f3b43d22472c61d5aec55c0c2bfe245518cd851edbc1c7ade9229a075b241135

Sharing

Copy URL Twitter E-mail

General

Target

f3b43d22472c61d5aec55c0c2bfe245518cd851edbc1c7ade9229a075b241135
Size

46KB
MD5

a3c998575fada5ffabdbad9f19f42313
SHA1

5e204d3390fd999677f295e1b57449585464db01
SHA256

f3b43d22472c61d5aec55c0c2bfe245518cd851edbc1c7ade9229a075b241135
SHA512

04d79e0ebe0d625606b7c7270c42f26a04c0313adf2fd6195977cee3a4e97d0ba7700ca4ed1e4c44b268587fa7666a267aae80ae12e2f35da4dd99c4d74ef797
SSDEEP

768:0spQ7Vwg4XttK4SBDB+B43O+A5XQgLoI+pGfjZDML3Pyk3GAQ5OyRa+eeUn2RvTd:0sC7ug4S8B43O+EQgF+0MLP0d5OWap7m

Score

N/A

Malware Config

Signatures

Files

f3b43d22472c61d5aec55c0c2bfe245518cd851edbc1c7ade9229a075b241135
.exe windows x86

b9314996bd5387bc345df1311b1831d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadContext
CreateActCtxW
OpenWaitableTimerA
CompareStringA
EnumResourceLanguagesA
GetConsoleMode
SetConsoleFont
CloseConsoleHandle
GetPrivateProfileSectionNamesA
OutputDebugStringA
SetConsoleInputExeNameA
IsValidLocale
SwitchToThread
VirtualAlloc
SetConsoleHardwareState
lstrcpyW
SetTimerQueueTimer
GetUserDefaultLCID
GetCurrentThread
LoadLibraryA
VerSetConditionMask
GetStartupInfoA
SetLocaleInfoA
SetLastConsoleEventActive

ntdll

RtlFlushSecureMemoryCache
RtlCaptureStackBackTrace
isalnum
RtlCreateEnvironment
RtlUnhandledExceptionFilter
RtlDowncaseUnicodeChar
RtlZombifyActivationContext
wcslen
ZwSetSystemEnvironmentValueEx
RtlIsValidIndexHandle
_aullshr
RtlGenerate8dot3Name
ZwContinue
RtlSetProcessIsCritical
wcsstr
RtlQueryTimeZoneInformation
_memccpy
__isascii
NtLoadKey
RtlSetTimer
NtOpenFile
ZwDebugContinue
RtlConvertExclusiveToShared
RtlEqualSid
NtSetTimer

odbctrac

TraceSQLDriverConnectW
TraceSQLSetDescRec
TraceSQLBrowseConnectW
TraceSQLFreeStmt
TraceSQLGetConnectAttr
TraceSQLFreeHandle
TraceSQLDataSourcesW
TraceSQLForeignKeysW
TraceSQLGetCursorName
TraceSQLSetConnectOption
TraceSQLDescribeParam
TraceSQLDrivers
TraceSQLGetEnvAttr
TraceSQLPrimaryKeys
TraceSQLConnectW
TraceSQLErrorW
TraceVersion
TraceSQLSetScrollOptions
TraceSQLSpecialColumnsW

sqlwoa

_IsDialogMessage@8
_CreateWindowEx@48
_GetWindowTextLength@4
_GetProp@8
newWideCharFromMultiByte
_GetOpenFileName@4
_CharLower@4
_trename
_GetTextExtentPoint@16
_SendDlgItemMessage@20
AllocConvertMultiSZNameToA
_PeekMessage@20
_DeleteFile@4
_FreeEnvironmentStrings@4
_LoadIcon@8
_LoadCursor@8
_GetUserName@8
ConvertMultiSZNameToW

activeds

ReallocADsMem
ADsDecodeBinaryData
ADsBuildVarArrayInt
FreeADsStr
ADsGetLastError
ADsOpenObject
ADsGetObject
ADsSetLastError
BinarySDToSecurityDescriptor
ADsEnumerateNext
AllocADsMem
ADsBuildVarArrayStr
AdsTypeToPropVariant2
ADsEncodeBinaryData
PropVariantToAdsType2
ConvertSecDescriptorToVariant
PropVariantToAdsType
ADsBuildEnumerator
AllocADsStr
ReallocADsStr
AdsFreeAdsValues
ADsFreeEnumerator

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9314996bd5387bc345df1311b1831d8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

odbctrac

sqlwoa

activeds

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 4KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 4KB