ea03c8d19c6895a7cd0b6f4e256feebbe82ab11058f3d7fd33097860c7e7f2ea

Sharing

Copy URL Twitter E-mail

General

Target

ea03c8d19c6895a7cd0b6f4e256feebbe82ab11058f3d7fd33097860c7e7f2ea
Size

295KB
MD5

45cbf1557e1a264579ed14d289154826
SHA1

a9f91734570d7736eacfc731918fbfbff0f413c5
SHA256

ea03c8d19c6895a7cd0b6f4e256feebbe82ab11058f3d7fd33097860c7e7f2ea
SHA512

7759f0f570e8d8af89ff23db8d80ba99e92e15f45fbf2315469b6999fa95e073902817e1fc0095543db1f436f0f44e0b07d2a7c266b92060f6ee455c99ca5892
SSDEEP

6144:q3UJwe+l8ibgi5NX33LOR0SxzW4+jFDOtDwKfFT:q3Ub+5diiSBW4+0xFT

Score

N/A

Malware Config

Signatures

Files

ea03c8d19c6895a7cd0b6f4e256feebbe82ab11058f3d7fd33097860c7e7f2ea
.exe windows x86

b3c467465a292a8890c19077d40441c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_adjust_fdiv
malloc
_initterm
free
_wtoi
iswdigit
_itow
wcscpy
wcstoul
wcschr
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wcsicmp
__CxxFrameHandler
_CxxThrowException
wcscat
_ultow
_purecall
wcstombs
wcslen
?terminate@@YAXXZ

query

?IsCIPaused@CMachineAdmin@@QAEHXZ
?IsStarted@CCatalogAdmin@@QAEHXZ
?IsPaused@CCatalogAdmin@@QAEHXZ
??0CRegAccess@@QAE@KPBG@Z
?Get@CRegAccess@@QAEXPBGPAGI@Z
?CiGetPassword@@YGHPBG0PAG@Z
??0CMetaDataMgr@@QAE@HW4CiVRootTypeEnum@@KPBG@Z
??1CMetaDataMgr@@QAE@XZ
??0CDefColumnRegEntry@@QAE@XZ
?GetGlobalStaticPropertyList@@YGPAVCStaticPropertyList@@XZ
??0CLocalGlobalPropertyList@@QAE@PAVCEmptyPropertyList@@HPBGK@Z
??0CDbColId@@QAE@XZ
?SetProperty@CDbColId@@QAEHPBG@Z
?Refresh@CDefColumnRegEntry@@QAEXH@Z
?Cleanup@CDbColId@@QAEXXZ
?GetOleError@@YGJAAVCException@@@Z
?SystemExceptionTranslator@@YAXIPAU_EXCEPTION_POINTERS@@@Z
?QueryCatalogEnum@CMachineAdmin@@QAEPAVCCatalogEnum@@XZ
?Next@CCatalogEnum@@QAEHXZ
?AddCatalog@CMachineAdmin@@QAEXPBG0@Z
?Next@CScopeEnum@@QAEHXZ
?QueryScopeAdmin@CScopeEnum@@QAEPAVCScopeAdmin@@XZ
?QueryScopeAdmin@CCatalogAdmin@@QAEPAVCScopeAdmin@@PBG@Z
?SetAlias@CScopeAdmin@@QAEXPBG@Z
?SetExclude@CScopeAdmin@@QAEXH@Z
?SetLogonInfo@CScopeAdmin@@QAEXPBG0AAVCCatalogAdmin@@@Z
?PauseCI@CMachineAdmin@@QAEHXZ
?IsCatalogInactive@CCatalogAdmin@@QAEHXZ
?IsCIStopped@CMachineAdmin@@QAEHXZ
?IsCIStarted@CMachineAdmin@@QAEHXZ
?DeleteRegistryParamNoThrow@CCatalogAdmin@@QAEXPBG@Z
CIState
?IsStopped@CCatalogAdmin@@QAEHXZ
?AddCachedProperty@CCatalogAdmin@@QAEXABVCFullPropSpec@@KKKH@Z
?SetDWORDParam@CCatalogAdmin@@QAEXPBGK@Z
?GetDWORDParam@CCatalogAdmin@@QAEHPBGAAK@Z
?RemoveScope@CCatalogAdmin@@QAEXPBG@Z
?QueryCatalogAdmin@CMachineAdmin@@QAEPAVCCatalogAdmin@@PBG@Z
?AddScope@CCatalogAdmin@@QAEXPBG0H00@Z
?IsCIEnabled@CMachineAdmin@@QAEHXZ
?EnableCI@CMachineAdmin@@QAEHXZ
?StopCI@CMachineAdmin@@QAEHXZ
?DisableCI@CMachineAdmin@@QAEHXZ
?TunePerformance@CMachineAdmin@@QAEXHGG@Z
?SetDWORDParam@CMachineAdmin@@QAEXPBGK@Z
?GetDWORDParam@CMachineAdmin@@QAEHPBGAAK@Z
??0CMachineAdmin@@QAE@PBGH@Z
?RemoveCatalog@CMachineAdmin@@QAEXPBGH@Z
??1CMachineAdmin@@QAE@XZ
_ForceMasterMerge@16
?UpdateContentIndex@@YGKPBG00H@Z
??1CCatalogEnum@@QAE@XZ
??1CScopeEnum@@QAE@XZ
??1CCatalogAdmin@@QAE@XZ
?Pause@CCatalogAdmin@@QAEHXZ
?StartCI@CMachineAdmin@@QAEHXZ
?Start@CCatalogAdmin@@QAEHXZ
??0CException@@QAE@XZ
?RemoveCatalogFiles@CMachineAdmin@@QAEXPBG@Z
?GetLocation@CCatalogAdmin@@QAEPBGXZ
?ciDelete@@YGXPAX@Z
?ciNew@@YGPAXI@Z
?Stop@CCatalogAdmin@@QAEHXZ

user32

LoadStringW
SendMessageW
DialogBoxParamW
SetWindowLongW
EndDialog
GetWindowLongW
MessageBeep
wsprintfW
PostMessageW
CheckRadioButton
RegisterClipboardFormatW
GetParent
SetWindowTextW
SetFocus
IsWindowEnabled
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItemTextW
GetDlgItem
MessageBoxW
GetFocus
ShowWindow
SetTimer
KillTimer
EnableWindow
WinHelpW
LoadBitmapW
LoadIconW
SendDlgItemMessageW

gdi32

DeleteObject

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW

kernel32

SetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetLastError
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
OutputDebugStringA
LocalFree
FormatMessageW
GetSystemDefaultLCID
LoadLibraryA
GlobalFree
GetSystemWindowsDirectoryW
GlobalAlloc
LoadLibraryW
IsBadReadPtr

advapi32

RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyA
RegCloseKey
RegCreateKeyExW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemAlloc
StringFromGUID2
CreateStreamOnHGlobal
CoInitialize

Sections

.text
Size: 89KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3c467465a292a8890c19077d40441c1

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

query

user32

gdi32

shell32

kernel32

advapi32

ole32

Sections

.text Size: 89KB - Virtual size: 90KB

.data Size: 225KB - Virtual size: 228KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 89KB - Virtual size: 90KB

.data
Size: 225KB - Virtual size: 228KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 10KB - Virtual size: 10KB