636999caccebb8a86f4dda8644cb0aebff3fc25e9dbe5fad1ea5f815ffadb465

Sharing

Copy URL Twitter E-mail

General

Target

636999caccebb8a86f4dda8644cb0aebff3fc25e9dbe5fad1ea5f815ffadb465
Size

137KB
MD5

20fdf52a1470d6c8c7cdbdacc3e5b2e5
SHA1

627ece3ac2c4b593b21d98e19390db8066388942
SHA256

636999caccebb8a86f4dda8644cb0aebff3fc25e9dbe5fad1ea5f815ffadb465
SHA512

b6cb4fb87af038fe1d692f29906d764a9206dc348c639eccd04c5a9a9aa9f048b744f2c7770bcff160ee446b079dd4ffbdc6dff35d706a90d96916d36b86463a
SSDEEP

3072:4ST9CFxFiJ9F1EJqZYlhTVGl+m5oApnDBdrF+9G/HD5/sh:PC/FiJhZuNVGYApDB5s9G/1/m

Score

N/A

Malware Config

Signatures

Files

636999caccebb8a86f4dda8644cb0aebff3fc25e9dbe5fad1ea5f815ffadb465
.exe windows x86

ca66a87c4cc4b3d3586b42eb69a69a39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymEnumerateModules64
SymGetSymFromAddr
SymRegisterFunctionEntryCallback64
DbgHelpCreateUserDumpW
SymUnDName64
SymFunctionTableAccess
SymGetLineNext64
SymGetLineFromAddr
SymEnumerateSymbolsW
SymGetLinePrev
SymLoadModule
SymGetSymFromAddr64
DbgHelpCreateUserDump
SymGetLinePrev64
SymGetLineFromAddr64
UnDecorateSymbolName
SymFunctionTableAccess64
SymFromName
SymGetSymNext64
FindExecutableImageEx
GetTimestampForLoadedLibrary
SymGetLineNext
WinDbgExtensionDllInit
SymSetContext
SymGetLineFromName64
sym
SymGetSymFromName
SymSetSearchPath
SymSetOptions
SymGetLineFromName

kernel32

GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
ScrollConsoleScreenBufferA
VirtualQuery
LocalSize
GetStringTypeW
_lwrite
GetNumaProcessorNode
GetMailslotInfo
OpenFileMappingW
GetStartupInfoA
GetProcessWorkingSetSize
GlobalFlags
WriteConsoleInputVDMA
LeaveCriticalSection
CreateMutexW
LoadLibraryExA
GetCommMask
LZInit
LoadLibraryA
GetConsoleAliasW
WriteProfileStringA
SetFileApisToANSI
EnumDateFormatsExW
FlushFileBuffers
FlushViewOfFile
SetFileShortNameA
EnterCriticalSection
GetConsoleWindow
BackupWrite
CallNamedPipeA
EnumResourceTypesW
GetModuleHandleW
TerminateThread
IsValidLanguageGroup
DeleteCriticalSection
Heap32ListNext
GlobalWire
GetConsoleCursorInfo
EnumSystemCodePagesW
SetLocalPrimaryComputerNameA
HeapValidate
RtlUnwind
WriteConsoleInputW
VirtualAlloc
GetCurrentThread
SetComputerNameW
InterlockedIncrement
IsSystemResumeAutomatic
QueueUserAPC
CompareStringA
InterlockedPopEntrySList
DuplicateHandle
GetTapePosition
CreateHardLinkW
Thread32Next
ReadConsoleOutputCharacterW
GetCalendarInfoA
ExitProcess
GetSystemDefaultUILanguage
CancelTimerQueueTimer
LocalFileTimeToFileTime
LoadLibraryExW
FindFirstFileW

expsrv

GetMem4
rtcFormatPercent
rtcReplace
rtI2FromErrVar
__vbaCopyBytesZero
__vbaVarTextCmpLt
__vbaForEachCollObj
__vbaNextEachAry
__vbaAryRecCopy
SetMemEvent
rtcPMT
rtcSLN
BASIC_CLASS_GetIDsOfNames
__vbaFileLock
__vbaI2ErrVar
CopyRecord
rtcGetDayOfMonth
__vbaR8FixI4
__vbaVarImp
TipSetOption
rtcQBColor
__vbaVarTextTstLt
__vbaLateMemStAd
__vbaRefVarAry
__vbaMidStmtBstrB
rtcNPV
__vbaFpR8
__vbaRaiseEvent

msvcrt

__p__amblksiz
_wsystem
difftime
_getmaxstdio
_wexecl
_vscwprintf
___mb_cur_max_func
_heapwalk
_safe_fprem1
_wstat
_getwche
_beginthread
tmpfile
___lc_codepage_func
_makepath
_mbsncoll
atan2
__p__winver
memcpy
_mbsnbicmp
_fileinfo
_i64tow
perror
_wstati64
_wfindnext64
_spawnv
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
_ismbbkana
_wutime

oleaut32

SafeArrayCopy
VarR4FromI8
VarBstrFromDisp
VarDateFromI1
VarI8FromStr
VarUI4FromBool
VarDateFromDisp
VarBstrFromBool
VarI8FromI1
QueryPathOfRegTypeLib
BSTR_UserUnmarshal
SafeArrayCreateVectorEx
VarI8FromDec
VarUI2FromDisp
SafeArrayGetRecordInfo
VarR4FromI1
VarI4FromUI4
VarR4FromUI2
VarUI8FromStr
LoadTypeLib
GetAltMonthNames
VarUI4FromUI2
VarUI4FromDec
VarBoolFromUI2
VarUI1FromR4
DispGetParam
VarUI2FromI2
VarCyFromI8
VarR8FromI1
VarDateFromI4
VarUI8FromDec
VarUI4FromR8
VarCyFromUI8
GetVarConversionLocaleSetting
VarAdd
CreateTypeLib2
SafeArrayGetLBound

kerberos

SpInitialize
SpUserModeInitialize
SpLsaModeInitialize
KerbCreateTokenFromTicket
KerbDomainChangeCallback
SpInstanceInit
KerbMakeKdcCall
KerbKdcCallBack
KerbIsInitialized

sqlunirl

_GetTimeFormat_@24
_GetUnicodeRedirectionLayer@0
_FindText_@4
_NDdeShareAdd_@20
_SetICMProfile_@8
_NDdeShareEnum_@24
_OemToCharBuff_@12
_SetComputerName_@4
_RegCreateKeyEx_@36
_IsCharAlpha_@4
_GetComputerName@8
_AddFontResource_@4
_GetOpenFileName@4
_StartDoc@8
_SetCurrentDirectory_@4
_CreateMailslot_@16
_lstrcmp_@8
_EnumResourceTypes_@12
_GetFileAttributes_@4
_CreateService_@52
_EnumServicesStatus_@32
_RemoveProp@8
_RegQueryValue_@16
_GetLogColorSpace_@12
_EnumDependentServices_@24
_ShellExecuteEx_@4
_DialogBoxParam_@20
_WriteConsoleInput_@16
_GetCharacterPlacement_@24
_CreateMutex_@12
_LoadMenu@8
_DlgDirListComboBox_@20
_SystemParametersInfo_@16
_CopyMetaFile_@8
_DefMDIChildProc_@16
_ChooseFont_@4
_SHGetPathFromIDList_@8
_RegReplaceKey_@16
_EnumPropsEx_@12
_ReadEventLog_@28
_GetDateFormat_@24
_DeleteFile@4
_DispatchMessage_@4

actxprxy

DllGetClassObject
GetProxyDllInfo

traffic

TcSetInterface
TcGetFlowNameW
TcModifyFlow
TcQueryFlowA
TcEnumerateInterfaces
TcSetFlowA
TcOpenInterfaceW
TcAddFlow
TcRegisterClient
TcOpenInterfaceA
TcQueryFlowW
TcDeregisterClient
TcEnumerateFlows
TcDeleteFlow
TcCloseInterface
TcAddFilter
TcQueryInterface
TcDeleteFilter
TcGetFlowNameA
TcSetFlowW

user32

PostQuitMessage
DefWindowProcA
RegisterClassA

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca66a87c4cc4b3d3586b42eb69a69a39

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

kernel32

expsrv

msvcrt

oleaut32

kerberos

sqlunirl

actxprxy

traffic

user32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 32KB - Virtual size: 202KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 916B

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 32KB - Virtual size: 202KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 916B