f8a0abf0d8c9eeaeac393030276b71feee424384a1b7cc875cdfec0f7a8629d3

Sharing

Copy URL Twitter E-mail

General

Target

f8a0abf0d8c9eeaeac393030276b71feee424384a1b7cc875cdfec0f7a8629d3
Size

124KB
MD5

4597517505251a6bdb905faff54e2f80
SHA1

9171c00e21bd187b0202bcb0a79199de3e84e1f9
SHA256

f8a0abf0d8c9eeaeac393030276b71feee424384a1b7cc875cdfec0f7a8629d3
SHA512

2ed1f02544ccb39c66e1e23cdff5dc1a5c9f31f0ff56cb93f33cf48901898e6dc7903750058f30324d87853b856e104a8a21f38d8c0e28103ca42b21e383452d
SSDEEP

3072:IJ1w4izwF0j7avEYqYoaocTn2EpAKtcin0YOX9DT+nJpZcuGuEwQ+THLqV/Oy:yNnRSKRd49uzZlQAeV1

Score

N/A

Malware Config

Signatures

Files

f8a0abf0d8c9eeaeac393030276b71feee424384a1b7cc875cdfec0f7a8629d3
.dll windows x86

8cd54bcf4e61f4b407da5af0da5fc6f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathSkipRootW
PathRemoveBlanksW
StrRetToBufW
PathCombineW
StrStrA
SHDeleteKeyW
PathStripPathA
UrlGetLocationA
SHGetInverseCMAP
PathStripPathW
SHIsLowMemoryMachine
StrCmpW
UrlUnescapeA
StrCatW
AssocIsDangerous
UrlCreateFromPathW
PathRemoveBlanksA
StrStrW
StrChrNW
PathRemoveExtensionW
PathFindExtensionA
PathUnExpandEnvStringsW
PathSkipRootA
PathFindExtensionW
PathRemoveExtensionA
StrCmpIW
PathStripToRootW
DllGetVersion
UrlHashW
StrCSpnW
UrlCombineA
SHGetViewStatePropertyBag
PathFindFileNameA
PathFindFileNameW
StrTrimA
PathAddExtensionA
StrCpyW
UrlCompareA
StrTrimW
PathIsSystemFolderA
StrDupW
PathSetDlgItemPathW
PathUnquoteSpacesW
PathStripToRootA
SHStrDupW
PathGetDriveNumberA
StrChrIW
PathGetDriveNumberW
PathIsLFNFileSpecA
StrCSpnA
PathQuoteSpacesA
PathUnmakeSystemFolderW
StrStrIW
UrlIsNoHistoryW
StrStrIA
SHRegEnumUSKeyA

odbcjt32

SQLConnectW
SQLSetPos
SQLEndTran
SQLGetInfoW
SQLAllocHandle
SQLGetTypeInfoW
SQLExtendedFetch
SQLSetEnvAttr
ConfigDSNW
SQLDriverConnectW
SQLNumParams
LoginDialogProc
SQLFreeEnv
SQLPrepareW
InvisibleSelectDb
SQLCopyDesc
SQLSetDescRec
RepairCompactProc
SQLRowCount
SQLGetData
InitializeLoginDialog
AdvancedDialogProc
LoadByOrdinal
SQLPutData
SQLBindParameter
SQLSetCursorNameW
OpenDirHook
SQLSetScrollOptions
SQLSpecialColumnsW
SQLMoreResults
ConfigDSN
SQLColAttributeW
SQLGetDiagRecW
SQLFreeStmt
SQLExecDirectW

user32

DdeDisconnectList
SendIMEMessageExA
wsprintfW
IsWindowUnicode
GetNextDlgGroupItem
LookupIconIdFromDirectory
TrackPopupMenu
DragDetect
LoadAcceleratorsW
UpdateWindow
LoadBitmapW
GetSysColor
ClientToScreen
ValidateRgn
GetUpdateRect
IsChild
GetWindowModuleFileNameW
SendNotifyMessageW
LockWindowUpdate
IMPSetIMEA
DeregisterShellHookWindow
AnyPopup
TranslateMessage
RegisterHotKey
MessageBoxIndirectA
DlgDirSelectComboBoxExW
SetWindowLongA
UnhookWinEvent
FillRect
ExcludeUpdateRgn
EnumDesktopWindows
SetMenuItemInfoW
SetMenuDefaultItem
DdeCmpStringHandles
DdeConnect
WINNLSGetEnableStatus
CopyIcon
DrawTextA
NotifyWinEvent
CreateDesktopW
SetPropA
InvalidateRect
EnumPropsExA
SwitchDesktop
SetWindowsHookA
GrayStringW
DlgDirListComboBoxW
GetMouseMovePointsEx
SetMessageQueue
GetWindowInfo
OemToCharA
GetClipboardViewer
SendInput
CharToOemW
MapVirtualKeyA
LoadCursorA
CloseClipboard
CallWindowProcW
EnumWindows
MessageBeep

ulib

?Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z
?ResetBit@BITVECTOR@@QAEXKK@Z
??1WSTRING@@UAE@XZ
?Initialize@MACHINE@@QAEEXZ
?PutString@BSTRING@@IAEXPADK@Z
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
??OWSTRING@@QBEEABV0@@Z
??1BITVECTOR@@UAE@XZ
??0OBJECT@@QAE@ABV0@@Z
??0BYTE_STREAM@@QAE@XZ
??1HMEM@@UAE@XZ
??0HMEM@@QAE@XZ
??4OBJECT@@QAEAAV0@ABV0@@Z
??_7BDSTRING@@6B@
?QueryClassId@OBJECT@@QBEKXZ
?DeleteChAt@WSTRING@@QAEXKK@Z
?QueryIterator@ARRAY@@UBEPAVITERATOR@@XZ
?QueryIterator@LIST@@UBEPAVITERATOR@@XZ

regapi

RegBuildNumberQuery
RegPdCreateA
RegOpenServerA
RegOpenServerW
RegWinStationQuerySecurityA
RegWinStationQueryW
RegCdEnumerateW
RegWinStationEnumerateA
RegWdDeleteW
RegWinStationSetSecurityW
RegWinStationSetSecurityA

oleaut32

VarR8FromI2
SafeArrayUnlock
VarDecNeg
VarBstrFromUI1
VarDecInt
VarI1FromI4
VarUI2FromR4
VarCyCmp
VarCyFromI2
VARIANT_UserUnmarshal
VarBstrFromI1
VarOr
VarUI2FromI2
VarUI1FromDec
GetRecordInfoFromGuids
SafeArrayLock
VarBoolFromUI2
VarUI4FromDisp
VarI4FromI2
LPSAFEARRAY_UserFree
VarI1FromUI2
VariantTimeToDosDateTime
VarBstrFromCy
BSTR_UserSize
VarAdd
VarCyFromStr
VarR4FromUI4
SysFreeString
GetVarConversionLocaleSetting
VarI4FromUI4

mapi32

ScCreateConversationIndex@16
FBadColumnSet@4
MAPIAllocateMore@12
ScMAPIXFromCMC
UNKOBJ_ScAllocate@12
SwapPword@8
RTFSync@12
CreateIProp@24
BMAPIReadMail
cmc_logon
ScLocalPathFromUNC@12
ScBinFromHexBounded@12
MAPILogonEx@20
CreateTable@36
MNLS_lstrcmpW@8
GetOutlookVersion@0
DllGetClassObject
FBadRglpszW@8
UFromSz@4
MAPIDetails
FixMAPI@0
MAPIReadMail
SzFindCh@8
UNKOBJ_ScCOReallocate@12
OpenTnefStream@28
BMAPIGetAddress
cmc_list
OpenTnefStreamEx
DeinitMapiUtil@0
FPropContainsProp@12
MAPIFreeBuffer@4
MAPIUninitialize@0
ScRelocProps@20
FtAdcFt@20
LAUNCHWIZARD
FtDivFtBogus@20
MAPIOpenLocalFormContainer
CloseIMsgSession@4
IsBadBoundedStringPtr@8
WrapStoreEntryID@24

synceng

ClearBriefcaseCache
CloseBriefcase
DestroyTwinList
ReconcileItem
GetFileStamp
AnyTwins
FindNextBriefcase
FindFirstBriefcase
GetFolderTwinStatus
AddAllTwinsToTwinList
GetVolumeDescription
DestroyFolderTwinList
FindBriefcaseClose
CountSourceFolderTwins
IsOrphanObjectTwin
DeleteBriefcase
GetObjectTwinHandle
DestroyRecList
BeginReconciliation
RemoveTwinFromTwinList
AddTwinToTwinList
ReleaseTwinHandle
CompareFileStamps
IsFolderTwin
CreateFolderTwinList
SaveBriefcase
CreateRecList
CreateTwinList
OpenBriefcase
AddObjectTwin
DeleteTwin
AddFolderTwin
RemoveAllTwinsFromTwinList
GetOpenBriefcaseInfo
IsPathOnVolume

kbdfr

KbdLayerDescriptor

devenum

DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer

comcat

DllRegisterServer
DllCanUnloadNow
DllGetClassObject
DllUnregisterServer

kernel32

GetStartupInfoW
lstrlenW
GetConsoleWindow
GetConsoleTitleA
CloseHandle
WriteFile
GetCommandLineA
lstrlenA
GetCompressedFileSizeW
CopyFileA
GetLocalTime
lstrcmpW
GetCurrentThreadId
VirtualAlloc
ReadFile
VirtualFree
GetSystemTime
GetCompressedFileSizeA
GetVersion
GetCommandLineW
GetCurrentProcess
GetConsoleTitleW
GetFileAttributesW
lstrcmpA
CreateFileA
GetCurrentThread
GetFileAttributesA
GetCurrentProcessId

gcdef

DllCanUnloadNow
DllGetClassObject

msorcl32

SQLSetScrollOptions
SQLProcedureColumns
SQLGetData
SQLProcedures
SQLParamData
SQLAllocConnect
ConfigDSN
SQLColAttributes
SQLNativeSql
SQLAllocEnv
SQLDescribeCol
SQLExtendedFetch
SQLExecDirect
SQLNumParams
SQLDriverConnect
SQLBrowseConnect
SQLTransact
SQLSetConnectOption
SQLGetInfo
SQLRowCount
DllUnregisterServer
SQLExecute
DllMain
SQLDisconnect
SQLFetch
SQLMoreResults
SQLSetCursorName
SQLFreeStmt
SQLGetTypeInfo
SQLDescribeParam
SQLGetConnectOption
SQLForeignKeys

msvcp60

?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEGXZ
??_7out_of_range@std@@6B@
?do_hash@?$collate@D@std@@MBEJPBD0@Z
?flags@ios_base@std@@QAEHH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??1?$ctype@D@std@@UAE@XZ
?do_neg_format@?$_Mpunct@D@std@@MBE?AUpattern@money_base@2@XZ
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGHG@Z
?pow@std@@YA?AV?$complex@N@1@ABNABV21@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?rdbuf@?$basic_fstream@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_filebuf@GU?$char_traits@G@std@@@2@XZ
??Hstd@@YA?AV?$complex@M@0@ABV10@0@Z

qmgrprxy

DllUnregisterServer
DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_MEM_READ

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cd54bcf4e61f4b407da5af0da5fc6f7

Headers

File Characteristics

Imports

shlwapi

odbcjt32

user32

ulib

regapi

oleaut32

mapi32

synceng

kbdfr

devenum

comcat

kernel32

gcdef

msorcl32

msvcp60

qmgrprxy

Sections

.reloc Size: 6KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 760B

.data Size: 14KB - Virtual size: 14KB

.rdata Size: 11KB - Virtual size: 11KB

.text Size: 90KB - Virtual size: 90KB

.reloc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 760B

.data
Size: 14KB - Virtual size: 14KB

.rdata
Size: 11KB - Virtual size: 11KB

.text
Size: 90KB - Virtual size: 90KB