fc59a2d818d0e6c6a2981abaa7753c92a82164eda6f28024c8a16fd8f6ed116e

Sharing

Copy URL Twitter E-mail

General

Target

fc59a2d818d0e6c6a2981abaa7753c92a82164eda6f28024c8a16fd8f6ed116e
Size

877KB
MD5

7db9eb9b26de4aaf73302e94bd683ef6
SHA1

0b7a48d900a9398a2e67f29385eb2ef3fea34546
SHA256

fc59a2d818d0e6c6a2981abaa7753c92a82164eda6f28024c8a16fd8f6ed116e
SHA512

d0becd9f2ffa9b2d2bbb2993b9ab69e4eb049af9c3811b6f57c29b14073c87273aa0246adf4ca42d947fba0ece1da9dc8b45627bdcaeedac70baa5c597125e07
SSDEEP

24576:jBu+G8TLA9E8BnNBvHtLgKM99eopHz0vPfV6wxI12TQ4k0Ca4jU:jG8yE8BnftLgnTfT0vHV6ZqQ4k0Qj

Score

N/A

Malware Config

Signatures

Files

fc59a2d818d0e6c6a2981abaa7753c92a82164eda6f28024c8a16fd8f6ed116e
.exe windows x86

14e24a1c47b3b036edfafb15391f95c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTapeStatus
WriteConsoleOutputAttribute
SetConsoleScreenBufferSize
lstrcmpi
IsBadCodePtr
IsValidCodePage
lstrcpyn
FindResourceA
GetACP
CreateIoCompletionPort
SetEvent
_hread
GetQueuedCompletionStatus
VirtualAlloc
EnumResourceNamesW
SetConsoleNlsMode
LoadLibraryA
WaitNamedPipeW
GetEnvironmentVariableA
SetConsoleMode
LoadLibraryExA
OpenWaitableTimerW
Module32First
HeapQueryInformation
SetComPlusPackageInstallStatus
GetStartupInfoA
FileTimeToLocalFileTime
DeleteTimerQueueTimer
GetPrivateProfileStringW
GetTempFileNameW
SetHandleInformation
GetFileSizeEx
WriteProfileStringA
GetUserDefaultLangID
GetConsoleAliasW
InitializeCriticalSection
ReplaceFileW
SetThreadPriority
GetComputerNameExA
GlobalFindAtomA
WaitForMultipleObjectsEx
CreateTimerQueue
BaseCheckAppcompatCache

odbc32

ODBCSetTryWaitValue
SQLGetInfo
g_hHeapMalloc
SQLFetch
SQLParamOptions
SQLColumnPrivileges
SQLColumnPrivilegesW
SQLGetTypeInfo
SQLBulkOperations
SQLGetDiagRec
SQLGetConnectAttr
SQLTablesA
SQLConnectA
SQLDescribeColW
SQLExecDirect
SQLTablePrivilegesW
SQLGetInfoW
SQLRowCount
SQLDescribeParam
SQLSetStmtAttrA
ODBCGetTryWaitValue
SQLSetDescFieldW
SQLDrivers
LockHandle
SQLColAttributes
SQLDescribeCol
SQLForeignKeysW
SQLExecDirectA
SQLDataSourcesW
SQLSetConnectAttrA
SQLAllocStmt
SQLSetStmtOption
SQLNumResultCols
SQLSetConnectOption
SQLFreeEnv
SQLSpecialColumnsW
SQLSetCursorName
SQLSetEnvAttr
SQLGetConnectAttrW
SQLBrowseConnect

ws2_32

closesocket
WSASetEvent
WSAUnhookBlockingHook
inet_addr
gethostbyname
getprotobynumber
WSAAsyncSelect
WSALookupServiceEnd
WSCInstallNameSpace
getservbyport
WSAStringToAddressW
WSASetBlockingHook
WSCEnumProtocols
WSAConnect
htonl
ioctlsocket
WSAEnumNameSpaceProvidersA
WSASendDisconnect
sendto
WPUCompleteOverlappedRequest
WSAGetLastError
WSARecv
WSAInstallServiceClassW
shutdown
getservbyname
WSAAsyncGetProtoByName
inet_ntoa
gethostname
WSADuplicateSocketW
getsockname
WSCWriteProviderOrder
WSAIsBlocking
WSAGetServiceClassInfoA
WSAAddressToStringW
connect
WSCUpdateProvider
WSAAsyncGetServByPort
recv
WSASetServiceW
WSAAddressToStringA

winsta

WinStationEnumerate_IndexedW
_WinStationFUSCanRemoteUserDisconnect
LogonIdFromWinStationNameA
WinStationNameFromLogonIdA
WinStationShadowStop
WinStationShadow
WinStationConnectCallback
WinStationCheckLoopBack
ServerLicensingClose
_WinStationGetApplicationInfo
WinStationActivateLicense
WinStationNameFromLogonIdW
ServerLicensingSetPolicy
_WinStationBeepOpen
ServerLicensingUnloadPolicy
_WinStationNotifyLogoff
_WinStationReInitializeSecurity
WinStationOpenServerA
_WinStationShadowTargetSetup
_WinStationUpdateUserConfig
ServerLicensingGetAvailablePolicyIds
WinStationGetTermSrvCountersValue
ServerLicensingGetPolicy
WinStationGetLanAdapterNameW
WinStationInstallLicense
WinStationSendMessageA
WinStationSetPoolCount
WinStationQueryUpdateRequired
_WinStationNotifyLogon
WinStationServerPing
WinStationSendWindowMessage
ServerSetInternetConnectorStatus
ServerLicensingGetPolicyInformationW
WinStationGenerateLicense
WinStationFreeMemory
_WinStationWaitForConnect
_WinStationCallback
ServerQueryInetConnectorInformationA
WinStationEnumerateA
_NWLogonSetAdmin
WinStationUnRegisterConsoleNotification

wldap32

ldap_parse_page_controlW
ldap_search_extW
ldap_first_attributeW
ldap_searchA
ldap_memfree
ldap_search_extA
ldap_modrdn2W
ldap_sasl_bindA
ldap_result2error
ldap_modrdn_sW
ldap_first_attribute
ldap_get_dnA
ldap_next_reference
ldap_create_sort_controlW
ldap_delete_ext
ber_skip_tag
ldap_bind
cldap_openA
ldap_search_stA
ldap_delete_ext_sA
ldap_escape_filter_element
ldap_addW
ldap_compare_extW
ldap_bind_sA
ldap_compare_ext_s
ldap_search_init_pageW
ldap_modrdnW
ldap_bindW
ldap_parse_sort_control
ldap_get_values_lenW
ber_bvdup

ntdll

RtlIpv4AddressToStringW
NtResumeThread
RtlComputeCrc32
ZwOpenProcessToken
RtlImageRvaToSection
ZwAccessCheckByTypeResultListAndAuditAlarm
NtContinue
NtQuerySystemEnvironmentValue
__iscsym
RtlEqualDomainName
ZwRemoveIoCompletion
strcspn
iswctype
NtSetInformationObject
RtlLengthRequiredSid
RtlInt64ToUnicodeString
RtlSetInformationAcl
RtlxAnsiStringToUnicodeSize
NtSetValueKey
LdrLoadAlternateResourceModule
RtlCompareMemoryUlong
RtlApplyRXact
NtCreateMutant
ZwSetInformationThread
ZwRestoreKey
NtSaveMergedKeys
NtReplyWaitReceivePort

wininet

FtpOpenFileA
InternetSetStatusCallback
RetrieveUrlCacheEntryStreamW
IncrementUrlCacheHeaderData
InternetWriteFileExA
FindFirstUrlCacheEntryExW
InternetGetPerSiteCookieDecisionA
InternetCrackUrlW
InternetCheckConnectionW
InternetDial
ShowX509EncodedCertificate
FtpRemoveDirectoryA
FtpRemoveDirectoryW
InternetSetCookieA
InternetConfirmZoneCrossingA
InternetCreateUrlW
FreeUrlCacheSpaceW
UnlockUrlCacheEntryStream
InternetGetCookieW
InternetSetDialStateA
InternetSecurityProtocolToStringA
RegisterUrlCacheNotification
InternetCreateUrlA
FindFirstUrlCacheGroup
InternetGetCookieA
FtpGetFileSize
InternetCombineUrlW
GetUrlCacheEntryInfoA
FtpCreateDirectoryW
InternetTimeFromSystemTimeW
FtpDeleteFileW
ParseX509EncodedCertificateForListBoxEntry
DeleteUrlCacheEntryA

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 511KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14e24a1c47b3b036edfafb15391f95c1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

odbc32

ws2_32

winsta

wldap32

ntdll

wininet

Sections

.text Size: 180KB - Virtual size: 180KB

.rdata Size: 181KB - Virtual size: 181KB

.data Size: 511KB - Virtual size: 1.9MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 180KB - Virtual size: 180KB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 511KB - Virtual size: 1.9MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B