cacb7d3663b14081bd6506deae9a876ea777f05e7b1ce342c0143040b60c070d

Sharing

Copy URL

Twitter E-mail

General

Target

cacb7d3663b14081bd6506deae9a876ea777f05e7b1ce342c0143040b60c070d
Size

828KB
MD5

9995bd4e44d3c5dac84209962dd8937a
SHA1

95c2ace8390575b29a1d6799da3e8d81a2ec6501
SHA256

cacb7d3663b14081bd6506deae9a876ea777f05e7b1ce342c0143040b60c070d
SHA512

7b70afae6d7463ac4abb7a13fe0a7f0bbaa2996b7cdd84ce329b213d58e12b1219df8c3029cb949f78c19f32529192ce0841581f6a448202e55e3f3a07c30e0d
SSDEEP

12288:F8WcIw+FS57yvHiKEXP8Wf0VjGtBDDbFBrJjCw94QVGouNe/NzLKQ9v14eLU8t/e:u18FtPM8W8VjYjXhCI4holNPnL/K+

Score

N/A

Malware Config

Signatures

Files

cacb7d3663b14081bd6506deae9a876ea777f05e7b1ce342c0143040b60c070d
.exe windows x86

c8a6668307a54cd9d1c44ad55d09a02c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_PrivilegedServiceAuditAlarm_@20
_ResetDC_@8
_DrawState_@40
_EnumPropsEx_@12
_RegReplaceKey_@16
_FreeEnvironmentStrings@4
_GetEnhMetaFileDescription_@12
_GetModuleFileName@12
newMultiByteFromWideChar
_GetCharABCWidths_@16
_OemToChar_@8
_RegSetValue_@20
_VerQueryValue_@16
_GetFileVersionInfoSize_@8
_OpenEvent_@12
_SetFileSecurity_@12
_RegCreateKey_@12
_IsCharLower_@4
_EnumResourceTypes_@12
AllocConvertMultiSZNameToA
_GetBinaryType_@8
_tfopen
_CreateWaitableTimer_@12
_GetDiskFreeSpaceEx_@16
_GetProfileSection_@12
_lstrcat_@8
_OemToCharBuff_@12
__lcreat_@8
_GetPrivateProfileSection_@16

ifsutil

??0DIGRAPH_EDGE@@QAE@XZ
?QueryFreeDiskSpace@IFS_SYSTEM@@SGEPBVWSTRING@@PAVBIG_INT@@@Z
??0READ_CACHE@@QAE@XZ
?GetMessageW@IO_DP_DRIVE@@QAEPAVMESSAGE@@XZ
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EEG@Z
?AddEdge@DIGRAPH@@QAEEKK@Z
?Lock@IO_DP_DRIVE@@QAEEXZ
??0TLINK@@QAE@XZ
?CheckAndAdd@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?Remove@NUMBER_SET@@QAEEVBIG_INT@@@Z
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
?Write@SECRUN@@UAEEXZ
?Read@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?GetSortedNext@TLINK@@QAEPAXPAX@Z
?ChkDsk@VOL_LIODPDRV@@QAEEW4FIX_LEVEL@@PAVMESSAGE@@KKGPAKPBVWSTRING@@@Z
?DismountVolume@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Format@VOL_LIODPDRV@@QAE?AW4FORMAT_ERROR_CODE@@PBVWSTRING@@PAVMESSAGE@@KKK@Z

kernel32

VirtualLock
GetProcAddress
SetFileShortNameW
ConnectNamedPipe
GetCurrentThread
SetConsoleTitleA
GetLocaleInfoA
SetClientTimeZoneInformation
GetModuleHandleA
VerifyVersionInfoA
Thread32Next
OpenThread
GetTimeZoneInformation
SetCalendarInfoA
SetTimeZoneInformation
RemoveDirectoryA
SetLocalTime
CreateProcessInternalA
CreateFileMappingW
QueryPerformanceCounter
GlobalFlags
GlobalUnlock
MultiByteToWideChar
LoadLibraryW
LZDone

w32topl

ToplScheduleCacheCreate
ToplIterGetObject
ToplIterAdvance
ToplHeapDestroy
ToplGraphFindEdgesForMST
ToplGraphInit
ToplListRemoveElem
ToplIterFree
ToplVertexGetParent
ToplEdgeDisassociate
ToplListSetIter
ToplListAddElem
ToplGetAlwaysSchedule
ToplEdgeSetToVertex
ToplScheduleCreate
ToplIsToplException

odbccr32

SQLParamOptions
SQLRowCount
SQLExtendedFetch
SQLPutData
SQLGetInfo
SQLFetch
SQLSetPos
SQLSetConnectOption
SQLSetConnectAttr
SQLSetDescField
SQLGetStmtOption
SQLFetchScroll
SQLCancel
SQLSetStmtOption
SQLFreeHandle
SQLGetDescRec
SQLParamData
SQLSetStmtAttr
SQLNativeSql
SQLBindCol
SQLGetDescField
SQLExecute
SQLTransact

mfcsubs

??0CString@@QAE@PBD@Z
?Unlock@CCriticalSection@@UAEHXZ
?Add@CStringArray@@QAEHPBG@Z
?Lock@CCriticalSection@@QAEHXZ
?Release@CString@@KGXPAUCStringData@@@Z
?GetBufferSetLength@CString@@QAEPAGH@Z
?SetAt@CStringArray@@QAEXHPBG@Z
?HashKey@CMapStringToPtr@@QBEIPBG@Z
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
??1CStringArray@@UAE@XZ
?MakeReverse@CString@@QAEXXZ
??0CString@@QAE@XZ
?AfxExtractSubString@@YGHAAVCString@@PBGHG@Z
??4CPlex@@QAEAAU0@ABU0@@Z
??BCSyncObject@@QBEPAXXZ
?Compare@CString@@QBEHPBG@Z
?Left@CString@@QBE?AV1@H@Z
??1CSyncObject@@UAE@XZ
?Find@CString@@QBEHG@Z
?Right@CString@@QBE?AV1@H@Z
?ConcatCopy@CString@@IAEXHPBGH0@Z
??_FCMapStringToPtr@@QAEXXZ
??YCString@@QAEABV0@PBG@Z
??N@YG_NABVCString@@0@Z

wininet

InternetAutodial
InternetGetPerSiteCookieDecisionW
IsUrlCacheEntryExpiredW
InternetGetCookieExW
InternetLockRequestFile
ResumeSuspendedDownload
SetUrlCacheEntryGroup
RegisterUrlCacheNotification
InternetSetStatusCallback
InternetConnectA

Sections

.text
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8a6668307a54cd9d1c44ad55d09a02c

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

ifsutil

kernel32

w32topl

odbccr32

mfcsubs

wininet

Sections

.text Size: 397KB - Virtual size: 396KB

.rdata Size: 131KB - Virtual size: 131KB

.data Size: 165KB - Virtual size: 1.6MB

.rsrc Size: 132KB - Virtual size: 132KB

.reloc Size: 1024B - Virtual size: 860B

.text
Size: 397KB - Virtual size: 396KB

.rdata
Size: 131KB - Virtual size: 131KB

.data
Size: 165KB - Virtual size: 1.6MB

.rsrc
Size: 132KB - Virtual size: 132KB

.reloc
Size: 1024B - Virtual size: 860B