de2bd5ebe5a61c7d6500170508623b6ea9b7d98c2938d7eccfdbffe4f7f00b78

Sharing

Copy URL Twitter E-mail

General

Target

de2bd5ebe5a61c7d6500170508623b6ea9b7d98c2938d7eccfdbffe4f7f00b78
Size

230KB
MD5

5f3979914555aa513b6c8996c7caeb0c
SHA1

064ba27fa569782a416678cd03b44ac344bfc69d
SHA256

de2bd5ebe5a61c7d6500170508623b6ea9b7d98c2938d7eccfdbffe4f7f00b78
SHA512

27c50dc7cea1f214802f622d8aaef1fda6767b936810d218a64ae3fe27fe622255b00dc7a26476f7b25151a297841a054767d50ccfad9c4a1c64547d8101db0a
SSDEEP

6144:DQvSbCa12YnOeYTya+iEo9/GnCmEPq2ii7z9jphmO8:Uvla1XOeI+iEote3EPviM9jpG

Score

N/A

Malware Config

Signatures

Files

de2bd5ebe5a61c7d6500170508623b6ea9b7d98c2938d7eccfdbffe4f7f00b78
.exe windows x86

64fab5a726401c65e364a8e543ae2683

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasman

RasSetDeviceConfigInfo
RasReferenceRasman
RasGetNumPortOpen
RasGetConnectionUserData
RasRpcDisconnectServer
RasRefConnection
RasPortReceiveEx
RasSetAddressDisable
RasSetConnectionParams
RasPortFree
RasPortSetInfo
RasGetBuffer
RasLinkGetStatistics
RasRegisterRedialCallback
IsRasmanProcess
RasPortSend

oleaut32

VarDecFromR8
VARIANT_UserUnmarshal
VarUI2FromDisp
VarDateFromUI2
VarR4FromUI1
VarUI4FromCy
VarUI4FromR8
VarDateFromR4
VarBoolFromR4
SafeArrayGetDim
VarBoolFromDisp
VarParseNumFromStr
VarBstrFromI2
SystemTimeToVariantTime
VarDateFromUdate
VarBstrFromR4
OleLoadPicture
VarUI4FromI2
VarNumFromParseNum

msvcrt

_mbsnbcoll
iswlower
remove
_mbsbtype
_mbscmp
_putws
__getmainargs
_stat
__p__commode
__p__fmode
_ismbbprint
__p__winmajor
memmove
__set_app_type
exit

utildll

IsPartOfDomain
RegGetNetworkServiceName
GetUnknownString
DateTimeString
InitializeAnonymousUserCompareList
TestUserForAdmin
CalculateDiffTime
HaveAnonymousUsersChanged
CachedGetUserFromSid
CalculateElapsedTime
StrConnectState
InstallModem
StrSdClass
GetSystemMessageW
GetSystemMessageA
WinEnumerateDevices
NetworkDeviceEnumerate
QueryCurrentWinStation
StrSystemWaitReason
EnumerateMultiUserServers
ConfigureModem
RegGetNetworkDeviceName
StrProcessState

hhsetup

?AddChildFolder@CFolder@@QAEPAV1@PBDKPAKG@Z
?GetTitle@CFolder@@QAEPADXZ
?GetOrder@CFolder@@QAEKXZ
?AddChildFolder@CFolder@@QAEPAV1@PBGKPAKG@Z
?SetId@CTitle@@QAEXPBD@Z
?Open@CCollection@@QAEKPBG@Z
??1CTitle@@QAE@XZ
?AddTitle@CCollection@@QAEPAVCTitle@@PBG0000GIPAVCLocation@@PAKH0@Z
?AddChildFolder@CFolder@@QAEKPAV1@@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBDG@Z
?FindLocation@CCollection@@QAEPAVCLocation@@PBGPAI@Z
?GetTitle@CLocation@@QAEPADXZ
?SetId@CLocation@@QAEXPBG@Z
?HandleTitle@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetVersion@CCollection@@QAEKXZ
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?SetTitle@CLocation@@QAEXPBG@Z

odbcjt32

SQLGetTypeInfoW
LoginDialogProc
OpenDirHook
SQLFreeStmt
SQLSetDescFieldW
SQLGetInfoW
SQLPutData
SQLFreeConnect
InitializeLoginDialog
SQLGetCursorNameW
SQLExtendedFetch
SQLProceduresW
SQLConnectW
SQLGetConnectAttrW

shell32

SHGetMalloc

kernel32

WriteConsoleW
CreateFileW
ClearCommError
GetProcessId
CreateConsoleScreenBuffer
LoadLibraryW
GetUserDefaultLCID
GetEnvironmentStringsA
GlobalFindAtomA
GetAtomNameA
FindNextVolumeMountPointW
GetWindowsDirectoryW
BeginUpdateResourceA
GetLocaleInfoA
WritePrivateProfileStringW

user32

MessageBoxW
EndDialog

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64fab5a726401c65e364a8e543ae2683

Headers

File Characteristics

Imports

rasman

oleaut32

msvcrt

utildll

hhsetup

odbcjt32

shell32

kernel32

user32

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 84KB - Virtual size: 83KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 84KB - Virtual size: 83KB

.rsrc
Size: 5KB - Virtual size: 4KB