c29e0563730cc261a8689a969a95381258c32531bf4d3adaa03f46b9cc879777

Sharing

Copy URL Twitter E-mail

General

Target

c29e0563730cc261a8689a969a95381258c32531bf4d3adaa03f46b9cc879777
Size

49KB
MD5

0388d2039b5c9f53ece8f0a6e58fcb96
SHA1

7e4a97615cfd700a592d454d61bce816055d38d6
SHA256

c29e0563730cc261a8689a969a95381258c32531bf4d3adaa03f46b9cc879777
SHA512

dd31777aed9bc84250a1ffda87efb7243f898b7490c2ed49520f31ff77df74b08ecdbff195719b2e00f8bf7d3a648b82d2dcdf478e3e11fb67611ed75e7aea7f
SSDEEP

1536:rzgf8vpJq2ANkoAzVvDmgU7muUyy4O7jRinvrsg40ra:rzjCNLWVvDmgU7maw7Wvog40

Score

N/A

Malware Config

Signatures

Files

c29e0563730cc261a8689a969a95381258c32531bf4d3adaa03f46b9cc879777
.exe windows x86

a61dbc78442bbcaac1ba9ab53c49b59b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumDateFormatsExW
_lcreat
OpenThread
GetDiskFreeSpaceA
OpenEventA
FindVolumeMountPointClose
GetVersionExA
GetPrivateProfileSectionNamesA
GlobalWire
IsBadStringPtrA
SetCalendarInfoA
WriteConsoleInputVDMA
LoadLibraryA
RtlCaptureContext
ReadConsoleOutputW
GetLongPathNameA
LoadModule
TryEnterCriticalSection
LZStart
WideCharToMultiByte
EnumDateFormatsExA
IsDBCSLeadByteEx
OpenFile
GetConsoleHardwareState
ShowConsoleCursor
CopyLZFile
VirtualAlloc
CancelIo
GetLocaleInfoW
SystemTimeToFileTime
FreeUserPhysicalPages
RegisterConsoleIME
WaitForMultipleObjectsEx
GetProcessTimes
FlushConsoleInputBuffer
GetFileSize
GlobalFindAtomA
lstrcmpA
GetProcessAffinityMask
SetUnhandledExceptionFilter
GetPriorityClass
GetSystemWindowsDirectoryA
SetConsoleInputExeNameA
SignalObjectAndWait
BeginUpdateResourceA
SystemTimeToTzSpecificLocalTime

mapi32

HrAddColumns@16
InstallFilterHook@4
HrComposeMsgID@24
SetAttribIMsgOnIStg@16
BMAPIReadMail
ScCountProps@12
FGetComponentPath
HrEntryIDFromSz@12
OpenIMsgSession@12
FDecodeID@12
MAPILogoff
MAPILogonEx@20
MAPIAllocateBuffer
UNKOBJ_FreeRows@8
ScInitMapiUtil@4
HrDecomposeEID@28
WrapStoreEntryID@24
BuildDisplayTable@40
HrThisThreadAdviseSink@8
UlPropSize@4
ScCreateConversationIndex@16
FtAdcFt@20
OpenStreamOnFile
GetTnefStreamCodepage@12
OpenTnefStream@28
MAPIFindNext
FPropCompareProp@12
MNLS_lstrcmpW@8
LpValFindProp@12
BMAPIGetReadMail

utildll

StrSystemWaitReason
StrConnectState
DateTimeString
InitializeAnonymousUserCompareList
StrAsyncConnectState
NetBIOSDeviceEnumerate
CompareElapsedTime
GetUserFromSid
HaveAnonymousUsersChanged
FormDecoratedAsyncDeviceName
TestUserForAdmin
CalculateDiffTime
IsPartOfDomain
CurrentDateTimeString
GetSystemMessageW
StrProcessState
NetworkDeviceEnumerate
GetAssociatedPortName
EnumerateMultiUserServers
WinEnumerateDevices
CtxGetAnyDCName
GetUnknownString
QueryCurrentWinStation
InstallModem
ElapsedTimeString
CalculateElapsedTime
RegGetNetworkDeviceName
SetupAsyncCdConfig
CachedGetUserFromSid
AsyncDeviceEnumerate
StrSdClass
StandardErrorMessage

rasman

RasInitialize
RasGetInfoEx
RasSetEapUserInfo
RasSetDeviceConfigInfo
RasSignalNewConnection
RasPortGetBundledPort
RasSetPortUserData
RasRegisterRedialCallback
RasPortOpen
RasSetCachedCredentials
RasSetCommSettings
RasPortSetProtocolCompression
RasCompressionSetInfo
RasProtocolEnum
RasRpcGetVersion
RasRequestNotification
RasSecurityDialogGetInfo
RasPortClose
RasInitializeNoWait
RasFreeBuffer
RasRpcGetDevConfig
RasPortReceive
RasGetDevConfig
RasSetRouterUsage
RasPortSetFraming
RasPortRetrieveUserData
RasPortClearStatistics

msdart

?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?GetDefaultSpinCount@CCritSec@@SGGXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGNXZ
?ReadOrWriteUnlock@CFakeLock@@QAEX_N@Z
?WriteLock@CFakeLock@@QAEXXZ
?TryWriteLock@CSmallSpinLock@@QAE_NXZ
MpHeapCreate
?_LockSpin@CSpinLock@@AAEXXZ
?GetSpinCount@CReaderWriterLock@@QBEGXZ
?CheckTable@CLKRLinearHashTable@@QBEHXZ
??4CLockedSingleList@@QAEAAV0@ABV0@@Z
?sm_pfnSetCriticalSectionSpinCount@CCriticalSection@@0P6GKPAU_RTL_CRITICAL_SECTION@@K@ZA
?ConvertExclusiveToShared@CSpinLock@@QAEXXZ
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?ReadUnlock@CLKRHashTable@@QBEXXZ
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
?_CurrentThreadId@CSmallSpinLock@@CGJXZ
?ConvertExclusiveToShared@CReaderWriterLock2@@QAEXXZ
?sm_wDefaultSpinCount@CSpinLock@@1GA
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?IsWriteLocked@CReaderWriterLock3@@QBE_NXZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock@@SGXN@Z
?TryReadLock@CSmallSpinLock@@QAE_NXZ
?Lock@CLockedDoubleList@@QAEXXZ
?WriteUnlock@CCritSec@@QAEXXZ
MPCSUninitialize
?GetDefaultSpinCount@CReaderWriterLock@@SGGXZ
mpFree
?TryReadLock@CSpinLock@@QAE_NXZ
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
?SetDefaultSpinCount@CSpinLock@@SGXG@Z
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
?_Lock@CSpinLock@@AAEXXZ
?_BucketAddress@CLKRLinearHashTable@@ABEKK@Z

gdi32

GdiInitSpool
DdEntry19
RoundRect
Chord
SetMetaFileBitsEx
OffsetRgn
GdiGetCharDimensions
GdiEntry15
SetLayout
AddFontResourceTracking
SetLayoutWidth
DdEntry21
PaintRgn
GetLayout
GetColorAdjustment
GetTextExtentPoint32W
RemoveFontResourceTracking
GetCurrentPositionEx
GetColorSpace
SelectObject
StretchDIBits
GetTransform
SelectFontLocal
GetNearestColor
GetTextExtentPointI
DdEntry35
DdEntry48
DdEntry36
SetBitmapDimensionEx
GetClipRgn
GdiSetAttrs
PtVisible
FONTOBJ_cGetAllGlyphHandles
SetBoundsRect
SetViewportExtEx
PlayMetaFileRecord

sqlsrv32

SQLBindCol
ConfigDriverW
SQLSetConnectAttrW
SQLGetData
SQLNumResultCols
SQLSetDescFieldW
SQLDescribeParam
BCP_bind
BCP_moretext
SQLColumnPrivilegesW
BCP_exec
SQLColAttributeW
SQLParamOptions
SQLEndTran
SQLPrepareW
SQLGetConnectOptionW
SQLGetDescRecW
SQLSetConnectOptionW
SQLSetCursorNameW
SQLMoreResults
SQLExecute
SQLProceduresW
SQLDriverConnectW
WizDSNDlgProc
BCP_control
SQLSpecialColumnsW
BCP_columns
SQLExtendedFetch
TestDlgProc
BCP_setcolfmt
SQLGetEnvAttr

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a61dbc78442bbcaac1ba9ab53c49b59b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mapi32

utildll

rasman

msdart

gdi32

sqlsrv32

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB