bcd1dddd4b076e0535e01a73809453bab7b8d520ee0ed7ffc039ed261b501bc3

Sharing

Copy URL Twitter E-mail

General

Target

bcd1dddd4b076e0535e01a73809453bab7b8d520ee0ed7ffc039ed261b501bc3
Size

132KB
MD5

7dbe850f220db9a5ab8e3a8b3cca604e
SHA1

597857b95a848e5a3c84943b5f7945485a42013d
SHA256

bcd1dddd4b076e0535e01a73809453bab7b8d520ee0ed7ffc039ed261b501bc3
SHA512

d979a2aa158d9b00a63f51f16c68a1801560a7db606aa90196a190fa6bc673ca85acd48bf681ae6fe1087ae4021feb5fa2bd9b11645d6c4ebc63ec769e1372db
SSDEEP

3072:P13jCOnEkHtQSSXZMs8ZgGxg+2ZEgFomThsUDoDXr28vIdzjWE:t3jCOnreJZHSgyn2ZEgFtds4ur2PpR

Score

N/A

Malware Config

Signatures

Files

bcd1dddd4b076e0535e01a73809453bab7b8d520ee0ed7ffc039ed261b501bc3
.exe windows x86

6d01a785df37015aedf629eb36583657

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?RemoveFirstChild@CDbCmdTreeNode@@IAEPAV1@XZ
?_FindOrAddValueNode@CDbPropertyRestriction@@AAEPAVCDbScalarValue@@XZ
SetupCacheEx
?AllocHeapAndGetWString@@YGPAGAAVPDeSerStream@@@Z
??0CException@@QAE@XZ
?SetDWORDParam@CMachineAdmin@@QAEXPBGK@Z
?SetUI2@CStorageVariant@@QAEXGI@Z
??0CRegAccess@@QAE@KPBG@Z
?GetCommandChar@CQueryScanner@@QAEGXZ
?SkipLong@CMemDeSerStream@@UAEXXZ
?Marshall@CDbCmdTreeNode@@QBEXAAVPSerStream@@@Z
??1CDbProp@@QAE@XZ
?Init@CPidLookupTable@@QAEHPAVPRcovStorageObj@@@Z
?GetLPSTR@CAllocStorageVariant@@QBEPADI@Z
??0CTimeLimit@@QAE@KK@Z
?IsStopped@CCatalogAdmin@@QAEHXZ
?GetPropInfoFromName@CEmptyPropertyList@@UAGJPBGPAPAUtagDBID@@PAGPAI@Z
??1CRegChangeEvent@@QAE@XZ
?SetUI8@CStorageVariant@@QAEXT_ULARGE_INTEGER@@I@Z
??0CDFA@@QAE@PBGAAVCTimeLimit@@E@Z
??1CPhraseRestriction@@QAE@XZ
??1CFwEventItem@@QAE@XZ
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
?Serialize@CDbQueryResults@@QBEXAAVPSerStream@@@Z
?CiNtOpen@@YGPAXPBGKKK@Z
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KPAUtagPROPVARIANT@@PAI@Z
?IsWaitingForDocument@CFilterDaemon@@QAEHXZ
?_dwLastCheckMoment@CGlobalPropFileRefresher@@0KA
?GetEntryBuffer@CGenericCiProxy@@QAEPAEAAK@Z
?SetI2@CStorageVariant@@QAEXFI@Z

ws2_32

WSASend
WSAHtonl
WSASetLastError
WSANtohs
WSApSetPostRoutine
WSARecvDisconnect
getservbyname
WSAAsyncGetHostByName
WSADuplicateSocketA
WSARemoveServiceClass
ntohs
WSAGetServiceClassNameByClassIdA
listen
gethostbyname
WPUCompleteOverlappedRequest
WSAEnumNetworkEvents
WSCInstallNameSpace
getnameinfo
WSCGetProviderPath
WSALookupServiceBeginA
recvfrom
WSAIsBlocking
WSAEnumProtocolsA
WSANtohl
WSAConnect
WSANSPIoctl
WSAAsyncGetServByPort
getpeername
WSASendTo
accept
WEP
WSACancelAsyncRequest
WSAInstallServiceClassA
WSAUnhookBlockingHook
WSAStartup
WSADuplicateSocketW
getsockopt
WSCUpdateProvider
htons
WSAJoinLeaf
WSCWriteNameSpaceOrder
WSAGetServiceClassInfoW

odbccp32

SQLGetAvailableDrivers
SQLRemoveTranslator
SQLLoadDriverListBox
SQLRemoveDriverManager
SQLSetConfigMode
SQLWritePrivateProfileStringW
SQLConfigDataSourceW
SQLInstallDriverEx
SQLWriteFileDSN
SQLReadFileDSNW
SQLConfigDataSource
SQLConfigDriverW
SQLInstallTranslatorExW
SQLGetInstalledDriversW
SQLCreateDataSourceW
SQLWriteDSNToIniW
SQLInstallODBC
SQLGetTranslator
SQLInstallDriverManager
SQLRemoveTranslatorW
SQLInstallTranslatorEx
SQLGetAvailableDriversW
SQLRemoveDefaultDataSource
SQLRemoveDSNFromIniW
SelectTransDlg
SQLCreateDataSourceExW
SQLInstallTranslator
SQLInstallDriverW
SQLPostInstallerErrorW
SQLConfigDriver
SQLGetPrivateProfileString

dbghelp

SymUnloadModule
dh
lmi
SymEnumerateModules64
ImageRvaToVa
SymEnumerateSymbols64
SymRegisterCallback64
SymGetSymFromName64
MapDebugInformation
SymUnloadModule64
SymGetLineFromName
SymGetLineFromAddr
FindDebugInfoFileEx
ImageDirectoryEntryToDataEx
SymGetSearchPath
FindFileInSearchPath
SymGetTypeInfo
SymGetSymFromAddr
SearchTreeForFile
EnumerateLoadedModules
UnDecorateSymbolName
SymGetLineNext64
SymFindFileInPath
SymSetOptions
SymEnumTypes
SymGetSymNext
SymLoadModuleEx
ImageNtHeader
SymCleanup
DbgHelpCreateUserDumpW
vc7fpo
MiniDumpReadDumpStream
SymSetSearchPath
SymEnumerateSymbolsW
SymGetModuleInfoW
omap
GetTimestampForLoadedLibrary
SymGetLinePrev

kernel32

RtlMoveMemory
GetPrivateProfileSectionA
GetLastError
SizeofResource
GlobalFix
GetProcessTimes
Heap32ListFirst
GetProcessHeaps
TransactNamedPipe
CreateMailslotA
OutputDebugStringA
GetConsoleSelectionInfo
LoadLibraryA
GetSystemDefaultLangID
GetLocaleInfoW
WaitNamedPipeA
TerminateJobObject
BaseCheckAppcompatCache
SetLocaleInfoA
LocalAlloc
SetWaitableTimer
GetCurrencyFormatW
GlobalGetAtomNameW
SetComputerNameW
GetConsoleAliasesLengthA
GetOEMCP
RaiseException
VirtualFreeEx
WriteProfileSectionW
GetPrivateProfileIntA
MultiByteToWideChar
GetTickCount
OpenMutexA
GetProcessAffinityMask
GlobalAddAtomW
SetLastError
DeleteVolumeMountPointA
_lread
VirtualAlloc
WritePrivateProfileStringW

catsrvut

??_7CComPlusComponent@@6B@
ManagedRequestW
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
WinlogonHandlePendingInfOperations
??4CComPlusObject@@QAEAAV0@ABV0@@Z
RunMTSToCom
??_7CComPlusObject@@6B@
SysprepComplus
COMPlusUninstallActionW
??0CComPlusComponent@@QAE@ABV0@@Z
??4CComPlusInterface@@QAEAAV0@ABV0@@Z
SysprepComplus2
DllGetClassObject
FindAssemblyModulesW
??_7CComPlusMethod@@6B@
??0CComPlusObject@@QAE@ABV0@@Z
RegDBRestore
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
StartMTSTOCOM
RegDBBackup
QueryUserDllW
?GetITypeLib@CComPlusTypelib@@QAEPAUITypeLib@@XZ
??0CComPlusMethod@@QAE@ABV0@@Z
??1CComPlusComponent@@UAE@XZ
??0CComPlusInterface@@QAE@ABV0@@Z
CGMIsAdministrator
??_7CComPlusInterface@@6B@
??1CComPlusInterface@@UAE@XZ
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z

ntdll

RtlSetProcessIsCritical
RtlUnhandledExceptionFilter2
ZwQueryInformationProcess
RtlUpcaseUnicodeStringToOemString
NtFindAtom
RtlFlushSecureMemoryCache
RtlCaptureContext
RtlEqualLuid
RtlAddAttributeActionToRXact
_ui64tow
RtlValidSecurityDescriptor
RtlHashUnicodeString
RtlIdentifierAuthoritySid
vsprintf
ZwSaveMergedKeys
NtReplyWaitReplyPort
ZwQueryIoCompletion
ZwMapUserPhysicalPages
RtlDeactivateActivationContext
NtSetInformationJobObject
RtlFormatMessage
NtQueryInformationFile
RtlUnhandledExceptionFilter
RtlNewSecurityObject
RtlInitAnsiString
ZwEnumerateKey
RtlApplyRXact
ZwSetSystemInformation
NtCreateProcessEx
RtlSplay
NtCreateDebugObject

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d01a785df37015aedf629eb36583657

Headers

DLL Characteristics

File Characteristics

Imports

query

ws2_32

odbccp32

dbghelp

kernel32

catsrvut

ntdll

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 15KB - Virtual size: 56KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 15KB - Virtual size: 56KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB