db47fa6fde4e7aeaac5f3d2e90b6d63037f8c82fc015efc4351cf80ce0d3f5ef

Sharing

Copy URL Twitter E-mail

General

Target

db47fa6fde4e7aeaac5f3d2e90b6d63037f8c82fc015efc4351cf80ce0d3f5ef
Size

828KB
MD5

712dea8e4bb8d1eb6c1f97e795ca9737
SHA1

154b8b8aacf600ac91b9e1c54c5c65d703334eba
SHA256

db47fa6fde4e7aeaac5f3d2e90b6d63037f8c82fc015efc4351cf80ce0d3f5ef
SHA512

6001dd17170e3ec312301dbdff9da8a34dec2070fd751dec83332a39454099f9efaff58923b3383f88abf51197f6616c44b02530ff8717a8371cee52edd9b1bf
SSDEEP

24576:j4RqzmPvyXKWsoqGfWSPvQdN8NNhsBJrppY:+2mnyXZnnQosBJrz

Score

N/A

Malware Config

Signatures

Files

db47fa6fde4e7aeaac5f3d2e90b6d63037f8c82fc015efc4351cf80ce0d3f5ef
.exe windows x86

770a9cc515672c7223b149a5f737e753

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt20

?blen@streambuf@@IBEHXZ
?doallocate@streambuf@@MAEHXZ
rename
_rotl
_sys_nerr
_atoldbl
__p__pwctype
_beginthreadex
?unexpected@@YAXXZ
?ends@@YAAAVostream@@AAV1@@Z
iswpunct
??1istrstream@@UAE@XZ
??6ostream@@QAEAAV0@H@Z
?fd@fstream@@QBEHXZ
_ismbbprint
??6ostream@@QAEAAV0@J@Z
?setmode@fstream@@QAEHH@Z
?close@ifstream@@QAEXXZ
localtime
_j1
_mbsbtype
__lconv_init
??0ifstream@@QAE@HPADH@Z
_ismbstrail
?get@istream@@QAEAAV1@PACHD@Z
?hex@@YAAAVios@@AAV1@@Z
_ftol
_rotr
?setbuf@streambuf@@UAEPAV1@PADH@Z
?str@strstreambuf@@QAEPADXZ
_adj_fprem1
??0ostream@@IAE@ABV0@@Z
_dup
_CItanh
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
??4stdiobuf@@QAEAAV0@ABV0@@Z
?writepad@ostream@@AAEAAV1@PBD0@Z
_adj_fprem
??0ostream_withassign@@QAE@PAVstreambuf@@@Z
??_Dofstream@@QAEXXZ
??0fstream@@QAE@XZ
_adj_fdiv_m16i

gdi32

ClearBitmapAttributes
GetHFONT
RemoveFontResourceA
DdEntry39
GetObjectA
GetGlyphOutlineWow
PolylineTo
EngReleaseSemaphore
GdiEndDocEMF
EngPlgBlt
StartDocA
SetICMMode
EngLoadModule
FrameRgn
GdiEntry15
SetICMProfileW
GetFontAssocStatus
GetRelAbs
EngStretchBlt
RemoveFontResourceExA
SetTextCharacterExtra
DdEntry8
DeleteColorSpace
SetDIBColorTable
DdEntry54
OffsetRgn
GdiAddGlsBounds
SetMetaRgn
GetFontUnicodeRanges
LineTo
SetBitmapAttributes
CloseEnhMetaFile
GdiIsPlayMetafileDC
PlayEnhMetaFileRecord
CreateColorSpaceW
GdiPlayEMF
DdEntry42
GetCharacterPlacementA
FillRgn
GetCharABCWidthsFloatA
ExcludeClipRect
EnumFontFamiliesA
FlattenPath
CreatePenIndirect
EndPage

sqlsrv32

BCP_exec
SQLGetDescRecW
WizIntSecurityDlgProc
FinishDlgProc
SQLExtendedFetch
TestDlgProc
SQLSetStmtAttrW
BCP_writefmt
SQLSetDescRec
SQLSetPos
SQLTablePrivilegesW
SQLParamOptions
BCP_sendrow
SQLGetEnvAttr
ConfigDriverW
SQLGetDiagRecW
SQLDriverConnectW
SQLFreeStmt
SQLEndTran
WizDatabaseDlgProc
SQLFetch
SQLSetConnectOptionW
SQLSetScrollOptions
BCP_getcolfmt
SQLForeignKeysW
SQLDisconnect
BCP_batch
SQLNativeSqlW

rtm

RtmLookupIPDestination
RtmReleaseDests
MgmInitialize
RtmCreateDestEnum
RtmGetNetworkCount
InsertIntoTable
RtmAddNextHop
RtmGetOpaqueInformationPointer
RtmCreateRouteList
RtmCreateRouteEnum
MgmGetProtocolOnInterface
RtmDeleteNextHop
RtmGetMostSpecificDestination
RtmGetExactMatchRoute
MgmGetMfe
RtmCreateRouteListEnum
RtmReleaseEntities
RtmRegisterClient
RtmDeleteRouteToDest
RtmDereferenceHandles
MgmDeRegisterMProtocol
RtmGetEntityInfo
RtmWriteInstanceConfig
RtmGetListEnumRoutes
RtmRegisterForChangeNotification
RtmGetDestInfo
RtmBlockConvertRoutesToStatic
RtmGetEntityMethods
DeleteFromTable
RtmReleaseChangedDests
RtmGetEnumNextHops
RtmReadInstanceConfig
CheckTable
RtmDeregisterFromChangeNotification
RtmWriteAddressFamilyConfig
RtmReferenceHandles
RtmGetLessSpecificDestination

kernel32

PrivMoveFileIdentityW
GetNumberFormatA
GetLogicalDrives
CreateActCtxW
CreateSemaphoreW
GetConsoleOutputCP
GetBinaryType
GetStartupInfoA
LocalAlloc
GetTickCount
WaitForSingleObjectEx
BackupSeek
VirtualAlloc
CreateJobObjectA
GetAtomNameW
UnregisterWaitEx
GetConsoleAliasExesLengthA
GlobalMemoryStatus
GetNumaHighestNodeNumber
GetTempPathA
LoadLibraryA
RemoveLocalAlternateComputerNameW
lstrlenW
SetFileShortNameW
FindAtomW
GetLongPathNameA
SetPriorityClass
SetConsoleNumberOfCommandsA
ReplaceFileA
OutputDebugStringA
RegisterConsoleIME
FindNextFileW
GetNativeSystemInfo
GetCurrentThread
lstrcmpiW
GetConsoleAliasExesLengthW
DisableThreadLibraryCalls
GetProfileIntW
UnlockFile

user32

CreatePopupMenu
CharUpperA
CreateAcceleratorTableA
GetDesktopWindow
SetKeyboardState
RegisterClassA
ReplyMessage
CheckMenuItem
DestroyIcon
DrawMenuBarTemp
SetDoubleClickTime
ChildWindowFromPointEx
TileWindows
DragDetect
LoadMenuIndirectW
DdeCreateDataHandle
GetTabbedTextExtentW
UnloadKeyboardLayout
IMPGetIMEW
LookupIconIdFromDirectoryEx
PrivateExtractIconsW
GetTaskmanWindow
CreateIconFromResourceEx
GetWindowLongW
SetWindowStationUser
GetSystemMenu
OpenInputDesktop
GetGUIThreadInfo
LoadMenuW

msvcrt40

fputws
__isascii
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
__p___winitenv
__RTCastToVoid
_setmode
_nextafter
__p__pctype
_sys_errlist
_abnormal_termination
??_8istream_withassign@@7B@
??0ofstream@@QAE@HPADH@Z
_stat
_mbsnbcat
??1__non_rtti_object@@UAE@XZ
_wspawnle
iswlower
system
_mbctokata
_ismbcspace
wcstok
?pbackfail@stdiobuf@@UAEHH@Z
_mbstok
??_7__non_rtti_object@@6B@
_except_handler3
_wspawnl
??0strstreambuf@@QAE@ABV0@@Z
??0ostream_withassign@@QAE@XZ
?getline@istream@@QAEAAV1@PAEHD@Z
?attach@ifstream@@QAEXH@Z
_j1
??0ifstream@@QAE@ABV0@@Z
isupper
__iscsym
??9type_info@@QBEHABV0@@Z
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
putwchar
towupper
?sputn@streambuf@@QAEHPBDH@Z
_wfindnexti64
strcspn
_wfopen
vwprintf
??0filebuf@@QAE@XZ

w32topl

ToplDeleteSpanningTreeEdges
ToplGraphNumberOfVertices
ToplEdgeInit
ToplEdgeGetToVertex
ToplEdgeGetWeight
ToplGraphRemoveVertex
ToplEdgeSetVtx
ToplScheduleDuration
ToplVertexFree
ToplHeapIsElementOf
ToplGraphSetVertexIter
ToplGetAlwaysSchedule
ToplVertexGetOutEdge
ToplSTHeapExtractMin
ToplGraphAddVertex
ToplEdgeDisassociate
ToplGraphFindEdgesForMST
ToplListRemoveElem
ToplSTHeapDestroy
ToplVertexNumberOfInEdges
ToplListAddElem
ToplEdgeDestroy
ToplScheduleIsEqual
ToplVertexGetId
ToplHeapDestroy
ToplScheduleCacheCreate
ToplHeapExtractMin
ToplVertexInit
ToplIterFree
ToplGraphInit
ToplScheduleCreate
ToplEdgeSetFromVertex
ToplScheduleImport
ToplGraphCreate
ToplVertexGetInEdge
ToplDeleteGraphState
ToplIterCreate
ToplGraphFree
ToplPScheduleValid
ToplSTHeapInit
ToplEdgeFree
ToplHeapInsert
ToplScheduleExportReadonly
ToplHeapIsEmpty

mapistub

cmc_free
HrGetOmiProvidersFlags
MAPIReadMail
GetOutlookVersion@0
UNKOBJ_ScCOReallocate@12
InstallFilterHook@4
MAPIAddress
MAPIOpenFormMgr@8
HrDecomposeMsgID@24
MAPIDeinitIdle@0
MNLS_MultiByteToWideChar@24
BMAPIFindNext
BMAPISaveMail
DeinitMapiUtil@0
LAUNCHWIZARD
PpropFindProp@12
MAPILogonEx
cmc_logon
OpenTnefStreamEx@32
OpenIMsgSession@12
MAPIGetDefaultMalloc@0
HrSzFromEntryID@12
HrComposeMsgID@24
FixMAPI
ScCreateConversationIndex@16
UNKOBJ_ScAllocateMore@16
FBadRow@4
MAPISaveMail
FtMulDwDw@8

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 580KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

770a9cc515672c7223b149a5f737e753

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt20

gdi32

sqlsrv32

rtm

kernel32

user32

msvcrt40

w32topl

mapistub

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 212KB - Virtual size: 212KB

.data Size: 580KB - Virtual size: 1.9MB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 312B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 580KB - Virtual size: 1.9MB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 312B