b4722af051ff5aeb9b710bf281878840bbb24993816c13023441104d5e10f691

Sharing

Copy URL Twitter E-mail

General

Target

b4722af051ff5aeb9b710bf281878840bbb24993816c13023441104d5e10f691
Size

819KB
MD5

cea6b33c365cec252224899809d5295f
SHA1

534af6b07f3b5d02dc1bc6c5bf75cac47196a6f4
SHA256

b4722af051ff5aeb9b710bf281878840bbb24993816c13023441104d5e10f691
SHA512

d50ab3c794dd2370d14da09755d49e724c30de96fb55aac59453655a94d89d77560dd1a4c4bdbbf07c9dcffd678450d3a51376326272d6c5a799676b2b0cde26
SSDEEP

24576:LJu8VkxhZXjmYiXfieHyVje3zt/ZOIRqufzaFpnpFuV+21x2o:dkxhZXjmz6RothHfzaz491

Score

N/A

Malware Config

Signatures

Files

b4722af051ff5aeb9b710bf281878840bbb24993816c13023441104d5e10f691
.exe windows x86

16fdc565e03cf6ffb3b414c9923f9b34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
lstrcpyA
Module32FirstW
VirtualAlloc
VerLanguageNameA
FindNextFileW
_lopen
CreateIoCompletionPort
SetLocaleInfoW
SetSystemPowerState
DebugBreak
GetConsoleAliasesLengthW
GetSystemDefaultUILanguage
TlsSetValue
AddAtomW
DeleteTimerQueueTimer
GetVolumePathNamesForVolumeNameW
WriteConsoleOutputA
GetWindowsDirectoryA
ScrollConsoleScreenBufferA
SwitchToThread
EndUpdateResourceW
FreeResource
AttachConsole
BaseCleanupAppcompatCacheSupport
HeapUnlock
IsBadStringPtrW
GetCurrentThread
EnumSystemLanguageGroupsA
SetCriticalSectionSpinCount
GetSystemDirectoryA
GetSystemTimeAsFileTime
FindFirstVolumeMountPointW
WaitForSingleObjectEx
LoadLibraryA
WriteConsoleA
lstrcmpi
VerifyConsoleIoHandle
LocalShrink

gdi32

EnumICMProfilesW
FONTOBJ_pQueryGlyphAttrs
PlayEnhMetaFile
CreatePenIndirect
DdEntry24
GdiEntry5
AddFontResourceTracking
GdiQueryFonts
FONTOBJ_vGetInfo
GetCharWidthI
SetPixelV
GdiEntry15
GetNearestColor
SelectFontLocal
GetStockObject
GetCharWidthW
PATHOBJ_vEnumStart
GdiEntry14
GetETM
GdiEntry10
DdEntry14
FONTOBJ_pxoGetXform
CreatePen
EngDeleteSemaphore
EudcLoadLinkW
ColorMatchToTarget
GdiEntry4
BeginPath
FillRgn
EngUnlockSurface
GetViewportExtEx
GdiEntry8
CreatePatternBrush
OffsetViewportOrgEx
SetWindowExtEx
CreateHalftonePalette
GetEnhMetaFilePixelFormat
Rectangle
CreatePalette
SetBitmapBits
GdiConvertMetaFilePict
bMakePathNameW
SetBrushOrgEx
EngQueryLocalTime
GdiConvertToDevmodeW
RectVisible
EngFindResource
EngDeleteSurface
DdEntry20
GdiGetPageHandle
DeleteDC
CombineRgn
TextOutA
SetBkColor
GdiEntry16
GetTextFaceW
GdiIsMetaPrintDC
PATHOBJ_bEnumClipLines
GdiSetAttrs
GetEnhMetaFileW
SetGraphicsMode
CreateEnhMetaFileA
CreateFontIndirectExA
ExtSelectClipRgn
DdEntry46
GdiValidateHandle
UnrealizeObject
StartDocA
StrokeAndFillPath
DdEntry17

advapi32

RegOpenCurrentUser
CreatePrivateObjectSecurityEx
EqualDomainSid
CredGetTargetInfoA
CredpDecodeCredential
GetNamedSecurityInfoW
FreeSid
SetPrivateObjectSecurity
CreateCodeAuthzLevel
WmiMofEnumerateResourcesA
ObjectCloseAuditAlarmA
CredMarshalCredentialW
ElfRegisterEventSourceW
OpenServiceW
SystemFunction030
GetAuditedPermissionsFromAclW
GetServiceKeyNameA
InitializeSecurityDescriptor
GetOldestEventLogRecord
WmiReceiveNotificationsW
ElfClearEventLogFileW
SystemFunction024
WmiQueryAllDataW
AdjustTokenGroups
ConvertStringSDToSDRootDomainW
IsValidAcl
WmiQueryAllDataMultipleW
CredGetTargetInfoW
RegSetValueA
CredUnmarshalCredentialW
FileEncryptionStatusA
GetSecurityDescriptorDacl
SetThreadToken
SystemFunction010
RegEnumKeyA
LsaOpenPolicySce
LsaAddAccountRights
I_ScGetCurrentGroupStateW
RegSaveKeyA
UnregisterIdleTask
EnumerateTraceGuids
QueryServiceLockStatusW
MD4Update
GetNamedSecurityInfoExA

mapistub

MAPIFindNext
cmc_free
HrSzFromEntryID@12
cmc_list
MAPIFreeBuffer
FtAdcFt@20
DllGetClassObject
FBadRglpNameID@8
cmc_read
FBadRestriction@4
GetOutlookVersion
FBadProp@4
MAPISendMail
MAPIOpenLocalFormContainer
FtAddFt@16
FBadRglpszA@8
HrComposeMsgID@24
MAPIFreeBuffer@4
FBinFromHex@8
UNKOBJ_ScAllocate@12
CloseIMsgSession@4
DeinitMapiUtil@0
SzFindSz@8
ScCountNotifications@12
HexFromBin@12
MAPIAllocateMore
PropCopyMore@16
FtSubFt@16
ScCountProps@12
UNKOBJ_FreeRows@8
MapStorageSCode@4
FDecodeID@12
ScLocalPathFromUNC@12
GetTnefStreamCodepage
HrIStorageFromStream@16
ChangeIdleRoutine@28

vfpodbc

??4CVfpodbc@@QAEAAV0@ABV0@@Z
SQLSetConnectOption
ConfigDSN
fnVfpodbc
LibMain
ConfigDSNEx

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 643KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16fdc565e03cf6ffb3b414c9923f9b34

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

mapistub

vfpodbc

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 643KB - Virtual size: 2.0MB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 332B

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 643KB - Virtual size: 2.0MB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 332B