b4e9bdbeca40e1d74dbf77b88463624c2588fe9e75aeb898a26e2d616f375cf7

Sharing

Copy URL Twitter E-mail

General

Target

b4e9bdbeca40e1d74dbf77b88463624c2588fe9e75aeb898a26e2d616f375cf7
Size

308KB
MD5

85d252a3dbcfb372fabd713b83368675
SHA1

b603bf58e54e733cbc27cb804c989c3f806ef5df
SHA256

b4e9bdbeca40e1d74dbf77b88463624c2588fe9e75aeb898a26e2d616f375cf7
SHA512

2fe9380fdf67b6ef28a4262f554a55953d53a2030107ca79a35fc8997fb53445fff1de7377a93036e4fec882db8e1bf687fe730d748da9eb003f9c064202c750
SSDEEP

6144:ACHrxsk38OkRHzrV64MBEdopobvupMI1wzYf8oI4fdKJxvcqpddz0kqDdfe:ACLxs5OeMEddbvRI1cYBI412vcqnJ0k7

Score

N/A

Malware Config

Signatures

Files

b4e9bdbeca40e1d74dbf77b88463624c2588fe9e75aeb898a26e2d616f375cf7
.exe windows x86

296b5611645e5a01c1d01d572c2fb191

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSidIdentifierAuthority
RegQueryValueExW
RegOpenKeyW
LookupAccountSidA
OpenServiceW
RegCloseKey
GetSidSubAuthorityCount
CreateServiceW
QueryServiceStatus
StartServiceW
GetSidSubAuthority
IsValidSid
OpenSCManagerW
CloseServiceHandle

user32

LoadStringW

kernel32

TlsAlloc
SetStdHandle
SizeofResource
GetCurrentThreadId
SetEnvironmentVariableA
GetFileType
VirtualAlloc
FreeEnvironmentStringsW
VirtualFree
CloseHandle
LockResource
GetSystemDirectoryW
HeapAlloc
FatalAppExitA
OpenEventW
GetUserDefaultLCID
GetSystemInfo
TlsFree
CreateThread
EnumSystemLocalesA
SetLastError
TlsSetValue
GetStdHandle
LeaveCriticalSection
HeapReAlloc
GetTimeFormatA
CompareStringW
IsValidLocale
WaitForSingleObject
LCMapStringW
GetSystemTimeAsFileTime
GetDateFormatA
FindResourceW
VirtualQuery
WideCharToMultiByte
FreeEnvironmentStringsA
HeapFree
GetOEMCP
TlsGetValue
EnterCriticalSection
GetModuleHandleA
MapViewOfFile
GetTimeZoneInformation
IsValidCodePage
SetHandleCount
CreateFileW
WriteFile
LCMapStringA
UnhandledExceptionFilter
FlushFileBuffers
VirtualProtect
DeleteFileW
RtlUnwind
LoadResource
GetCommandLineA
GetComputerNameA
GetACP
HeapDestroy
CompareStringA
SetFilePointer
DeleteCriticalSection
DeviceIoControl
OpenFileMappingW
HeapSize
LoadLibraryA

esent

JetCreateIndex
JetDupCursor
JetDefragment2
JetCreateInstance
JetGetLogInfo
JetGetCursorInfo
JetGetLogInfoInstance
JetExternalRestore2
JetStopServiceInstance
JetOpenFileSectionInstance
JetSetLS
JetGotoBookmark
JetCreateTableColumnIndex

odbccp32

SQLCreateDataSourceW
SQLValidDSNW
SQLRemoveDriverW
SQLInstallerErrorW
SQLManageDataSources
SQLPostInstallerError
SQLInstallDriverManager
SQLCreateDataSourceExW

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

296b5611645e5a01c1d01d572c2fb191

Headers

File Characteristics

Imports

advapi32

user32

kernel32

esent

odbccp32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 281KB - Virtual size: 1.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 281KB - Virtual size: 1.1MB

.rsrc
Size: 3KB - Virtual size: 2KB