f49b1c0a289c5849128b33dca0dbe3c3560f9da6eeb87f47f93394ccc5b44eed

Sharing

Copy URL Twitter E-mail

General

Target

f49b1c0a289c5849128b33dca0dbe3c3560f9da6eeb87f47f93394ccc5b44eed
Size

262KB
MD5

518407fef66cd5c130b9d849ac75bbaa
SHA1

9874365d7e5237819e33f18f7a14b9d63228f5c4
SHA256

f49b1c0a289c5849128b33dca0dbe3c3560f9da6eeb87f47f93394ccc5b44eed
SHA512

80228ed8497ade115ccbfbfec30589bd67ac37baaba61ec4babeb0a4412d710956bfe68e5ac4fed9b1a93a7f5d59cbe9d21355b0d0f7e55433a16bad88016fde
SSDEEP

6144:lxBfT1WK14EnWddgHEjF/gw58cu8KCIxVgc4XWtuG366XaGSs9csQOUUD:lxZ0K14EnWMhw58cvig9mtuC66XRIOUC

Score

N/A

Malware Config

Signatures

Files

f49b1c0a289c5849128b33dca0dbe3c3560f9da6eeb87f47f93394ccc5b44eed
.exe windows x86

5add37a40521b52c290feb45c6a03d6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathUnExpandEnvStringsA
PathUnExpandEnvStringsW

kernel32

ExpandEnvironmentStringsW
GetSystemTimeAsFileTime
HeapDestroy
SetErrorMode
GetProcessHeap
VirtualFree
FreeLibrary
GetSystemInfo
LeaveCriticalSection
GlobalMemoryStatus
WideCharToMultiByte
VirtualUnlock
WaitForSingleObjectEx
VirtualLock
VirtualProtect
GetCurrentThreadId
lstrcpyA
GlobalMemoryStatusEx
PulseEvent
UnhandledExceptionFilter
HeapValidate
OpenMutexA
OpenProcess
GetTempPathA
CreateSemaphoreA
ResetEvent
DeleteCriticalSection
ReleaseSemaphore
lstrcpyW
OpenEventA
HeapFree
SleepEx
HeapAlloc
GetTempFileNameA
IsDebuggerPresent
CloseHandle
WaitForSingleObject
OpenSemaphoreA
SetUnhandledExceptionFilter
CreateMutexA
OutputDebugStringA
GetModuleHandleW
QueryPerformanceFrequency
CreateSemaphoreW
EnterCriticalSection
CreateEventA
HeapSize
ReleaseMutex
GetSystemDirectoryA
VirtualAlloc
ExpandEnvironmentStringsA
GetModuleHandleA
HeapReAlloc
GetWindowsDirectoryA
IsValidLocale

user32

CharLowerA
GetSystemMetrics
CharUpperW
wsprintfA
CharUpperA
CharToOemBuffA
ExitWindowsEx
OemToCharBuffA
CharLowerW

advapi32

FreeSid
SetThreadToken
AddAccessAllowedAce
GetLengthSid
OpenThreadToken
SetSecurityDescriptorSacl
DuplicateTokenEx
DuplicateToken
AdjustTokenPrivileges
CopySid
EqualSid
GetTokenInformation
SetSecurityDescriptorDacl
ImpersonateLoggedOnUser
GetUserNameA
InitializeSecurityDescriptor
RevertToSelf
LookupAccountSidA
AllocateAndInitializeSid
OpenProcessToken
LookupPrivilegeValueA
InitializeAcl

userenv

GetProfileType
FreeGPOListW
ExpandEnvironmentStringsForUserA
LeaveCriticalPolicySection
GetUserProfileDirectoryW
GetProfilesDirectoryW

odbcbcp

bcp_writefmtW
bcp_sendrow
bcp_initA

Sections

.fHYKWK
Size: 3KB - Virtual size: 41KB

IMAGE_SCN_MEM_READ

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.IJLPd
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Hjtb
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZyTa
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Wibj
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oVwlkg
Size: 512B - Virtual size: 273B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yBqFF
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kTplo
Size: 1024B - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aaUZF
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.IRQBx
Size: 1024B - Virtual size: 1023B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HmRSWrt
Size: 1024B - Virtual size: 883B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5add37a40521b52c290feb45c6a03d6b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

userenv

odbcbcp

Sections

.fHYKWK Size: 3KB - Virtual size: 41KB

.text Size: 19KB - Virtual size: 18KB

.IJLPd Size: 3KB - Virtual size: 2KB

.Hjtb Size: 3KB - Virtual size: 2KB

.ZyTa Size: 1KB - Virtual size: 1KB

.Wibj Size: 2KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 21KB

.oVwlkg Size: 512B - Virtual size: 273B

.rdata Size: 208KB - Virtual size: 208KB

.yBqFF Size: 3KB - Virtual size: 2KB

.kTplo Size: 1024B - Virtual size: 534B

.aaUZF Size: 2KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 8KB

.IRQBx Size: 1024B - Virtual size: 1023B

.HmRSWrt Size: 1024B - Virtual size: 883B

.fHYKWK
Size: 3KB - Virtual size: 41KB

.text
Size: 19KB - Virtual size: 18KB

.IJLPd
Size: 3KB - Virtual size: 2KB

.Hjtb
Size: 3KB - Virtual size: 2KB

.ZyTa
Size: 1KB - Virtual size: 1KB

.Wibj
Size: 2KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 21KB

.oVwlkg
Size: 512B - Virtual size: 273B

.rdata
Size: 208KB - Virtual size: 208KB

.yBqFF
Size: 3KB - Virtual size: 2KB

.kTplo
Size: 1024B - Virtual size: 534B

.aaUZF
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 8KB

.IRQBx
Size: 1024B - Virtual size: 1023B

.HmRSWrt
Size: 1024B - Virtual size: 883B