cb0d95be9b73ff8910db055393832bba96d7a4673e425fa9f74fd4d420af75a7

Sharing

Copy URL Twitter E-mail

General

Target

cb0d95be9b73ff8910db055393832bba96d7a4673e425fa9f74fd4d420af75a7
Size

42KB
MD5

463bad73855e7f0970849acfa64aad91
SHA1

629776fe96c3bcc3900e592f5a93c1a7a60de70b
SHA256

cb0d95be9b73ff8910db055393832bba96d7a4673e425fa9f74fd4d420af75a7
SHA512

39da95c04206c8271db45869829068857a65d83fa5ee232f2e293ccc38c4823748c8d8dcdf0902e8a81740eb67cba67da52fccf89c7b5d28238014c7f9fbcca7
SSDEEP

768:/e1BU3buv+UiG+DT7iA5kQdbSAgLVgdoRxVykRE:/qByuGUijb5kQdbHgLVg6RLTRE

Score

N/A

Malware Config

Signatures

Files

cb0d95be9b73ff8910db055393832bba96d7a4673e425fa9f74fd4d420af75a7
.exe windows x86

39aad34a92d8460a916d6621496fc5a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtInitializeRegistry
NtQueryFullAttributesFile
ZwQueryDebugFilterState
NtQueryEvent
RtlSetCriticalSectionSpinCount
ZwResetWriteWatch
RtlPopFrame
NtDuplicateObject
RtlGUIDFromString
NtSetDefaultHardErrorPort
NtSetContextThread
ZwCreateJobSet
ZwReplaceKey
RtlTraceDatabaseUnlock
RtlNewSecurityGrantedAccess
RtlSetHeapInformation
RtlStartRXact
RtlCopyLuidAndAttributesArray
RtlSetIoCompletionCallback
NtQueryDefaultLocale
RtlInitUnicodeStringEx
ZwAreMappedFilesTheSame
RtlDosApplyFileIsolationRedirection_Ustr

oleaut32

VarDateFromUI2
DllGetClassObject
VarR8FromUI8
LPSAFEARRAY_Marshal
VarDecRound
LPSAFEARRAY_UserFree
VarR8FromUI4
VarXor
VarUI8FromI1
SafeArrayDestroy
VarBstrFromBool
VarCyFromUI2
VarSub
VarFormat
VarCyFromUI1
VarUI4FromI1
UnRegisterTypeLib
VarR4FromUI2
VarR4FromStr
VarR8FromCy
VarCyNeg
VarCyInt
VarR8FromDate
VarDateFromI4
SystemTimeToVariantTime
SafeArrayAllocDescriptorEx

imagehlp

SymEnumSymbols
GetTimestampForLoadedLibrary
SymEnumerateSymbols
SymGetSymPrev
UpdateDebugInfoFile
SymFindFileInPath
SymCleanup
SymGetModuleInfoW64
BindImageEx
SymFromName
SymUnloadModule
MapDebugInformation
SymGetModuleInfoW
RemovePrivateCvSymbolic
MapFileAndCheckSumW
ImageUnload
SymMatchFileName
FindExecutableImageEx
ImageDirectoryEntryToDataEx
SymRegisterFunctionEntryCallback64
ImageRvaToSection
RemovePrivateCvSymbolicEx
MakeSureDirectoryPathExists
FindExecutableImage
SymFunctionTableAccess
ImagehlpApiVersion
SymFromAddr
SymGetModuleInfo
GetImageConfigInformation

query

??0CMmStream@@QAE@KH@Z
??1CVirtualString@@QAE@XZ
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KPAUtagPROPVARIANT@@PAI@Z
?LongInit@CPropStoreManager@@QAEXAAHAAKP6GXKHPBX@Z2@Z
?VT_VARIANT_GE@@YGHABUtagPROPVARIANT@@0@Z
??0CPropStoreManager@@QAE@K@Z
??0CDynStream@@QAE@PAVPMmStream@@@Z
?GetColumn@CCatState@@QBEPBGI@Z
?AddRef@CDbProperties@@UAGKXZ
?Marshall@CNotRestriction@@QBEXAAVPSerStream@@@Z
?AddCatalog@CCatState@@QAEXAAV?$XPtrST@G@@@Z
?QueryScopeAdmin@CCatalogAdmin@@QAEPAVCScopeAdmin@@PBG@Z
?FillMax@CKeyArray@@QAEHH@Z
?Start@CCatalogAdmin@@QAEHXZ
CITextToSelectTreeEx
??1CPhysStorage@@UAE@XZ
??1CPropertyStoreWids@@QAE@XZ
?Get@CRegAccess@@QAEXPBGPAGI@Z
??0CSynRestriction@@QAE@ABVCKey@@KKKH@Z
?ContainsDrive@CDriveInfo@@SGHPBG@Z
?Shrink@CDynStream@@QAEXAAVPStorage@@K@Z
?Init@CPidLookupTable@@QAEHPAVPRcovStorageObj@@@Z
DllUnregisterServer
?InitializeForRead@CDynStream@@QAEXXZ
??0CImpersonateRemoteAccess@@QAE@PAVCImpersonationTokenCache@@@Z

kernel32

FindResourceA
GetConsoleCursorInfo
GetNextVDMCommand
FatalExit
GetCPInfoExA
OpenProfileUserMapping
DeleteFileW
GlobalHandle
ConvertFiberToThread
RegisterWaitForSingleObjectEx
VerifyVersionInfoW
SetConsoleCP
PulseEvent
BuildCommDCBAndTimeoutsA
DebugActiveProcessStop
GetLastError
VirtualProtectEx
CreateMailslotW
lstrcmpA
CloseHandle
VirtualAlloc
GetModuleHandleA
FindNextVolumeMountPointW
GetConsoleAliasesLengthA
LoadLibraryA
FreeEnvironmentStringsW
DeactivateActCtx
WriteConsoleInputVDMW

Sections

.text
Size: 1024B - Virtual size: 698B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39aad34a92d8460a916d6621496fc5a7

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

oleaut32

imagehlp

query

kernel32

Sections

.text Size: 1024B - Virtual size: 698B

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 15KB - Virtual size: 68KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1024B - Virtual size: 698B

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 15KB - Virtual size: 68KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 64B