fff92ea3b5676840f013c1d98b523af9c556e443fd78901b73953863cedfe978

Sharing

Copy URL

Twitter E-mail

General

Target

fff92ea3b5676840f013c1d98b523af9c556e443fd78901b73953863cedfe978
Size

51KB
MD5

422f2baea32301638c21e8e5b185f05e
SHA1

1023d248206f64837e9d6fd222fceb36d274feca
SHA256

fff92ea3b5676840f013c1d98b523af9c556e443fd78901b73953863cedfe978
SHA512

d84976e80b5dd069d723dfeb89b6358b3cfff141624f051650d00215826036547fa4f05ba14e0f6f32af34b0ff8924e38213c50f796db5adc41a9b4d3d38bd40
SSDEEP

768:cvBXKCjsXLMfI/VuiX43jMGBZpZOGiiwBwg15X9CAkj5pEbGhL:cvtpILgE4xBZ1iTlRkHEKhL

Score

N/A

Malware Config

Signatures

Files

fff92ea3b5676840f013c1d98b523af9c556e443fd78901b73953863cedfe978
.exe windows x86

fabdc3540a94af5e2211586ddf792528

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbctrac

TraceSQLFreeHandle
TraceSQLBindCol
TraceSQLTablePrivilegesW
TraceSQLSetStmtOption
TraceSQLDrivers
TraceSQLDescribeColW
TraceSQLGetConnectAttr
TraceSQLTablesW
TraceSQLDisconnect
TraceSQLCancel
TraceSQLNumParams
TraceSQLExtendedFetch
TraceSQLGetInfoW
TraceSQLGetConnectOption
TraceSQLErrorW
TraceSQLFreeConnect
TraceSQLPrimaryKeysW
TraceSQLGetConnectOptionW
TraceOpenLogFile
TraceVSControl
TraceSQLSetConnectOptionW
TraceSQLPutData
TraceSQLSetPos
TraceSQLMoreResults
TraceVersion
TraceSQLDriverConnectW
TraceSQLDataSources
TraceSQLGetDescFieldW
TraceSQLGetDiagField

kernel32

LoadLibraryA
FindNextVolumeW
EnumSystemCodePagesW
SystemTimeToTzSpecificLocalTime
UTUnRegister
WaitCommEvent
SetTapeParameters
IsValidLocale
ClearCommBreak
PostQueuedCompletionStatus
GetSystemDefaultLCID
GetConsoleAliasExesLengthW
CreateSemaphoreW
LocalFree
GetNumberOfConsoleInputEvents
GetStartupInfoW
GetProfileSectionA
FindNextFileA
GetMailslotInfo
GetDateFormatA
SetFileApisToANSI
VerSetConditionMask
QueryActCtxW
CreateJobSet
VirtualAlloc
CreateDirectoryExA
LocalReAlloc
SetEvent
GetACP
GetCPInfoExW

powrprof

GetActivePwrScheme
WriteGlobalPwrPolicy
GetCurrentPowerPolicies
ReadProcessorPwrScheme
EnumPwrSchemes
SetSuspendState
IsPwrSuspendAllowed
ReadPwrScheme
CanUserWritePwrScheme
MergeLegacyPwrScheme
DeletePwrScheme
SetActivePwrScheme
LoadCurrentPwrScheme
IsPwrShutdownAllowed
IsPwrHibernateAllowed
WriteProcessorPwrScheme
GetPwrCapabilities
CallNtPowerInformation
ReadGlobalPwrPolicy
ValidatePowerPolicies
GetPwrDiskSpindownRange
WritePwrScheme
IsAdminOverrideActive

mapi32

SetAttribIMsgOnIStg@16
CbOfEncoded@4
MAPILogonEx@20
FBadRglpNameID@8
FDecodeID@12
MNLS_WideCharToMultiByte@32
ScCopyProps@16
FPropContainsProp@12
FBadPropTag@4
cmc_send_documents
GetOutlookVersion@0
HrAddColumns@16
HrQueryAllRows@24
RTFSync@12
PRProviderInit
BMAPIFindNext
SwapPword@8
FBadRestriction@4
HrDecomposeMsgID@24
UNKOBJ_ScAllocate@12
FBadSortOrderSet@4
UNKOBJ_COFree@8
MAPILogon
FBadRow@4
SwapPlong@8
HrGetOmiProvidersFlags@8

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fabdc3540a94af5e2211586ddf792528

Headers

DLL Characteristics

File Characteristics

Imports

odbctrac

kernel32

powrprof

mapi32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB