ff69a36cac63015f4a58a1e10c666ec97a3dcd256d4dce54e95e231de974d412

Sharing

Copy URL Twitter E-mail

General

Target

ff69a36cac63015f4a58a1e10c666ec97a3dcd256d4dce54e95e231de974d412
Size

822KB
MD5

fda67f640c87d8584004293013f8c1f8
SHA1

a1194031783afe0ac3deeb8fddd6889a5a757f26
SHA256

ff69a36cac63015f4a58a1e10c666ec97a3dcd256d4dce54e95e231de974d412
SHA512

e7e9b8f69975b12ee0daee875a6adcf3e65357d6bb33f19a46d3118359fc692a0f5a304d77445431b7478b25f68531bea4d414ee37b475e71f7174aa0e7061bc
SSDEEP

12288:2v7jJP8626lJGm9zWFs2CuL2SnS/BNDzc8yXHCYTGGeZLslZMkPWlLqs7HtDpDR:2vXNh2mGVi29nSzzc8ytOSl+LqSHtD

Score

N/A

Malware Config

Signatures

Files

ff69a36cac63015f4a58a1e10c666ec97a3dcd256d4dce54e95e231de974d412
.exe windows x86

1452be3b7ccb942860c31d637d4c062a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_ttof
_RegisterEventSource_@8
_LoadImage_@24
_GetEnhMetaFile_@4
_RegOpenKeyEx_@20
_SHGetFileInfo_@20
_BackupEventLog_@8
_InsertMenuItem_@16
_GetToolsFilePath@16
_GetClassInfoEx_@12
_GetTextFace_@12
_GetGlyphOutline_@28
_NDdeShareDel_@12
_BuildCommDCB_@8
_WriteProfileString_@12
_SetDlgItemText@12
_RegDeleteValue_@8
_RegQueryValueEx_@24
_FormatMessage@28
_CreateMDIWindow_@40
_RegOpenKey_@12
_trename
_FreeEnvironmentStrings@4
_NDdeTrustedShareEnum_@24
_GetDiskFreeSpaceEx_@16
_SetClassLong_@12
_SetICMProfile_@8
_CreateService_@52
_SendMessageTimeout_@28
_DefMDIChildProc_@16
_RegLoadKey_@12
_SystemParametersInfo_@16
_GetClassName_@12
_SetWindowText@8
_SetFileAttributes_@8

kernel32

GetModuleHandleA
AttachConsole
RegisterConsoleOS2
ExitProcess
GetAtomNameA
WriteProcessMemory
FileTimeToDosDateTime
GetConsoleCommandHistoryW
GetSystemDirectoryA
CreateWaitableTimerA
CreateConsoleScreenBuffer
DeleteTimerQueueTimer
CallNamedPipeA
SetProcessAffinityMask
FreeEnvironmentStringsA
FindFirstVolumeW
FindNextFileA
LoadLibraryA
VirtualUnlock
SetConsoleMenuClose
_lwrite
DeleteAtom
VirtualAlloc
GetStdHandle
GlobalWire
FatalExit
Heap32ListNext
GetConsoleKeyboardLayoutNameA
FindFirstFileW
LZCreateFileW
SetConsoleTitleW
ReadFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsBadHugeReadPtr
WTSGetActiveConsoleSessionId

mprapi

MprAdminConnectionEnum
MprConfigServerBackup
MprAdminGetErrorString
MprConfigServerGetInfo
MprAdminInterfaceDisconnect
MprAdminServerConnect
MprAdminConnectionGetInfo
MprAdminMIBEntryGetNext
MprInfoBlockFind
MprAdminInterfaceSetInfo
MprAdminInterfaceTransportRemove
MprAdminInterfaceGetCredentials
MprAdminInterfaceGetHandle
MprDomainQueryRasServer
MprAdminInterfaceUpdateRoutes
MprConfigServerConnect
MprConfigServerRefresh
MprAdminUserSetInfo
MprAdminGetPDCServer
MprAdminInterfaceQueryUpdateResult
MprAdminUserWrite
MprAdminSendUserMessage
MprConfigGetGuidName
MprAdminMIBServerConnect
MprInfoBlockSet
MprAdminInterfaceDeviceGetInfo
MprConfigTransportGetInfo
MprAdminMIBEntrySet
MprConfigInterfaceEnum
MprAdminMIBEntryDelete
MprConfigServerDisconnect
MprAdminMIBEntryGetFirst

dhcpsapi

DhcpGetAllOptions
DhcpRemoveOptionV5
DhcpDsClearHostServerEntries
DhcpSetOptionValuesV5
DhcpServerBackupDatabase
DhcpDsInit
DhcpDeleteClass
DhcpSetSuperScopeV4
DhcpGetVersion
DhcpGetClientOptions
DhcpCreateClass
DhcpEnumMScopeClients
DhcpGetClientInfoV4
DhcpEnumMScopeElements
DhcpRemoveOptionValue
DhcpServerGetConfigV4
DhcpScanDatabase
DhcpEnumSubnetElements
DhcpServerSetConfig
DhcpAddMScopeElement
DhcpEnumSubnetElementsV4
DhcpRemoveSubnetElementV5
DhcpEnumSubnets
DhcpServerGetConfig
DhcpServerSetDnsRegCredentials
DhcpEnumSubnetClientsV5
DhcpRemoveOptionValueV5

ssdpapi

SsdpStartup
GetNextService
DeregisterNotification
RegisterNotification
SsdpCleanup
FindServicesCancel
GetFirstService
FindServicesCallback
CleanupCache
DHSetICSInterfaces
FindServicesClose
FindServices
DeregisterService
RegisterService
DHSetICSOff
FreeSsdpMessage

Sections

.text
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1452be3b7ccb942860c31d637d4c062a

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

kernel32

mprapi

dhcpsapi

ssdpapi

Sections

.text Size: 391KB - Virtual size: 391KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 188KB - Virtual size: 1.5MB

.rsrc Size: 95KB - Virtual size: 95KB

.reloc Size: 1024B - Virtual size: 976B

.text
Size: 391KB - Virtual size: 391KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 188KB - Virtual size: 1.5MB

.rsrc
Size: 95KB - Virtual size: 95KB

.reloc
Size: 1024B - Virtual size: 976B