysW
SQLSpecialColumnsW
SQLGetStmtAttrW
TestDlgProc
SQLPrepareW
BCP_getcolfmt
SQLTablePrivilegesW
SQLConnectW
SQLTablesW
SQLGetInfoW
BCP_columns
SQLSetScrollOptions
SQLPrimaryKeysW
BCP_writefmt
SQLGetConnectAttrW
SQLGetDiagFieldW
ConnectDlgProc
SQLBulkOperations
BCP_bind

kernel32

SetMailslotInfo
ReadConsoleA
ConvertFiberToThread
GetTapePosition
SetCurrentDirectoryW
QueueUserAPC
GetCurrentDirectoryA
ReleaseMutex
GetVersionExW
VerSetConditionMask
GetCommandLineW
GetModuleHandleA
CreateIoCompletionPort
SetConsoleCursor
OpenFileMappingA
SetFileAttributesW
HeapCreate
LoadLibraryA
Toolhelp32ReadProcessMemory
GetConsoleCP
LocalAlloc
GlobalAlloc
BackupRead
AreFileApisANSI
LocalSize
TerminateThread
CopyFileW
CallNamedPipeW
GetQueuedCompletionStatus
GetNumaNodeProcessorMask
GetWindowsDirectoryA
VirtualAlloc
DosPathToSessionPathW
VirtualQuery

catsrvut

RegDBRestore
??4CComPlusInterface@@QAEAAV0@ABV0@@Z
FindAssemblyModulesW
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
StartMTSTOCOM
SysprepComplus
SysprepComplus2
??_7CComPlusMethod@@6B@
??0CComPlusInterface@@QAE@ABV0@@Z
??1CComPlusInterface@@UAE@XZ
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
??4CComPlusObject@@QAEAAV0@ABV0@@Z
WinlogonHandlePendingInfOperations
QueryUserDllW
??_7CComPlusObject@@6B@
ManagedRequestW
?GetITypeLib@CComPlusTypelib@@QAEPAUITypeLib@@XZ
RunMTSToCom
COMPlusUninstallActionW
??0CComPlusObject@@QAE@ABV0@@Z
??0CComPlusComponent@@QAE@ABV0@@Z
RegDBBackup
DllGetClassObject
CGMIsAdministrator
??0CComPlusMethod@@QAE@ABV0@@Z
DllRegisterServer
??_7CComPlusInterface@@6B@
DllCanUnloadNow
??_7CComPlusComponent@@6B@
??1CComPlusComponent@@UAE@XZ
DllUnregisterServer

mswsock

rcmd
SetServiceA
sethostname
GetAddressByNameW
GetTypeByNameA
NSPStartup
WSPStartup
dn_expand
WSARecvEx
TransmitFile
GetAddressByNameA
GetTypeByNameW
GetServiceW
EnumProtocolsW
s_perror
rresvport
EnumProtocolsA
GetAcceptExSockaddrs
GetServiceA
getnetbyname
GetNameByTypeW
inet_network
SetServiceW
GetNameByTypeA
MigrateWinsockConfiguration
NPLoadNameSpaces
rexec
AcceptEx
StopWsdpService
StartWsdpService

ifsutil

?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
??1DP_DRIVE@@UAE@XZ
?IsFrontEndPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?Sort@TLINK@@QAEXXZ
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EG@Z
??0VOL_LIODPDRV@@IAE@XZ
?QueryAutochkTimeOut@VOL_LIODPDRV@@SGEPAK@Z
?DiskCopyMainLoop@@YGHPBVWSTRING@@000EPAVMESSAGE@@1@Z
??0MOUNT_POINT_TUPLE@@QAE@XZ
?Remove@NUMBER_SET@@QAEEPBV1@@Z
?CheckAndAdd@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?QueryMemberCount@TLINK@@QBEGXZ
?Initialize@NUMBER_SET@@QAEEXZ
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?GetFirst@TLINK@@QAEPAXXZ
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?RemoveAll@NUMBER_SET@@QAEEXZ
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?QueryParentsWithChildren@DIGRAPH@@QBEEPAVNUMBER_SET@@K@Z
?Initialize@SPARSE_SET@@QAEEXZ
?Add@NUMBER_SET@@QAEEVBIG_INT@@@Z
?AddStart@NUMBER_SET@@QAEEVBIG_INT@@@Z
??0MOUNT_POINT_MAP@@QAE@XZ
?GetData@TLINK@@QAEAAVBIG_INT@@G@Z
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?QueryPageSize@IFS_SYSTEM@@SGKXZ
?Initialize@TLINK@@QAEEG@Z
??1CANNED_SECURITY@@UAE@XZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Write@SECRUN@@UAEEXZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
?IsATformat@DP_DRIVE@@QBEEXZ
?Recover@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@0@Z
?NtDriveNameToDosDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?QueryDisjointRangeAndAssignBuffer@TLINK@@QAEPAXPAVBIG_INT@@PAG1PAXK2@Z

query

??1CWorkQueue@@QAE@XZ
??0CPropStoreManager@@QAE@K@Z
??1CMmStream@@UAE@XZ
?QueryInterface@CDbProperties@@UAGJABU_GUID@@PAPAX@Z
?Setup@CPropStoreManager@@QAEXKKKKHK@Z
LocateCatalogs
??3CDbParameter@@SGXPAX@Z
?QueryInterface@CEnumWorkid@@UAGJABU_GUID@@PAPAX@Z
??0CDbNatLangRestriction@@QAE@PBGABUtagDBID@@K@Z
?_ImpersonateIf@CImpersonateRemoteAccess@@AAEHPBG0K@Z
?ExtensionHasScriptMap@CMetaDataMgr@@QAEHPBG@Z
?GetFloat@CMemDeSerStream@@UAEMXZ
?GetDWORDParam@CMachineAdmin@@QAEHPBGAAK@Z
?LocaleToCodepage@@YGKK@Z
?GetStringFromLCID@@YGXKPAG@Z
?GetString@CMemDeSerStream@@UAEPADXZ
??0CAllocStorageVariant@@QAE@AAUtagPROPVARIANT@@AAVPMemoryAllocator@@@Z
?GetPropInfo@CEmptyPropertyList@@QAEHPBGPAPAVCDbColId@@PAGPAI@Z
?AddKey@CSynRestriction@@QAEXABVCKeyBuf@@@Z
??1CNotRestriction@@QAE@XZ
?AddRef@CEnumWorkid@@UAGKXZ
?GetDiskSpace@CDriveInfo@@QAEXAA_J0@Z
?IsStopped@CCatalogAdmin@@QAEHXZ
??1CScopeAdmin@@QAE@XZ
??1CPropertyStore@@QAE@XZ
??0CMachineAdmin@@QAE@PBGH@Z
??0CSort@@QAE@I@Z
?EnumerateValues@CRegAccess@@QAEXPAGAAVCRegCallBack@@@Z
?Marshall@CPropNameArray@@QBEXAAVPSerStream@@@Z
??1CDFA@@QAE@XZ
??1CScopeRestriction@@QAE@XZ
??1CKeyArray@@QAE@XZ
?WritePrimaryProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
?SetProperty@CDbPropBaseRestriction@@QAEHABUtagDBID@@@Z
InitializeFILTERPerformanceData

msvcrt20

??4istream@@IAEAAV0@PAVstreambuf@@@Z
_mktemp
_swab
?read@istream@@QAEAAV1@PACH@Z
fprintf
floor
?oct@@YAAAVios@@AAV1@@Z
_heapused
?getline@istream@@QAEAAV1@PADHD@Z
_strtime
realloc
??4strstreambuf@@QAEAAV0@ABV0@@Z
?pbackfail@stdiobuf@@UAEHH@Z
strcpy
??_8stdiostream@@7Bistream@@@
_acmdln
_mbsinc
_ismbbtrail
_getpid
fputws
_strupr
??0ostream@@QAE@PAVstreambuf@@@Z
_tcsset
_mbstrlen
exp
_wcmdln
_wspawnve
_nextafter
_tcsnccat
_wchmod
atoi
??0strstream@@QAE@XZ
_getdcwd
?osfx@ostream@@QAEXXZ
?precision@ios@@QAEHH@Z
?sputc@streambuf@@QAEHH@Z
_adjust_fdiv
_itow
??1iostream@@UAE@XZ

dpmodemx

SPInit

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 690KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5333275c8bc23af7057d8dd9c3e30d4

Headers

DLL Characteristics

File Characteristics

Imports

mfcsubs

msvcrt40

sqlsrv32

kernel32

catsrvut

mswsock

ifsutil

query

msvcrt20

dpmodemx

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 690KB - Virtual size: 2.0MB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 412B

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 690KB - Virtual size: 2.0MB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 412B