715619d07d568567b38dfd0c6ee925c145bb01015b34a4c0d73953dff1e3843c

Sharing

Copy URL Twitter E-mail

General

Target

715619d07d568567b38dfd0c6ee925c145bb01015b34a4c0d73953dff1e3843c
Size

308KB
MD5

0324260416f69b8fd53f7f710350c9f0
SHA1

08ff2d6068ddb98a40beca8c2d6990d1ed25a365
SHA256

715619d07d568567b38dfd0c6ee925c145bb01015b34a4c0d73953dff1e3843c
SHA512

aea98b1c4e377ad4250258d5af5537e09e827672db5a313e2ce7e771b83b01ada6138b402f6f264636e2451d8e76aa6b8e9d3ffd5bad26409c6372f8bd396e18
SSDEEP

6144:rCHrxsk38OkRHzrV64MBEdopobvupMI1wzYf8oI4fdKJxvcqpddz0kqDdfe:rCLxs5OeMEddbvRI1cYBI412vcqnJ0k7

Score

N/A

Malware Config

Signatures

Files

715619d07d568567b38dfd0c6ee925c145bb01015b34a4c0d73953dff1e3843c
.exe windows x86

296b5611645e5a01c1d01d572c2fb191

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSidIdentifierAuthority
RegQueryValueExW
RegOpenKeyW
LookupAccountSidA
OpenServiceW
RegCloseKey
GetSidSubAuthorityCount
CreateServiceW
QueryServiceStatus
StartServiceW
GetSidSubAuthority
IsValidSid
OpenSCManagerW
CloseServiceHandle

user32

LoadStringW

kernel32

TlsAlloc
SetStdHandle
SizeofResource
GetCurrentThreadId
SetEnvironmentVariableA
GetFileType
VirtualAlloc
FreeEnvironmentStringsW
VirtualFree
CloseHandle
LockResource
GetSystemDirectoryW
HeapAlloc
FatalAppExitA
OpenEventW
GetUserDefaultLCID
GetSystemInfo
TlsFree
CreateThread
EnumSystemLocalesA
SetLastError
TlsSetValue
GetStdHandle
LeaveCriticalSection
HeapReAlloc
GetTimeFormatA
CompareStringW
IsValidLocale
WaitForSingleObject
LCMapStringW
GetSystemTimeAsFileTime
GetDateFormatA
FindResourceW
VirtualQuery
WideCharToMultiByte
FreeEnvironmentStringsA
HeapFree
GetOEMCP
TlsGetValue
EnterCriticalSection
GetModuleHandleA
MapViewOfFile
GetTimeZoneInformation
IsValidCodePage
SetHandleCount
CreateFileW
WriteFile
LCMapStringA
UnhandledExceptionFilter
FlushFileBuffers
VirtualProtect
DeleteFileW
RtlUnwind
LoadResource
GetCommandLineA
GetComputerNameA
GetACP
HeapDestroy
CompareStringA
SetFilePointer
DeleteCriticalSection
DeviceIoControl
OpenFileMappingW
HeapSize
LoadLibraryA

esent

JetCreateIndex
JetDupCursor
JetDefragment2
JetCreateInstance
JetGetLogInfo
JetGetCursorInfo
JetGetLogInfoInstance
JetExternalRestore2
JetStopServiceInstance
JetOpenFileSectionInstance
JetSetLS
JetGotoBookmark
JetCreateTableColumnIndex

odbccp32

SQLCreateDataSourceW
SQLValidDSNW
SQLRemoveDriverW
SQLInstallerErrorW
SQLManageDataSources
SQLPostInstallerError
SQLInstallDriverManager
SQLCreateDataSourceExW

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

296b5611645e5a01c1d01d572c2fb191

Headers

File Characteristics

Imports

advapi32

user32

kernel32

esent

odbccp32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 281KB - Virtual size: 1.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 281KB - Virtual size: 1.1MB

.rsrc
Size: 3KB - Virtual size: 2KB