ce2887b5708cf23200d30612787660de746cc26c10161ac6c1bb8777b04312e1

Sharing

Copy URL Twitter E-mail

General

Target

ce2887b5708cf23200d30612787660de746cc26c10161ac6c1bb8777b04312e1
Size

332KB
MD5

6dd8424fbc3638920bf3d8af73495ade
SHA1

0a79ba3dd8476254b8e9c3ba5302dc670ec99fec
SHA256

ce2887b5708cf23200d30612787660de746cc26c10161ac6c1bb8777b04312e1
SHA512

e83bf15d141cdfbbd4b34125c73974627ea9fea4381975e188d391e578eb245a246d0fe8080829b3d06382e1885762e02000faab499325915df0c9e4909516a9
SSDEEP

6144:j6R8ud/yC0xw+zbXPb5RYf9tY7wxGNujWYVADN/Pk7rkOPCVq8L:+R5X0xwa7zn8sMGCWxmyV3L

Score

N/A

Malware Config

Signatures

Files

ce2887b5708cf23200d30612787660de746cc26c10161ac6c1bb8777b04312e1
.exe windows x86

6935be4ca700de2d33b31a2a248e7787

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

crtdll

_ismbbkalnum
_chsize
abort
strncat
_execvpe
_sleep
log
_mbsspnp
_ismbbgraph
__argc_dll
memcpy
ftell
isspace
_purecall
gmtime
wcsrchr
_winmajor_dll
_fullpath
_CIcos
_wcsnset
_beep
_flsbuf
strncpy

kernel32

SetConsoleOutputCP
FindFirstVolumeA
GetEnvironmentStringsW
IsValidCodePage
FindFirstFileExA
IsValidLocale
InitializeCriticalSection
BaseCheckAppcompatCache
GetConsoleAliasA
ExitProcess
SetLastError
SetLastConsoleEventActive
CreateMailslotW
IsDebuggerPresent
GetDriveTypeA
GetPrivateProfileStructW
IsProcessInJob
ReadConsoleInputExW
SetLocalPrimaryComputerNameW
CreateProcessInternalW
FlushConsoleInputBuffer
OutputDebugStringA
SetConsoleTitleW
LoadLibraryA
CancelDeviceWakeupRequest
VirtualAlloc
GetConsoleCommandHistoryA
lstrcat
GetConsoleFontSize
GetFullPathNameW
BaseUpdateAppcompatCache
GetFileSizeEx

cmutil

CmStripPathAndExtW
?WPPB@CIniW@@QAEXPBG0H@Z
CmStrStrA
??0CRandom@@QAE@XZ
?DeInit@CmLogFile@@QAEJXZ
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
?Write@CmLogFile@@AAEJPAG@Z
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
?GetRegPath@CIniW@@QBEPBGXZ
GetOSBuildNumber
CmIsDigitW
?CIniW_WriteEntryToReg@CIniW@@IBEHPAUHKEY__@@PBG1PBEKK@Z
CmRealloc
?GetSection@CIniW@@QBEPBGXZ
?SetFile@CIniW@@QAEXPBG@Z
?GetPrimaryFile@CIniA@@QBEPBDXZ
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
?WPPI@CIniW@@QAEXPBG0K@Z
?SetReadICSData@CIniA@@QAEXH@Z
?LoadSection@CIniW@@QBEPAGPBG@Z
?SetSection@CIniW@@QAEXPBG@Z

sqlunirl

_RegOpenKeyEx_@20
_UnregisterClass_@8
_CompareString_@24
_GetFileAttributes_@4
_ShellAbout_@16
_NDdeIsValidShareName_@4
_GetTextExtentPoint@16
_InsertMenu_@20
_SHGetPathFromIDList_@8
_LookupPrivilegeDisplayName_@20
_ChooseColor_@4
_EnumResourceTypes_@12
_DrawState_@40
newMultiByteFromWideChar
_DefFrameProc_@20
_DefWindowProc@16

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6935be4ca700de2d33b31a2a248e7787

Headers

File Characteristics

Imports

crtdll

kernel32

cmutil

sqlunirl

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 1024B - Virtual size: 397KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 1024B - Virtual size: 397KB

.rsrc
Size: 18KB - Virtual size: 18KB