b1e8512bf6974355ac6873a63a3a8fe4a92ed299c83fb85ca1821b4da76a466b

Sharing

Copy URL

Twitter E-mail

General

Target

b1e8512bf6974355ac6873a63a3a8fe4a92ed299c83fb85ca1821b4da76a466b
Size

176KB
MD5

8f41b3c28b50d14ee2da808e3e4d629f
SHA1

b6a037d8116439222ce69ed9d8c324072efa9b31
SHA256

b1e8512bf6974355ac6873a63a3a8fe4a92ed299c83fb85ca1821b4da76a466b
SHA512

fb157827e55ff2958c7a2f389b0ed779918d06c94de7dee8b519ce79e9c83877e723846d92af9cdf89379477fc0642f8bee0f022acb39de1b193d854de7dcc48
SSDEEP

3072:cim9vhcfIOvIKjonYO9ONkk/JZmNfi8wmFVlvoIvlxLtjH9hC/d3JIlDWzcKI5uO:Pm9vQI2jqYoOK4JEJFH9BtjSC2FI589y

Score

N/A

Malware Config

Signatures

Files

b1e8512bf6974355ac6873a63a3a8fe4a92ed299c83fb85ca1821b4da76a466b
.exe windows x86

04bf4f67f3316f6481dd1aee5ebfd722

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntmarta

AccGetAccessForTrustee
AccProvHandleGrantAccessRights
AccRewriteGetNamedRights
AccConvertAclToAccess
AccConvertSDToAccess
AccProvHandleRevokeAuditRights
AccRewriteSetNamedRights
AccProvCancelOperation
AccProvHandleIsObjectAccessible
AccLookupAccountName
AccFreeIndexArray
AccRewriteGetExplicitEntriesFromAcl
AccProvGetTrusteesAccess
AccProvHandleGetAllRights
AccGetInheritanceSource
AccProvGetAccessInfoPerObjectType
AccProvSetAccessRights
AccProvGetCapabilities
EventGuidToName
AccProvGrantAccessRights
AccLookupAccountTrustee
AccProvHandleIsAccessAudited
AccConvertAccessToSD
AccProvGetOperationResults
AccConvertAccessToSecurityDescriptor
AccProvHandleSetAccessRights
AccProvHandleRevokeAccessRights
AccTreeResetNamedSecurityInfo
AccProvHandleGetTrusteesAccess
AccRewriteGetHandleRights
AccProvIsObjectAccessible
AccSetEntriesInAList
AccProvHandleGetAccessInfoPerObjectType
AccProvIsAccessAudited
AccRewriteSetHandleRights
AccProvRevokeAuditRights
AccProvGetAllRights
AccProvRevokeAccessRights

kernel32

GetBinaryTypeA
MulDiv
DeleteTimerQueue
IsValidLocale
FindResourceA
FindNextVolumeA
GetUserDefaultLangID
GetNumaHighestNodeNumber
GetProfileSectionA
OpenMutexW
GlobalSize
CallNamedPipeW
GetProcAddress
OpenJobObjectA
EscapeCommFunction
GetVolumePathNamesForVolumeNameW
GlobalHandle
CreateJobSet
FreeUserPhysicalPages
InterlockedPopEntrySList
FillConsoleOutputCharacterW
AddAtomA
GetHandleInformation
FreeLibrary
GetStringTypeA
SetEnvironmentVariableA
GetQueuedCompletionStatus
VirtualAlloc
GetConsoleAliasA
CreateMailslotA
OpenFileMappingW
TerminateJobObject
WriteTapemark
LoadLibraryA
DebugBreakProcess
AllocateUserPhysicalPages
OutputDebugStringA
BaseCheckAppcompatCache
SetConsoleCursor
GetAtomNameA
GetProfileIntA
ReadFileEx
SetDefaultCommConfigW
GetEnvironmentStringsW
GetFullPathNameA
GetStringTypeW
CompareFileTime
GetACP
CreateSocketHandle

shlwapi

StrCSpnA
PathCompactPathW
StrCmpNA
SHDeleteEmptyKeyW
SHRegQueryInfoUSKeyA
StrNCatW
StrRetToStrW
SHStrDupW
PathRemoveBlanksW
wnsprintfW
PathCombineW
StrTrimA
StrStrIA
StrCmpNIW
UrlIsW
SHDeleteOrphanKeyA
StrCSpnW
SHStrDupA
PathAppendW
SHGetThreadRef
StrChrIA
PathIsDirectoryA
PathIsFileSpecA
UrlUnescapeA
PathSkipRootA
SHEnumKeyExW
AssocQueryKeyW
StrCatChainW
SHRegQueryInfoUSKeyW
UrlUnescapeW
PathGetArgsA
SHRegDuplicateHKey
PathUnmakeSystemFolderW
PathBuildRootW
PathMakePrettyA
PathIsUNCServerW
SHEnumKeyExA
AssocQueryStringA
PathQuoteSpacesA
PathIsPrefixA
PathSetDlgItemPathW
SHRegGetBoolUSValueA
StrChrW

user32

SetDeskWallpaper
CharLowerBuffW
EnableScrollBar
MessageBeep
UnregisterDeviceNotification
CheckDlgButton
CloseWindow
VkKeyScanW
SetDoubleClickTime
WaitForInputIdle
UnpackDDElParam
ImpersonateDdeClientWindow
ScrollWindowEx
ClientToScreen
GrayStringW
DragDetect
CopyIcon
OpenWindowStationW
SetClassLongW
SetUserObjectInformationW
EnableWindow
IsCharAlphaW
BroadcastSystemMessage
TranslateAccelerator
RemoveMenu
PeekMessageA
SendMessageCallbackA
SetLastErrorEx
CreateDialogIndirectParamW
TrackPopupMenu
EnumPropsA
ReplyMessage
GetMenuStringW
AllowSetForegroundWindow
DrawMenuBar
IsCharUpperA
OpenClipboard
PrivateExtractIconsA
SetKeyboardState
ValidateRgn
GetAncestor
DdeImpersonateClient
GetWindowContextHelpId
CreateWindowExW

msoert2

IDrawText
UlStripWhitespace
HrGetBodyElement
IsDigit
CleanupFileNameInPlaceW
GetHtmlCharset
HrSafeGetStreamSize
FBuildTempPathW
_MSG
CenterDialog
HrIndexOfMonth
IUnknownList_CreateInstance
HrIStreamToBSTR
HrBSTRToLPSZ
strtrimW
HrFindInetTimeZone
FIsHTMLFileW
PszMonthFromIndex
CreateEnumFormatEtc
CreateTempFile
HrGetCertificateParam
UpdateRebarBandColors
UnlocStrEqNW
FIsValidFileNameCharA
HrRewindStream
ChConvertFromHex
DeleteTempFile
HrDecodeObject
HrSetDirtyFlagImpl
PszDupA
BrowseForFolderW
PszFromANSIStreamA

odbctrac

TraceSQLStatistics
TraceSQLFetchScroll
TraceSQLGetDiagRec
TraceSQLGetDescRec
TraceSQLGetTypeInfoW
TraceSQLCancel
TraceSQLSetStmtAttrW
TraceSQLAllocHandleStdW
TraceSQLColumnPrivileges
TraceSQLFetch
TraceSQLColAttributesW
TraceSQLNumResultCols
TraceSQLFreeHandle
TraceSQLDataSourcesW
TraceSQLGetInfoW
TraceSQLGetInfo
TraceSQLTables
TraceSQLDescribeCol
TraceSQLProcedureColumnsW
TraceSQLAllocHandle
TraceSQLSetStmtOption
TraceSQLGetEnvAttr
TraceSQLSpecialColumns
TraceSQLAllocStmt
TraceSQLParamOptions
TraceSQLAllocEnv
TraceSQLRowCount
TraceSQLNativeSql
TraceSQLGetDescRecW
TraceVersion
TraceSQLSetDescField
TraceSQLSetParam
TraceSQLFreeConnect
TraceSQLErrorW

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04bf4f67f3316f6481dd1aee5ebfd722

Headers

DLL Characteristics

File Characteristics

Imports

ntmarta

kernel32

shlwapi

user32

msoert2

odbctrac

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 45KB - Virtual size: 246KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 45KB - Virtual size: 246KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B