8d06fb68d6983ba7149e73d1a13c542a345125952b9f309ce7e44f8ff8277bbc

Sharing

Copy URL Twitter E-mail

General

Target

8d06fb68d6983ba7149e73d1a13c542a345125952b9f309ce7e44f8ff8277bbc
Size

91KB
MD5

81c0c88fcbefc107f4f6a3cdaac502b4
SHA1

7448c5ab539671bd037fd700441cf3431c6e55f4
SHA256

8d06fb68d6983ba7149e73d1a13c542a345125952b9f309ce7e44f8ff8277bbc
SHA512

a4a4bab5773a143a229d33fd88965fa9afb9e66b81edf373f32c5b505bbeb7bf16d67e01c167faff2a2d73605f527e185d8d11aa4d30e7c43043dc040929b4d5
SSDEEP

1536:MvE0alOqX7bXyU9Yr/DyB3Yt9o3gqZPNFoGvwHBP0Dqf15TnxgrOgjK11:M2lOM7bXye5Ijo3LZPs/hcDqf15Txv11

Score

N/A

Malware Config

Signatures

Files

8d06fb68d6983ba7149e73d1a13c542a345125952b9f309ce7e44f8ff8277bbc
.exe windows x86

ad71d871f0e7e6f0cf93938939869bf6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlGetLocationA
PathUnmakeSystemFolderW
SHDeleteEmptyKeyW
StrRStrIA
PathBuildRootW
SHCreateStreamOnFileEx
StrIsIntlEqualW
PathIsUNCServerShareW
PathIsRelativeW
StrChrIA
PathRemoveBlanksA
PathFindOnPathW
PathGetDriveNumberA
SHRegGetBoolUSValueW
PathFindNextComponentA
PathIsNetworkPathA
SHDeleteKeyA
PathIsUNCW
AssocQueryStringW
PathGetArgsA
StrStrW
PathRemoveBlanksW
UrlIsOpaqueA
PathRemoveExtensionA
StrCatBuffW

sqlunirl

_GetCommandLine_@0
_GetVersionEx@4
_FindResource@12
_LoadLibraryEx_@12
_SHBrowseForFolder_@4
_GetUserObjectInformation_@20
_DefFrameProc_@20
_SendNotifyMessage_@16
_RegSaveKey_@12
_GetCharacterPlacement_@24
_CopyFileEx_@24
_CreatePropertySheetPage_@4
_OpenMutex_@12
_lstrcpyn_@12
_OpenEvent_@12
_WritePrivateProfileStruct_@20
_RegEnumKey_@16
_FormatMessage@28
_GetModuleFileName@12
_lstrcpy_@8
_RegConnectRegistry_@12
_GetModuleHandle_@4
_PolyTextOut_@12
_CreateMetaFile_@4
_SetMenuItemInfo_@16
_CreateSemaphore_@16
_CharToOem_@8
wsprintf_
_GetProcAddress_@8
_GetProfileString_@20
_GetUnicodeRedirectionLayer@0
_SetWindowsHookEx_@16
_CreateEnhMetaFile_@16
_GetPrivateProfileString_@24
_CharLowerBuff_@8
_NDdeSetTrustedShare_@12
_CharPrev_@8
_GetDefaultCommConfig_@12
_DlgDirListComboBox_@20
_SearchPath_@24
_CreateProcess_@40
_GetEnvironmentVariable_@12
_RegSetValue_@20
_GetFileTitle@12
_GetTimeFormat_@24

msvcrt40

_endthreadex
_daylight
??_7ostream@@6B@
_wcsicmp
??_7strstream@@6B@
??_8stdiostream@@7Bostream@@@
localeconv
??5istream@@QAEAAV0@AAO@Z
?unlock@ios@@QAAXXZ
_ismbslead
_spawnl
??4strstreambuf@@QAEAAV0@ABV0@@Z
?xalloc@ios@@SAHXZ
_ismbbkalnum
_ismbckata
fsetpos
?clrlock@streambuf@@QAEXXZ
?get@istream@@QAEAAV1@PACHD@Z
?sync@strstreambuf@@UAEHXZ
_stati64
_wcsnicoll
_CxxThrowException
_pgmptr
ldiv
_ismbstrail
_wfindnexti64
_local_unwind2
_strdup
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
_mbctohira
_execle
_adj_fdiv_m32
fgetwc
??_7exception@@6B@
??_G__non_rtti_object@@UAEPAXI@Z
?isfx@istream@@QAEXXZ
_popen
wcspbrk
?sync@stdiobuf@@UAEHXZ

kernel32

PrepareTape
BaseCleanupAppcompatCacheSupport
EnumCalendarInfoA
IsBadStringPtrA
SetConsoleNumberOfCommandsW
VirtualAlloc
QueryPerformanceCounter
HeapSetInformation
GetConsoleCP
GetFileInformationByHandle
GetCommState
LZOpenFileW
SystemTimeToFileTime
DefineDosDeviceA
HeapCompact
LeaveCriticalSection
DeleteCriticalSection
ExitVDM
CancelDeviceWakeupRequest
FreeResource
CreateSocketHandle
GlobalGetAtomNameW
WritePrivateProfileStringW
GetConsoleFontInfo
FindVolumeMountPointClose
CreatePipe
VirtualQueryEx
SetHandleCount
ReadConsoleInputExA
GlobalUnWire
SetCalendarInfoW
RegisterWowBaseHandlers
SetSystemTime
GetFileSizeEx
AssignProcessToJobObject
GetThreadTimes
GetNamedPipeHandleStateW
GetVolumePathNameA
lstrcpynW
LocalUnlock
ReleaseMutex
GetNumberFormatA
GetCompressedFileSizeW
EnterCriticalSection
GetSystemTime
OpenFileMappingA
lstrcatW
LocalCompact
CreateToolhelp32Snapshot
SetVDMCurrentDirectories
WriteProfileStringA
GetCurrentConsoleFont
GlobalFindAtomA
SearchPathA
FreeEnvironmentStringsW
GetStringTypeW
LoadLibraryA
GetDiskFreeSpaceExA
GetVolumePathNameW
FatalAppExitW
CreateFileW
FindFirstVolumeMountPointA
GetNativeSystemInfo
RemoveLocalAlternateComputerNameA
SetComputerNameA
FindActCtxSectionStringA
CreateMutexA
SignalObjectAndWait
VerifyVersionInfoA
Process32Next
lstrcpyW

gdi32

GdiPlayPageEMF
GetRegionData
GetCharABCWidthsA
PatBlt
GetCharWidthInfo
GetCharWidthW
GetLogColorSpaceA
gdiPlaySpoolStream
GdiComment
XLATEOBJ_hGetColorTransform
ExtCreatePen
EngStretchBlt
GdiTransparentBlt
Polyline
PATHOBJ_vEnumStartClipLines
GetViewportOrgEx
GdiPlayJournal
EngGetCurrentCodePage
FONTOBJ_cGetGlyphs
SetDCBrushColor
EnumFontFamiliesW
GdiGetLocalDC
CreateEnhMetaFileW
GdiCleanCacheDC
GetRandomRgn
GetClipRgn
DdEntry32
CloseEnhMetaFile
GdiConvertEnhMetaFile
UpdateICMRegKeyA
PolyPolyline
UnloadNetworkFonts
DdEntry55
FillRgn
SetDCPenColor

sqlwoa

_GetWindowText@12
_GetClassInfo@12
_PeekMessage@20
_GetUserName@8
_DrawText@20
_CommDlg_OpenSave_GetFilePath@12
_DefWindowProc@16
_tfopen
_CommDlg_OpenSave_GetFolderPath@12
_SendMessage@16
_SetWindowLong@12
_FormatMessage@28
newMultiByteFromWideCharSize
AllocConvertMultiSZNameToA
_SetWindowText@8
_IsDialogMessage@8
_GetOpenFileName@4
_GetModuleFileName@12
_MoveFile@8
_DeleteFile@4
_CharLower@4
_CommDlg_OpenSave_GetSpec@12
_SetProp@12
_CreateFont@56
_GetDiskFreeSpaceEx@16
_GetFileTitle@12
_GetWindowTextLength@4
_GetVersionEx@4
_LoadMenu@8
_LoadCursor@8
_LoadBitmap@8
_LoadLibrary@4
_FindResource@12
_tsystem
_GetObject@12
_GetSaveFileName@4
_trename
newWideCharFromMultiByte
_GetTextExtentPoint32@16

msvcrt

__crtGetStringTypeW
_stricmp
_futime64
__p__mbctype
_wspawnlp
fwprintf
_wmktemp
_beginthreadex
_makepath
wcsrchr
_strset
_setmode
_getmaxstdio
__p__winmajor
strerror
_wexecv
_EH_prolog
_wcsdup
_tzname
__p___argv
_ismbbkprint
_eof
_safe_fprem
_get_sbh_threshold
__crtLCMapStringA
??1bad_typeid@@UAE@XZ
_lrotl

cmutil

?GetFile@CIniW@@QBEPBGXZ
?Clear@CIniW@@QAEXXZ
??0CRandom@@QAE@XZ
?Clear@CmLogFile@@QAEXH@Z
?GetFile@CIniA@@QBEPBDXZ
?DeInit@CmLogFile@@QAEJXZ
?SetWriteICSData@CIniA@@QAEXH@Z
CmLoadImageW
CmStrchrA
CmMalloc
WzToSzWithAlloc
?LoadSection@CIniA@@QBEPADPBD@Z
?Start@CmLogFile@@QAEJH@Z
?SetEntry@CIniW@@QAEXPBG@Z
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
?WPPS@CIniW@@QAEXPBG00@Z
?SetFile@CIniA@@QAEXPBD@Z
?GetPrimaryFile@CIniW@@QBEPBGXZ
GetOSMajorVersion
?Banner@CmLogFile@@QAEXXZ
?CloseFile@CmLogFile@@AAEJXZ
?SetReadICSData@CIniA@@QAEXH@Z
CmStrCatAllocA
CmFmtMsgA
CmFmtMsgW
?SetICSDataPath@CIniA@@QAEXPBD@Z
?Init@CRandom@@QAEXK@Z
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
CmBuildFullPathFromRelativeA
?LoadSection@CIniW@@QBEPAGPBG@Z
?SetWriteICSData@CIniW@@QAEXH@Z
CmStrStrA
GetOSBuildNumber
?CIniW_WriteEntryToReg@CIniW@@IBEHPAUHKEY__@@PBG1PBEKK@Z
?CIni_SetFile@CIniW@@KGXPAPAGPBG@Z
?GetRegPath@CIniW@@QBEPBGXZ

sqlwid

_lopen_
strerror_
GetEnvironmentStrings_
_ttof
_hwrite_
_lcreat_
_lwrite_
OpenFile_
wstrlen
GetProcAddress_

user32

RegisterClassA
PostQuitMessage
DefWindowProcA

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad71d871f0e7e6f0cf93938939869bf6

Headers

File Characteristics

Imports

shlwapi

sqlunirl

msvcrt40

kernel32

gdi32

sqlwoa

msvcrt

cmutil

sqlwid

user32

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 30KB - Virtual size: 138KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 30KB - Virtual size: 138KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB