a57d29fa4393d7c5170dc02a5d538b355df6c9ac4889825ec169f95807e0ab3c

Sharing

Copy URL Twitter E-mail

General

Target

a57d29fa4393d7c5170dc02a5d538b355df6c9ac4889825ec169f95807e0ab3c
Size

131KB
MD5

2c20e2eb7fa4fafaade922126989af68
SHA1

e65f2381fc5c62ade72be1fb6c39a503da9e9da9
SHA256

a57d29fa4393d7c5170dc02a5d538b355df6c9ac4889825ec169f95807e0ab3c
SHA512

b3c5d5c6a989fa7833d325c16a839d671339e240ca60355d0d62df0e71c0ee869792adeb0ff91ae04b217e591b5ffe8ddfeb3fa9586a12680a7fb5e19316fe84
SSDEEP

3072:j+m0f0KAB3eXQmIaJn24Ez2S+Nne9x8KTJWbJRR0A0jK4s/RPvOwc3fNbrH:j+tcpiQTap24Ez2dNe9bTMVgvKzyvH

Score

N/A

Malware Config

Signatures

Files

a57d29fa4393d7c5170dc02a5d538b355df6c9ac4889825ec169f95807e0ab3c
.exe windows x86

530d9509ad8ccf0e7e6f7d38420ed481

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateRestrictedToken
LsaICLookupNames
A_SHAUpdate
ElfReportEventW
NotifyBootConfigStatus
FlushTraceW
LsaICLookupSids
OpenSCManagerW
GetNamedSecurityInfoExW
CredUnmarshalCredentialW
RegOverridePredefKey
SaferComputeTokenFromLevel
ControlService
BackupEventLogW
ConvertStringSDToSDDomainW
RegQueryMultipleValuesW
LsaEnumeratePrivileges
FreeEncryptionCertificateHashList
CryptSetProviderA
LsaRetrievePrivateData
FreeSid
ReportEventA
MSChapSrvChangePassword
ConvertSDToStringSDRootDomainW
AccessCheckByTypeResultList
RegSetValueA
SystemFunction041
I_ScPnPGetServiceName
CryptGetProvParam
AbortSystemShutdownW
LsaSetDomainInformationPolicy
LsaQuerySecret
LsaICLookupNamesWithCreds
EnableTrace
GetEffectiveRightsFromAclA
GetSidIdentifierAuthority
ElfReportEventA
CredFree
CredGetSessionTypes
SaferSetLevelInformation
AddAuditAccessAce
WmiQueryAllDataMultipleW

odbcjt32

SQLGetStmtAttrW
SQLSetStmtAttrW
SQLStatisticsW
SQLFreeHandle
SQLBindCol
SQLNumResultCols
SQLDriverConnectW
SQLSetDescFieldW
OpenDirHook
SQLExecDirectW
ConfigDriverW
SQLNumParams
SQLConnectW
SQLGetDiagFieldW
InitDialogAgain
SQLParamData
SQLDisconnect
SQLFreeConnect
SQLGetInfoW
SQLSpecialColumnsW
ConfigDSNW
SQLCopyDesc
SQLExecute
SQLNativeSqlW
SQLGetData
DefTxtFmtDlgProc
SQLBulkOperations
SQLAllocConnect
AdvancedDialogProc
SQLRowCount
SQLBindParameter
SQLEndTran
SQLCloseCursor
SQLSetEnvAttr
SQLProceduresW

regapi

RegGetMachinePolicyEx
RegDefaultUserConfigQueryA
RegWinStationCreateW
WaitForTSConnectionsPolicyChanges
RegPdCreateA
RegWinStationQueryDefaultSecurity
RegWinStationQueryEx
RegMergeUserConfigWithUserParameters
RegWinStationEnumerateA
RegGetUserPolicy
RegIsTServer
RegPdQueryA
RegPdCreateW
RegWdDeleteW
RegWinStationSetSecurityA
RegWinStationQueryA
RegCdCreateA
RegDefaultUserConfigQueryW
RegCdQueryW
RegQueryOEMId
RegWdEnumerateA
RegUserConfigQuery
RegWinStationAccessCheck
RegWinStationDeleteW
RegCdCreateW
RegQueryUtilityCommandList
RegCloseServer
RegCdEnumerateA
RegUserConfigSet
RegDenyTSConnectionsPolicy
RegSAMUserConfig
RegConsoleShadowQueryA
RegWdQueryW
RegIsMachinePolicyAllowHelp
RegUserConfigRename
RegWinStationCreateA
RegGetMachinePolicy
RegWdQueryA
RegCdEnumerateW
RegCdDeleteW
RegWinStationQueryValueW
RegConsoleShadowQueryW
RegOpenServerA

kernel32

SetMessageWaitingIndicator
GetCompressedFileSizeW
CloseHandle
SwitchToFiber
ProcessIdToSessionId
GetCommConfig
LocalLock
GetModuleHandleW
FindResourceExW
EnumUILanguagesW
LoadLibraryA
SetFileShortNameA
GetNextVDMCommand
WritePrivateProfileStructA
SetLocalPrimaryComputerNameW
IsProcessorFeaturePresent
CommConfigDialogA
FillConsoleOutputCharacterW
QueryPerformanceCounter
GetConsoleCommandHistoryLengthA
HeapQueryInformation
LZClose
SetConsoleKeyShortcuts
VirtualAlloc
OutputDebugStringA
BindIoCompletionCallback
SetWaitableTimer
GetSystemWow64DirectoryW
SetThreadContext
OpenWaitableTimerW
SetCommTimeouts
GetStartupInfoW
CompareFileTime
CopyFileExW
AddVectoredExceptionHandler
Module32First
GlobalFindAtomW
GetProcessShutdownParameters
CreateTimerQueueTimer
GetDateFormatW
lstrcpyW
TlsFree
SetConsoleMenuClose
FindActCtxSectionGuid
SetFileShortNameW
VerLanguageNameA
GetConsoleWindow

msdart

?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
??4CReaderWriterLock2@@QAEAAV0@ABV0@@Z
?ReadLock@CFakeLock@@QAEXXZ
?Clear@CLKRHashTable@@QAEXXZ
??0CReaderWriterLock3@@QAE@XZ
?IsWin9x@CMdVersionInfo@@SAHXZ
?SetSpinCount@CFakeLock@@QAE_NG@Z
?_PredTrue@CLKRLinearHashTable@@CG?AW4LK_PREDICATE@@PBXPAX@Z
??1CReaderWriterLock2@@QAE@XZ
??4CReaderWriterLock3@@QAEAAV0@ABV0@@Z
?FindRecord@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?sm_wDefaultSpinCount@CSpinLock@@1GA
?TryReadLock@CSmallSpinLock@@QAE_NXZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?IsLocked@CLockedSingleList@@QBE_NXZ
?IsWriteUnlocked@CLKRLinearHashTable@@QBE_NXZ
?IsReadLocked@CCritSec@@QBE_NXZ
?BucketSizes@CLKRHashTableStats@@SGPBJXZ
?WriteLock@CLKRHashTable@@QAEXXZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?GetDefaultSpinCount@CReaderWriterLock@@SGGXZ
MPCSInitialize
?FindKey@CLKRHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
MPCSUninitialize
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?_ReadLockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?IsWinNT4@CMdVersionInfo@@SAHXZ
?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?TryReadLock@CFakeLock@@QAE_NXZ
?IsEmpty@CDoubleList@@QBE_NXZ
?ReadLock@CReaderWriterLock3@@QAEXXZ
?_Clear@CLKRLinearHashTable@@AAEX_N@Z
?_SegIndex@CLKRLinearHashTable@@ABEKK@Z
?GetDefaultSpinCount@CSmallSpinLock@@SGGXZ
??0CSpinLock@@QAE@XZ
??0CLockedDoubleList@@QAE@XZ
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z

ctl3d32

Ctl3dDlgProc
StaticWndProc3d
Ctl3dSubclassCtl
Ctl3dCtlColorEx
Ctl3dSubclassDlg
BtnWndProc3d
Ctl3dRegister
Ctl3dCtlColor
Ctl3dAutoSubclassEx
Ctl3dSetStyle
Ctl3dAutoSubclass
Ctl3dSubclassCtlEx
Ctl3dIsAutoSubclass
ListWndProc3d
Ctl3dColorChange
EditWndProc3d
ComboWndProc3d
Ctl3dWinIniChange
Ctl3dUnAutoSubclass
Ctl3dUnregister
Ctl3dGetVer
Ctl3dUnsubclassCtl
Ctl3dDlgFramePaint
Ctl3dSubclassDlgEx
Ctl3dEnabled

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

530d9509ad8ccf0e7e6f7d38420ed481

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

odbcjt32

regapi

kernel32

msdart

ctl3d32

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 136KB - Virtual size: 594KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 136KB - Virtual size: 594KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 1024B