b1f314f8883d1a73588ce362655e88c4885204a715209381b1050e193623ba53

Sharing

Copy URL Twitter E-mail

General

Target

b1f314f8883d1a73588ce362655e88c4885204a715209381b1050e193623ba53
Size

861KB
MD5

26d30658038245d064200b3536f0b425
SHA1

2a020317594a21c566d1dbf7732c7c73e7410068
SHA256

b1f314f8883d1a73588ce362655e88c4885204a715209381b1050e193623ba53
SHA512

f0c7bcb60c0ea1162e52971e251c1c8642e62240fb34f3c3a19cda1e1b89a764f5300eedf02b7ddb70f9f507edd2399b43be80152c442759cc533a99a85fe263
SSDEEP

24576:TyrQoMVHyh6uTwLRmflyFcBtviQCR/FoHh:LJVHVuTwtmI6CToHh

Score

N/A

Malware Config

Signatures

Files

b1f314f8883d1a73588ce362655e88c4885204a715209381b1050e193623ba53
.exe windows x86

9d17238474714c1ad6ad1a734bad57cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_CopyFileEx_@24
_WritePrivateProfileStruct_@20
_NDdeShareEnum_@24
_lstrcpy_@8
_RegisterEventSource_@8
_OpenSemaphore_@12
_GetClassName_@12
_OpenBackupEventLog_@8
_RegConnectRegistry_@12
_FindFirstChangeNotification_@12
_RegQueryMultipleValues_@20
newMultiByteFromWideCharEx
_NDdeGetErrorString_@12
_GetDlgItemText@16
_GetFileVersionInfo_@16
_SetDlgItemText@12
_GetSaveFileName@4
_CreateFile@28
_CompareString_@24
newWideCharFromMultiByte
_ReportEvent_@36
_WritePrivateProfileSection_@12
_CopyEnhMetaFile_@8
_GetMenuItemInfo_@16
_NDdeGetShareSecurity_@24
_GetWindowText@12
_AddFontResource_@4
_SetProp@12
_GetPrivateProfileInt_@16
_RegQueryValue_@16
_SetFileSecurity_@12
_QueryDosDevice_@12
_GetEnhMetaFileDescription_@12
_WriteProfileString_@12
_strerror_@4
_lstrcpyn_@12
_GetCompressedFileSize_@8
_CreateWindowStation_@16
_CreateMDIWindow_@40
_GetObject@12
_CommDlg_OpenSave_GetFolderPath@12
_CreateDesktop_@24
_ExtractAssociatedIcon_@12
_RegLoadKey_@12
_DefDlgProc_@16
_AccessCheckAndAuditAlarm_@44
_InsertMenu_@20
_SetEnvironmentVariable_@8
_lstrcat_@8
_GetTextExtentPoint@16
_FindResourceEx_@16
_InitiateSystemShutdown_@20
_lstrcmpi_@8
_CreateScalableFontResource_@16

inetcomm

MimeOleParseRfc822AddressW
EssReceiptRequestDecodeEx
MimeOleSMimeCapAddSMimeCap
MimeOleGetInternat
MimeOleInetDateToFileTime
GetDllMajorVersion
HrAttachDataFromFile
MimeOleSMimeCapRelease
MimeOleCreateHashTable
MimeOleSMimeCapInit
MimeOleGetPropertySchema
MimeOleGetFileExtension
MimeOleConvertEnrichedToHTML
HrAthGetFileNameW
EssReceiptRequestEncodeEx
HrGetLastOpenFileDirectory
MimeOleGetCodePageCharset
MimeOleSetPropA
MimeOleSetBodyPropW
MimeOleEncodeHeader
MimeOleCreateBody
EssSignCertificateDecodeEx
MimeOleCreateHeaderTable
EssContentHintEncodeEx
MimeOleGetRelatedSection
MimeOleGetBodyPropA
MimeEditGetBackgroundImageUrl
MimeOleStripHeaders
HrGetDisplayNameWithSizeForFile
CreateRangeList
EssMLHistoryEncodeEx
CreateNNTPTransport
MimeOleGetPropW
EssSecurityLabelEncodeEx
MimeEditCreateMimeDocument
EssKeyExchPreferenceDecodeEx
CreateIMAPTransport
MimeOleGenerateCID
MimeOleGetExtContentType
MimeOleSMimeCapsToDlg
HrAttachDataFromBodyPart

kernel32

AddAtomA
WriteConsoleOutputW
SetFirmwareEnvironmentVariableA
HeapSummary
RegisterConsoleVDM
SetSystemPowerState
GetWindowsDirectoryW
GetOEMCP
FindNextVolumeMountPointA
GetPrivateProfileStructA
VirtualAlloc
SetLocalPrimaryComputerNameA
SetFilePointer
GetLargestConsoleWindowSize
SetTapePosition
FindClose
CloseConsoleHandle
HeapQueryInformation
SetConsoleNlsMode
GetShortPathNameW
SetConsoleMenuClose
WriteFileGather
IsBadWritePtr
LeaveCriticalSection
EnumUILanguagesW
SetComputerNameExW
CancelDeviceWakeupRequest
GetSystemDefaultLCID
LoadLibraryA
CopyFileExA
DeleteVolumeMountPointA
FileTimeToLocalFileTime
lstrcmpi
CancelIo
SetConsoleInputExeNameA
InterlockedExchange
EnumerateLocalComputerNamesW
Process32Next
QueryPerformanceCounter
GetConsoleDisplayMode
GetDiskFreeSpaceW
ReplaceFileA
InterlockedPushEntrySList
ConnectNamedPipe
SetLocalPrimaryComputerNameW
WriteConsoleOutputAttribute
GetDiskFreeSpaceExW
FindAtomW
GetCurrentActCtx
DeactivateActCtx
SetThreadLocale
GetLastError
IsSystemResumeAutomatic
IsValidLocale
UnregisterConsoleIME
SetConsoleCtrlHandler
SetFileAttributesW
FindCloseChangeNotification
WritePrivateProfileStringA
CreatePipe
InitializeSListHead
GetStartupInfoA
OpenJobObjectW
DosPathToSessionPathA
DnsHostnameToComputerNameW
HeapSetInformation
LZClose
VirtualFreeEx
CloseHandle
CompareStringW
ReadProcessMemory

wldap32

ldap_modify_ext_s
ldap_count_entries
ldap_simple_bind
cldap_openA
ldap_modrdn2W
ldap_search_init_pageW
ldap_create_sort_controlW
ber_flatten
ldap_first_attributeW
ldap_dn2ufnA
ldap_sslinit
ldap_bind_sW
ldap_sasl_bindW
ldap_addA
ldap_modify
ldap_modrdn_sW
ldap_get_optionW
ldap_modify_s
ldap_delete_ext
ldap_compare_sW
ldap_memfree
ldap_modifyW
ldap_compare
ldap_create_page_control
ldap_modrdnA
ldap_dn2ufnW
ldap_check_filterW
ldap_extended_operationW
ldap_get_next_page
ldap_first_attributeA
ldap_modify_sW
ldap_modrdn2A
ldap_next_attributeW
ldap_free_controls
ldap_control_freeW
ldap_next_attributeA
ldap_parse_vlv_controlA
ber_alloc_t
ldap_search_ext
ber_peek_tag
ldap_search_stA
ldap_searchA
ldap_sasl_bind_sW
ldap_err2stringW

ntdll

RtlInitializeSid
RtlClearAllBits
ZwFindAtom
NtDeleteObjectAuditAlarm
ZwSetIoCompletion
RtlpApplyLengthFunction
memchr
vDbgPrintEx
RtlResetRtlTranslations
RtlValidAcl
RtlCreateHeap
sprintf
RtlExtendedMagicDivide
RtlValidateHeap
DbgPrintReturnControlC
RtlUnhandledExceptionFilter2
ZwTestAlert
NtResetWriteWatch
RtlImpersonateSelf
_ui64tow
RtlConsoleMultiByteToUnicodeN
KiRaiseUserExceptionDispatcher
RtlGetCallersAddress
NtSaveMergedKeys
strstr
NtSetInformationFile
RtlNumberOfClearBits
NtWriteRequestData
NtReplyPort
ZwProtectVirtualMemory
NtCompactKeys
_wcsnicmp
ZwOpenProcess
NtWaitHighEventPair
LdrGetDllHandle
NtSetSystemEnvironmentValue

Sections

.text
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d17238474714c1ad6ad1a734bad57cf

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

inetcomm

kernel32

wldap32

ntdll

Sections

.text Size: 373KB - Virtual size: 373KB

.rdata Size: 370KB - Virtual size: 370KB

.data Size: 115KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 373KB - Virtual size: 373KB

.rdata
Size: 370KB - Virtual size: 370KB

.data
Size: 115KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B