b0c020547b3d6633f2ad8356fed9386e1bde59a134eb5be06dd458d5f016148b

Sharing

Copy URL Twitter E-mail

General

Target

b0c020547b3d6633f2ad8356fed9386e1bde59a134eb5be06dd458d5f016148b
Size

148KB
MD5

eaca0df03acc4e68ff3c18c23a1bd0e4
SHA1

b3f9f898e75726d4dcc1dea39b78fb1aa9a2deee
SHA256

b0c020547b3d6633f2ad8356fed9386e1bde59a134eb5be06dd458d5f016148b
SHA512

5f838bf8702244d4aa5ff827c7452d8f6d33d812dbfecdbc8a4941a4f1f3d0ff61e02fc6afb71f46f4f5ac0e8792482f14cebeec5ee7b947935055522edd6e78
SSDEEP

3072:C+fkKbeG8d2j509FRCKO021w1NYK7zI6mIepaPQ48PTAwnwuNXquye1ua:C6yG8d2a9GKO0kKRjepaPQ4wAw2eka

Score

N/A

Malware Config

Signatures

Files

b0c020547b3d6633f2ad8356fed9386e1bde59a134eb5be06dd458d5f016148b
.exe windows x86

d912d5273100a8a6cb55b1980847e887

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
OpenThread
RegisterConsoleVDM
ExitProcess
FormatMessageA
DeleteCriticalSection
SetFileShortNameW
lstrcpyA
SetConsoleMaximumWindowSize
GlobalSize
EnumCalendarInfoExA
IsBadStringPtrA
VirtualAlloc
SetMailslotInfo
LeaveCriticalSection
TerminateThread
TermsrvAppInstallMode
InterlockedPushEntrySList
GetCurrentThreadId
EnumUILanguagesA
SetComputerNameW
GetDiskFreeSpaceA
GetConsoleInputWaitHandle
DeleteFiber
LoadLibraryA
SizeofResource
GetConsoleAliasesA
GetEnvironmentStrings
GlobalAddAtomA
EnumSystemGeoID
DelayLoadFailureHook
SetThreadUILanguage
UnregisterWaitEx
GetThreadTimes
GetModuleHandleW
SetThreadIdealProcessor
GetPriorityClass
EnterCriticalSection

cfgmgr32

CM_Get_Parent
CM_Get_HW_Prof_Flags_ExW
CM_Get_Class_Key_NameW
CM_Get_Global_State_Ex
CM_Get_Depth
CMP_Init_Detection
CM_Get_Next_Log_Conf
CM_Dup_Range_List
CM_Get_Class_NameW
CM_Get_HW_Prof_FlagsW
CM_Query_Remove_SubTree_Ex
CM_Locate_DevNodeW
CM_Get_Parent_Ex
CM_Get_DevNode_Registry_Property_ExW
CM_Set_DevNode_Registry_PropertyA
CM_Create_Range_List
CMP_UnregisterNotification
CM_Get_Res_Des_Data_Ex
CM_Get_Hardware_Profile_Info_ExA
CM_Get_Log_Conf_Priority_Ex
CM_Reenumerate_DevNode_Ex
CMP_WaitNoPendingInstallEvents
CM_Free_Res_Des_Handle
CM_Delete_Class_Key_Ex
CM_Get_Device_ID_List_SizeA
CM_Get_Depth_Ex
CM_Set_HW_Prof
CM_Run_Detection
CM_Uninstall_DevNode
CM_Free_Res_Des
CM_Set_DevNode_Problem_Ex
CM_Get_Device_ID_Size
CM_Get_DevNode_Status_Ex
CM_Setup_DevNode

mpr

WNetAddConnectionW
WNetDisconnectDialog1A
WNetGetConnection2W
MultinetGetErrorTextW
I_MprSaveConn
WNetGetUniversalNameW
WNetGetConnection2A
WNetGetSearchDialog
MultinetGetConnectionPerformanceA
WNetGetLastErrorA
WNetClearConnections
WNetSetConnectionW
WNetConnectionDialog2
WNetGetUserW
WNetGetPropertyTextW
WNetCancelConnectionA
WNetDisconnectDialog
WNetGetPropertyTextA
WNetGetConnection3A
WNetGetConnection3W
WNetOpenEnumA
WNetGetProviderTypeA
WNetEnumResourceA
WNetEnumResourceW
WNetConnectionDialog
MultinetGetConnectionPerformanceW
WNetOpenEnumW
WNetAddConnection2W
MultinetGetErrorTextA
WNetSetLastErrorA
WNetGetProviderNameA
WNetDisconnectDialog1W
WNetCancelConnectionW
WNetAddConnection3A
WNetGetHomeDirectoryW
WNetAddConnection3W
WNetFormatNetworkNameA
WNetDisconnectDialog2
WNetGetDirectoryTypeW
WNetGetNetworkInformationA

crypt32

CryptMsgOpenToEncode
CertAddCTLLinkToStore
CryptEnumOIDInfo
CertDuplicateStore
CertStrToNameA
CertGetIntendedKeyUsage
CertRegisterPhysicalStore
CreateFileU
CryptSetOIDFunctionValue
CertVerifyTimeValidity
CertAddEncodedCertificateToStore
CertRegisterSystemStore
CryptSIPRetrieveSubjectGuid
CryptFindCertificateKeyProvInfo
CryptBinaryToStringA
I_CertProtectFunction
CertSerializeCertificateStoreElement
CryptSIPPutSignedDataMsg
CertRemoveStoreFromCollection
CertIsRDNAttrsInCertificateName
CryptBinaryToStringW
CryptRegisterDefaultOIDFunction
CertCompareIntegerBlob
CryptFormatObject
CryptGetAsyncParam
CertFindExtension
I_CryptSetTls
CryptEncodeObjectEx

certcli

CASetCAProperty
CACertTypeRegisterQuery
CAEnumCertTypesForCAEx
CACertTypeAccessCheckEx
CAGetCACertificate
CAOIDFreeProperty
CAEnumNextCertType
CACloneCertType
CAGetCertTypeFlagsEx
CAEnumCertTypes
CAOIDCreateNew
CAGetCAFlags
CAIsCertTypeCurrent
CAEnumCertTypesForCA
CAGetCAExpiration
CASetCertTypePropertyEx
CAFindCertTypeByName
CAFreeCertTypeExtensions
CAOIDDelete
CAInstallDefaultCertType
CASetCertTypeExtension
CAOIDGetLdapURL
CASetCACertificate
CACountCertTypes
CASetCertTypeFlags
CAEnumFirstCA
CAEnumCertTypesEx
CASetCAExpiration
CAGetCertTypePropertyEx
CAGetCertTypeFlags
CAFindByIssuerDN
CARemoveCACertificateType
CASetCAFlags
CAGetCertTypeExpiration
CASetCASecurity
CAGetCertTypeExtensions
CADeleteLocalAutoEnrollmentObject

msvcp60

?_Nanv@?$_Ctr@N@std@@SANN@Z
?signaling_NaN@?$numeric_limits@N@std@@SANXZ
?iword@ios_base@std@@QAEAAJH@Z
?compare@?$char_traits@D@std@@SAHPBD0I@Z
?_Getcat@?$moneypunct@G$0A@@std@@SAIXZ
?_Isinf@?$_Ctr@N@std@@SA_NN@Z
??1range_error@std@@UAE@XZ
??1?$basic_ifstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??Kstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
??4?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??Kstd@@YA?AV?$complex@N@0@ABV10@ABN@Z
?scan_is@?$ctype@D@std@@QBEPBDFPBD0@Z
?atan2@?$_Ctr@N@std@@SANNN@Z
?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
_FSnan
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIXZ
?is_open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?unget@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0PBG1@Z
?pbackfail@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@MAEHH@Z
??Gstd@@YA?AV?$complex@M@0@ABV10@0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?imag@?$_Complex_base@O@std@@QBEOXZ

wintrust

OpenPersonalTrustDBDialogEx
CryptCATAdminAddCatalog
AddPersonalTrustDBPages
CryptCATCDFEnumMembersByCDFTag
SoftpubLoadDefUsageCallData
WintrustLoadFunctionPointers
SoftpubCleanup
WVTAsn1SpcMinimalCriteriaInfoDecode
CryptCATCDFClose
CryptCATAdminRemoveCatalog
mssip32DllRegisterServer
CryptCATAdminCalcHashFromFileHandle
CryptCATEnumerateAttr
WVTAsn1SpcSigInfoEncode
WTHelperCertFindIssuerCertificate
WTHelperCertIsSelfSigned
CryptSIPPutSignedDataMsg
SoftpubDumpStructure
WVTAsn1SpcPeImageDataEncode
WVTAsn1SpcMinimalCriteriaInfoEncode
WVTAsn1SpcLinkDecode
TrustIsCertificateSelfSigned
WVTAsn1SpcSpOpusInfoDecode
GenericChainCertificateTrust
WVTAsn1CatMemberInfoDecode
SoftpubDllUnregisterServer
SoftpubLoadMessage
CryptCATCatalogInfoFromContext
WintrustGetDefaultForUsage
OpenPersonalTrustDBDialog
CryptCATAdminResolveCatalogPath
SoftpubDefCertInit
CryptCATCDFEnumMembersByCDFTagEx
WTHelperGetFileHash
WVTAsn1CatNameValueEncode

odbcjt32

SQLFreeHandle
SQLFreeEnv
SQLSetEnvAttr
SQLStatisticsW
InvisibleSelectDb
SQLAllocConnect
SQLNumResultCols
SQLBindParameter
SQLGetCursorNameW
LoadByOrdinal
SQLGetFunctions
SQLExtendedFetch
SQLAllocEnv
SQLPutData
SQLDisconnect
SQLAllocHandle
SQLTablesW
ConfigDSNW
RepairCompactProc
SQLPrepareW
ConfigDSN
SQLFreeStmt
LoginDialogProc
SQLSetStmtAttrW
SQLMoreResults
SQLConnectW
InitDialogAgain
SQLGetConnectAttrW
SQLProceduresW

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d912d5273100a8a6cb55b1980847e887

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cfgmgr32

mpr

crypt32

certcli

msvcp60

wintrust

odbcjt32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 82KB - Virtual size: 228KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 82KB - Virtual size: 228KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB