ccd6a9c386a19944f90a62890e2032cda095ca5b63ffd69b2e6de29fbb6baade

Sharing

Copy URL Twitter E-mail

General

Target

ccd6a9c386a19944f90a62890e2032cda095ca5b63ffd69b2e6de29fbb6baade
Size

826KB
MD5

1dd64cc5e1181c2c3e37ad9fdb4297d0
SHA1

26307f8fefe060124ce4325c7168432949b73b41
SHA256

ccd6a9c386a19944f90a62890e2032cda095ca5b63ffd69b2e6de29fbb6baade
SHA512

fc8524163ee9c3f4f5399bca9ab06d289af37aeb3eccb72b827e055a77b8a15db3e7ec7ea1e45c879c82942472b758d63cf61da67d573f58ae89444a0ec32f5e
SSDEEP

24576:9gb2KXtVW5L7hD9VrYP9FwEWNxAZpoOF2ZRrhSOa:9gyK9OHp4Pwb6p4brhSOa

Score

N/A

Malware Config

Signatures

Files

ccd6a9c386a19944f90a62890e2032cda095ca5b63ffd69b2e6de29fbb6baade
.exe windows x86

a382138e43fb485089f78fd39744e7f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbcbcp

dbprtypeA
bcp_setcolfmt
bcp_colfmt
bcp_sendrow
bcp_bind
SQLInitEnumServers
bcp_readfmtW
SQLLinkedCatalogsW
bcp_colptr
SQLLinkedServers

shlwapi

PathMakeSystemFolderW
PathIsRelativeA
SHRegEnumUSValueA
PathCommonPrefixW
StrToInt64ExW
PathAppendA
UrlCombineW

msacm32

acmFormatEnumA
acmDriverDetailsA
acmFilterTagDetailsA
acmStreamMessage
acmFormatChooseW
acmStreamClose
acmDriverRemove
acmFormatTagEnumW
acmFormatEnumW
acmFormatTagDetailsW
acmStreamReset
acmStreamConvert
acmFilterEnumA
acmFilterTagEnumA
acmDriverDetailsW
XRegThunkEntry
acmFilterChooseW
acmFormatChooseA
acmDriverOpen
acmGetVersion
acmDriverID

wtsapi32

WTSLogoffSession
WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSSetSessionInformationA
WTSWaitSystemEvent
WTSSendMessageW
WTSQuerySessionInformationA
WTSVirtualChannelQuery
WTSSetUserConfigW
WTSDisconnectSession
WTSEnumerateSessionsA
WTSVirtualChannelWrite
WTSVirtualChannelOpen
WTSVirtualChannelPurgeInput
WTSQueryUserConfigW
WTSSetSessionInformationW
WTSEnumerateProcessesA
WTSEnumerateServersW
WTSEnumerateProcessesW
WTSVirtualChannelRead
WTSFreeMemory
WTSQuerySessionInformationW
WTSOpenServerW
WTSSendMessageA
WTSShutdownSystem
WTSOpenServerA
WTSRegisterSessionNotification
WTSQueryUserToken
WTSCloseServer
WTSTerminateProcess

kernel32

RtlFillMemory
SetEvent
WaitForMultipleObjectsEx
SetMessageWaitingIndicator
FlushFileBuffers
EnumSystemLanguageGroupsW
lstrcmpi
GetConsoleScreenBufferInfo
SignalObjectAndWait
_hread
GetProcessTimes
FoldStringW
GetVolumePathNameW
DeleteAtom
GetOEMCP
DeactivateActCtx
GetFileAttributesExW
ReplaceFileA
lstrcpyn
GetWindowsDirectoryA
Module32First
GetPrivateProfileSectionA
ReadFileScatter
GetProcessHeap
GetNumaAvailableMemoryNode
SetConsoleWindowInfo
VirtualQuery
SetFileApisToANSI
ConvertFiberToThread
GetDiskFreeSpaceExA
GetSystemDefaultLCID
ReadConsoleInputExW
HeapDestroy
ScrollConsoleScreenBufferW
AddAtomW
RemoveDirectoryA
ReleaseActCtx
OpenProcess
SetCommTimeouts
GetSystemInfo
CreateDirectoryExA
FindFirstFileA
GetModuleHandleA
Process32Next
DebugActiveProcess
UTUnRegister
EnumerateLocalComputerNamesW
WaitForSingleObject
FindFirstFileW
GetNumaProcessorNode
IsBadStringPtrA
CreateHardLinkW
BuildCommDCBA
LoadLibraryW
EnumSystemLanguageGroupsA
GetProcessWorkingSetSize

gdi32

DdEntry29
GdiQueryTable
GetRelAbs
RemoveFontResourceA
GdiConsoleTextOut
GdiTransparentBlt
GetObjectA
GetCharWidthI
GdiSetLastError
SelectObject
PlayEnhMetaFileRecord
GdiEntry5
RoundRect
ColorMatchToTarget
SetMetaFileBitsEx
CreateColorSpaceW
ExtSelectClipRgn
UpdateICMRegKeyA
Pie
PolyDraw
StretchDIBits
AbortPath
GetRgnBox
EngQueryEMFInfo
WidenPath
GetArcDirection

dnsapi

DnsAsyncRegisterTerm
DnsUtf8ToUnicode
CombineRecordsInBlob
Dns_ParsePacketRecord
Dns_GetRandomXid
BreakRecordsIntoBlob
DnsIsStatusRcode
Dns_AddRecordsToMessage

Sections

.text
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a382138e43fb485089f78fd39744e7f2

Headers

DLL Characteristics

File Characteristics

Imports

odbcbcp

shlwapi

msacm32

wtsapi32

kernel32

gdi32

dnsapi

Sections

.text Size: 370KB - Virtual size: 370KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 197KB - Virtual size: 1.6MB

.rsrc Size: 173KB - Virtual size: 173KB

.reloc Size: 1024B - Virtual size: 856B

.text
Size: 370KB - Virtual size: 370KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 197KB - Virtual size: 1.6MB

.rsrc
Size: 173KB - Virtual size: 173KB

.reloc
Size: 1024B - Virtual size: 856B