d7791db533b64821c2d8c045ff712bbb6f76d687936882b2f4aeae9b0ddeca2f

Sharing

Copy URL Twitter E-mail

General

Target

d7791db533b64821c2d8c045ff712bbb6f76d687936882b2f4aeae9b0ddeca2f
Size

389KB
MD5

dc0809d7e88268c89d8e448f2cc727f0
SHA1

a6f09560c91595698f3d931a3b8911cb6ae83de4
SHA256

d7791db533b64821c2d8c045ff712bbb6f76d687936882b2f4aeae9b0ddeca2f
SHA512

23b8c6449218f5f7968dec7a0ebbe0658f22ad417e979cca0e394c5fc728deb575e0350433628faa61d22d67be8c8ec10c425d769cd2d46378de8fb007875b4b
SSDEEP

6144:ezHI7X2gpjFSnIZRNuTz0TvG8jJ45P5B8/jaSdR8kmf7sE+B7JWRsyC4:AeZCoRgWvcjBazmkmf7sfPWF

Score

N/A

Malware Config

Signatures

Files

d7791db533b64821c2d8c045ff712bbb6f76d687936882b2f4aeae9b0ddeca2f
.exe windows x86

7472ffbabdd5e999a93d1e313c5280c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_ismbbpunct
_flushall
_CIatan
_osver
_filelength
_ltow
??0ostrstream@@QAE@PADHH@Z
??0ostream@@IAE@XZ
??_Gios@@UAEPAXI@Z
??4filebuf@@QAEAAV0@ABV0@@Z
??6ostream@@QAEAAV0@O@Z
?put@ostream@@QAEAAV1@D@Z
??6ostream@@QAEAAV0@PBE@Z
_wputenv
?fLockcInit@ios@@0HA
strcat
_spawnv
?ignore@istream@@QAEAAV1@HH@Z
_getcwd
?writepad@ostream@@AAEAAV1@PBD0@Z
clock
?get@istream@@QAEAAV1@AAE@Z
?sync@istream@@QAEHXZ
_mbctolower
??0exception@@QAE@ABQBD@Z
?seekp@ostream@@QAEAAV1@J@Z
printf
??_Ebad_cast@@UAEPAXI@Z
_fgetwchar
_wpgmptr
_mbsnbcpy
_fstat
getwchar
?cerr@@3Vostream_withassign@@A
?get@istream@@QAEAAV1@PACHD@Z
_ismbchira
gets
?basefield@ios@@2JB

kernel32

LoadLibraryA
GetPrivateProfileStringA
SetThreadPriority
WriteConsoleOutputAttribute
GetSystemTimeAsFileTime
GlobalHandle
GetLongPathNameW
AddAtomA
CallNamedPipeA
PeekConsoleInputW
BuildCommDCBAndTimeoutsA
GetConsoleHardwareState
LZDone
SetProcessAffinityMask
Process32FirstW
SetEnvironmentVariableA
WritePrivateProfileStructA
GetThreadTimes
SetEndOfFile
GetSystemDefaultLangID
MoveFileExA
SearchPathA
SetDefaultCommConfigW
GetCPInfoExA
GetProfileSectionA
ReplaceFileW
SetLocaleInfoW
Heap32ListNext
LocalFlags
VirtualAlloc
EnumSystemLocalesA
IsDebuggerPresent

rtm

RtmLockRoute
CreateTable
DeleteFromTable
RtmCloseEnumerationHandle
MgmGroupEnumerationGetNext
RtmRegisterEntity
RtmEnumerateGetNextRoute
MgmGetProtocolOnInterface
MgmAddGroupMembershipEntry
RtmGetNextHopPointer
RtmIsMarkedForChangeNotification
RtmReferenceHandles
MgmGetFirstMfe
RtmBlockSetRouteEnable
RtmReleaseDestInfo
MgmDeInitialize
RtmHoldDestination
RtmReadInstanceConfig
RtmDeregisterClient
RtmGetExactMatchDestination
RtmUpdateAndUnlockRoute
RtmDeleteEnumHandle
RtmGetInstanceInfo
RtmGetRegisteredEntities
RtmLockDestination
RtmReleaseNextHops
RtmCreateRouteEnum
RtmBlockMethods
RtmDeleteRoute
RtmDeregisterFromChangeNotification
RtmCreateNextHopEnum

ntdll

ZwConnectPort
NtQueryDefaultLocale
ZwSetLowEventPair
NtWriteFileGather
ZwFindAtom
ZwFlushVirtualMemory
ZwQueryInformationJobObject
RtlCreateUnicodeString
NtPrivilegedServiceAuditAlarm
NtCreateSection
RtlGetUserInfoHeap
RtlLargeIntegerNegate
NtRemoveProcessDebug
NtSetValueKey
NtQueryObject
ZwSetHighEventPair
ZwQuerySystemTime
RtlValidRelativeSecurityDescriptor
NtQueryValueKey
ZwAcceptConnectPort
cos
NtAddBootEntry
RtlSetSecurityObject
ZwCallbackReturn
RtlTimeToSecondsSince1970
KiUserCallbackDispatcher
_aulldvrm
ZwWriteRequestData
ZwSetInformationFile
NtAdjustGroupsToken
RtlDosSearchPath_U
islower
NtDeviceIoControlFile
NtSuspendThread
ZwQueryPortInformationProcess
ZwTranslateFilePath
ZwSetLdtEntries
DbgUiRemoteBreakin
NtQuerySystemEnvironmentValueEx
NtCreateMutant
RtlRandom
RtlFreeUnicodeString
RtlExtendedIntegerMultiply
NtCreateJobSet
ZwGetContextThread
ZwSetThreadExecutionState
NtAccessCheckByType
log
NtCreateDebugObject
DbgSetDebugFilterState
ZwAssignProcessToJobObject
RtlInitializeCriticalSectionAndSpinCount
NtPrivilegeCheck
RtlGetElementGenericTable
NtCreateEventPair
RtlFirstFreeAce

sqlsrv32

SQLSetConnectAttrW
BCP_colptr
SQLDriverConnectW
BCP_batch
WizDSNDlgProc
SQLParamOptions
SQLGetFunctions
SQLSetScrollOptions
WizLanguageDlgProc
BCP_readfmt
SQLCloseCursor
SQLMoreResults
SQLSpecialColumnsW
BCP_control
SQLBulkOperations
SQLExecDirectW
FinishDlgProc
BCP_columns
BCP_setcolfmt
SQLFetchScroll
TestDlgProc
SQLGetDescRecW
SQLColumnsW
SQLEndTran
SQLNumResultCols
SQLFreeStmt
BCP_init
BCP_getcolfmt
SQLDebug
SQLGetStmtAttrW
SQLDisconnect
SQLExtendedFetch
SQLNumParams
SQLTablePrivilegesW
WizDatabaseDlgProc
SQLColumnPrivilegesW
SQLSetPos
SQLGetConnectAttrW
SQLAllocHandle
SQLSetEnvAttr
BCP_colfmt
SQLSetDescRec

oleaut32

VarI1FromBool
VarR4FromI1
SafeArrayAllocDescriptorEx
VarI2FromI1
VarUI8FromUI2
VarDateFromUI4
VarI1FromUI8
ClearCustData
VarAnd
VarUI8FromCy
VarI2FromCy
VarCyRound
UnRegisterTypeLib
SafeArrayGetVartype
VarUI4FromBool
VarBstrFromI8
VarRound
VarI4FromCy
CreateDispTypeInfo
OleSavePictureFile
SafeArrayCreateVectorEx
VarUI2FromBool
OleLoadPicturePath
VarI2FromR4
VARIANT_UserSize
VarUI8FromR4
SafeArrayGetRecordInfo
VarI4FromUI2
VarI2FromStr
VarDecFromCy
VarDecFromUI8
VarDateFromDisp
VarDecFromDate
VarBstrFromI2
SysFreeString
VarI2FromDec
SafeArrayDestroyDescriptor
VarR8FromDisp
VarDecFromR4
VarSub
VarCyFromI8

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7472ffbabdd5e999a93d1e313c5280c2

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

kernel32

rtm

ntdll

sqlsrv32

oleaut32

Sections

.text Size: 163KB - Virtual size: 163KB

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 75KB - Virtual size: 493KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 163KB - Virtual size: 163KB

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 75KB - Virtual size: 493KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 1024B - Virtual size: 1024B