b520e651f5da855ed1b5257260918c89ed4808a6d41d345e3efad209bc1b4a5c

Sharing

Copy URL

Twitter E-mail

General

Target

b520e651f5da855ed1b5257260918c89ed4808a6d41d345e3efad209bc1b4a5c
Size

475KB
MD5

2c6538ff1e1544f31e429bf6e7f8a495
SHA1

1291d9797cdc1d1be4bac52571a54c43de42b168
SHA256

b520e651f5da855ed1b5257260918c89ed4808a6d41d345e3efad209bc1b4a5c
SHA512

625416db97054f02b1cef8c598fef55458159a9aa859fc53ebd8e44d9aa1097e17face6a1aab5061c9bdde370c073941e0a26f21f31694056d6eb1f0fa607b4d
SSDEEP

12288:UgG9d0Iq1WUjUDTsW2lUZTq1qd6UV4Z56yzFmvWOxhp8:E9Wj032l7oZV4Z56TeC8

Score

N/A

Malware Config

Signatures

Files

b520e651f5da855ed1b5257260918c89ed4808a6d41d345e3efad209bc1b4a5c
.exe windows x86

3c0c6debd41e81b8da53f4240f8b067c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

DeregisterIdleRoutine@4
LAUNCHWIZARD
HrSzFromEntryID@12
ScGenerateMuid@4
BMAPIDetails
cmc_logon
SwapPlong@8
MNLS_lstrcmpW@8
HrQueryAllRows@24
HrGetOmiProvidersFlags@8
OpenTnefStream
FBadRow@4
UFromSz@4
HrSetOmiProvidersFlagsInvalid
__CPPValidateParameters@8
FPropContainsProp@12
cmc_logoff
EnableIdleRoutine@8
HrIStorageFromStream@16
MAPIAllocateMore
MAPIUninitialize
HrGetOneProp@12
UNKOBJ_COFree@8
MAPISendDocuments
IsBadBoundedStringPtr@8
CbOfEncoded@4
LaunchWizard@20
HrComposeMsgID@24
MAPIAllocateMore@12
HrAddColumnsEx@20
ScCreateConversationIndex@16
SzFindLastCh@8
FtMulDwDw@8
LpValFindProp@12
MAPILogonEx@20
FPropExists@8
WrapProgress@20
WrapCompressedRTFStream
UNKOBJ_Free@8

msvcrt20

?sh_read@filebuf@@2HB
sscanf
??0streambuf@@IAE@PADH@Z
_abnormal_termination
??2@YAPAXI@Z
__p__wenviron
exit
ceil
_getdiskfree
_wfindnext
??_Eostream_withassign@@UAEPAXI@Z
?hex@@YAAAVios@@AAV1@@Z
__lconv_init
_wsystem
_j0
?read@istream@@QAEAAV1@PADH@Z
_adj_fdivr_m32
_rmtmp
_seterrormode
_strnicoll
??0istream@@IAE@XZ
_wctime
??4istream@@IAEAAV0@PAVstreambuf@@@Z
_matherr
_commode
??5istream@@QAEAAV0@AAF@Z
_hypot
_tcspbrk
__mb_cur_max
_fdopen
_rotl
_fgetchar
??5istream@@QAEAAV0@AAH@Z
?blen@streambuf@@IBEHXZ
_beginthreadex
floor
??5istream@@QAEAAV0@AAD@Z
strcmp
?setmode@ifstream@@QAEHH@Z
_CIpow
??_8istream_withassign@@7B@
_wperror
??0streambuf@@IAE@XZ
_strnset
??5istream@@QAEAAV0@AAI@Z
_CIatan
??4strstreambuf@@QAEAAV0@ABV0@@Z
??_Gofstream@@UAEPAXI@Z
_chdrive
_setjmp3
__p__wcmdln
??Bios@@QBEPAXXZ
_ismbbkpunct
?setmode@filebuf@@QAEHH@Z
?xalloc@ios@@SAHXZ
vfwprintf
_exit
isxdigit
strtoul
_wsearchenv
ungetc
_execvpe
??0strstream@@QAE@ABV0@@Z
?snextc@streambuf@@QAEHXZ
frexp
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
iswpunct
??_Giostream@@UAEPAXI@Z
_itoa
??_Eofstream@@UAEPAXI@Z

rpcrt4

pfnSizeRoutines
I_RpcTransDatagramAllocate
I_RpcServerAllocateIpPort
NdrConformantVaryingStructFree
RpcRevertToSelf
I_RpcBindingInqDynamicEndpointW
I_RpcEnableWmiTrace
NdrComplexStructMemorySize
RpcNetworkInqProtseqsW
NdrClientInitialize
MesHandleFree
NdrServerContextUnmarshall
RpcNsBindingInqEntryNameA
RpcServerUseProtseqEpW
NdrFullPointerFree
NDRCContextBinding
NdrNonEncapsulatedUnionFree
NdrClientInitializeNew
NdrProxyErrorHandler
I_RpcBindingToStaticStringBindingW
I_RpcTransConnectionReallocPacket
RpcObjectInqType
RpcBindingInqAuthClientA
NdrNonConformantStringUnmarshall
NdrFullPointerInsertRefId
RpcEpRegisterNoReplaceA
NdrRpcSsDefaultAllocate
RpcTestCancel
NdrComplexArrayMarshall
NdrSendReceive
NdrEncapsulatedUnionUnmarshall
RpcGetAuthorizationContextForClient
NdrStubCall2
NdrMesTypeFree2
RpcSsSwapClientAllocFree
I_RpcNsBindingSetEntryNameW
NdrProxyInitialize
NdrFixedArrayFree
NdrComplexStructMarshall
CStdStubBuffer_Disconnect
NdrXmitOrRepAsUnmarshall
NdrMesProcEncodeDecode2

odbccp32

SQLValidDSN
SQLSetConfigMode
SQLConfigDataSource
SQLManageDataSources
SQLInstallTranslator
SelectTransDlg
SQLInstallDriverManager
SQLConfigDriver
SQLRemoveDSNFromIni
SQLInstallDriverW
SQLGetInstalledDrivers
SQLCreateDataSourceEx
SQLInstallerErrorW
SQLGetAvailableDrivers
SQLPostInstallerError
SQLRemoveTranslatorW
SQLRemoveDriver
SQLPostInstallerErrorW
SQLWriteDSNToIniW
SQLGetInstalledDriversW
SQLInstallDriverEx
SQLWriteDSNToIni
SQLConfigDataSourceW
SQLGetTranslatorW
SQLGetPrivateProfileString
SQLWritePrivateProfileStringW
SQLValidDSNW
SQLWriteFileDSN
SQLRemoveDriverManager
SQLLoadDataSourcesListBox
SQLRemoveDefaultDataSource
SQLConfigDriverW
SQLWriteFileDSNW
SQLInstallODBCW
SQLReadFileDSNW
SQLInstallDriverExW
SQLGetAvailableDriversW
SQLInstallTranslatorW
SQLRemoveDriverW
SQLInstallerError
SQLInstallTranslatorEx

oleaut32

VariantChangeTypeEx
VarBstrFromR4
VarCyFromR8
VarUI1FromUI2
VarI4FromBool
SafeArrayGetDim
VarFormatFromTokens
VARIANT_UserUnmarshal
VarBoolFromCy
VarUI4FromI1
VarUI2FromUI4
VarI8FromDisp
SafeArrayCreateVectorEx
VarI8FromR8
LHashValOfNameSys
VarUI4FromR4
VarI4FromUI2
VarDateFromUI8
VarUI8FromBool
CreateErrorInfo
VarDateFromUdate
VarUI2FromBool
BSTR_UserFree
VarI4FromR8
OleLoadPicture
VarBstrFromUI1
VarR8FromUI2
DispGetIDsOfNames
VarCyFromUI8

gdi32

SetBoundsRect
GetMetaFileW
EngEraseSurface
EngAssociateSurface
CancelDC
FONTOBJ_cGetGlyphs
SetSystemPaletteUse
EngLockSurface
CreateDCA
DdEntry22
EngBitBlt
SwapBuffers
SetTextCharacterExtra
SetRelAbs
GetPixelFormat
StartPage
ChoosePixelFormat
GdiCreateLocalEnhMetaFile
OffsetClipRgn
DdEntry8
SetDIBits
StrokePath
GetClipBox
FontIsLinked
FONTOBJ_pifi

kernel32

WritePrivateProfileStringW
QueryDepthSList
GetModuleHandleExA
SetVolumeLabelW
GetConsoleAliasesW
GlobalLock
UnregisterWaitEx
ReadConsoleW
TerminateThread
GetPrivateProfileIntA
GetPrivateProfileStringA
SetDefaultCommConfigA
AddAtomW
GetConsoleAliasW
GetSystemTimeAsFileTime
CreateProcessW
RequestWakeupLatency
GlobalFlags
VirtualAlloc
LoadLibraryA
InvalidateConsoleDIBits
SetCommMask
GetConsoleAliasesA
BaseCheckAppcompatCache
GetCalendarInfoA
EnumResourceLanguagesA
EnumSystemLanguageGroupsW
TlsAlloc
BuildCommDCBA
GetExitCodeProcess
lstrcpyn
GetConsoleInputWaitHandle
GetProcessPriorityBoost

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 596KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c0c6debd41e81b8da53f4240f8b067c

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

msvcrt20

rpcrt4

odbccp32

oleaut32

gdi32

kernel32

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 596KB - Virtual size: 1.9MB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 304B

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 596KB - Virtual size: 1.9MB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 304B