debba49456d9b5966fd9cbb8fbbc8ac4504e57838b730c205bb31b3c7b483538

Sharing

Copy URL Twitter E-mail

General

Target

debba49456d9b5966fd9cbb8fbbc8ac4504e57838b730c205bb31b3c7b483538
Size

857KB
MD5

173ee331a5e7c4eae183f449e86f4606
SHA1

5bef3c268f25f6a2be822f1d7357e0125001e87f
SHA256

debba49456d9b5966fd9cbb8fbbc8ac4504e57838b730c205bb31b3c7b483538
SHA512

6e3abf8dea4b9fcdb637e0a14675b8787533339c3c3fea9117a576112d6f9225d62892beed69b1752ba9652d4a0a71f46e118cead09456d432cb57abe9dd42b4
SSDEEP

24576:oCa1pawRRHNlulcRBvdeKi45Y1cPF1eGeh:of1phbHNRBQ450cNMn

Score

N/A

Malware Config

Signatures

Files

debba49456d9b5966fd9cbb8fbbc8ac4504e57838b730c205bb31b3c7b483538
.exe windows x86

8f7b643e1e326e75f131e0230d34905c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlsrv32

SQLColumnsW
BCP_exec
SQLBindCol
SQLDescribeColW
ConnectDlgProc
SQLParamOptions
SQLProceduresW
BCP_moretext
SQLColumnPrivilegesW
BCP_columns
SQLTablePrivilegesW
SQLEndTran
SQLSetStmtAttrW
BCP_init
SQLGetDiagRecW
SQLProcedureColumnsW
SQLGetEnvAttr
SQLExecDirectW
SQLSetConnectAttrW
SQLSetDescFieldW
WizDSNDlgProc
BCP_control
SQLGetConnectOptionW
BCP_batch
SQLForeignKeysW
SQLPrepareW
SQLSetPos

clusapi

ClusterOpenEnum
CloseClusterResource
RemoveClusterResourceDependency
ClusterGroupGetEnumCount
ClusterNetworkEnum
ClusterNetworkCloseEnum
OpenClusterResource
FailClusterResource
EvictClusterNode
GetClusterResourceState
RegisterClusterNotify
ClusterNodeCloseEnum
ClusterGroupOpenEnum
ClusterGroupCloseEnum
CloseClusterNode
ClusterRegQueryInfoKey
SetClusterGroupNodeList
GetClusterNetInterfaceState
ResumeClusterNode
ClusterResourceTypeEnum
GetClusterResourceTypeKey
ClusterNetworkControl
ClusterControl
OpenCluster
GetClusterGroupState
GetClusterKey
SetClusterGroupName
ClusterEnum
OpenClusterGroup
ClusterRegGetKeySecurity
ClusterRegSetValue
GetClusterNotify
ClusterRegCloseKey
GetClusterNetworkId

kernel32

AddAtomW
GetEnvironmentStrings
GetVersion
GetFileInformationByHandle
GetStringTypeW
MapUserPhysicalPages
WriteConsoleOutputAttribute
SetConsoleCP
FindFirstFileW
IsBadReadPtr
GetDiskFreeSpaceExW
EnterCriticalSection
DeleteTimerQueue
EnumSystemLocalesA
WritePrivateProfileStringW
GetDefaultCommConfigW
ReadConsoleW
IsValidCodePage
SleepEx
GetLogicalDriveStringsA
LZSeek
ContinueDebugEvent
GetStdHandle
GetThreadTimes
VirtualAlloc
GetUserDefaultLCID
LoadLibraryA
DebugBreak
GetSystemWindowsDirectoryW
IsValidLocale
GetEnvironmentStringsA
SetEndOfFile
EnumCalendarInfoExA
CompareStringW
GetModuleHandleW
SetComPlusPackageInstallStatus
CancelIo
DefineDosDeviceA
CreateFileA
GetThreadPriority
WritePrivateProfileSectionW

Sections

.text
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f7b643e1e326e75f131e0230d34905c

Headers

DLL Characteristics

File Characteristics

Imports

sqlsrv32

clusapi

kernel32

Sections

.text Size: 438KB - Virtual size: 438KB

.rdata Size: 291KB - Virtual size: 291KB

.data Size: 124KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 438KB - Virtual size: 438KB

.rdata
Size: 291KB - Virtual size: 291KB

.data
Size: 124KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB