edc9d847b12c44be2ba0e04f51aece0d8700333a562abfc1f4df7f666bef7ec2

Sharing

Copy URL

Twitter E-mail

General

Target

edc9d847b12c44be2ba0e04f51aece0d8700333a562abfc1f4df7f666bef7ec2
Size

58KB
MD5

f98a2a7d2eb1527a5904af7e29f54fe7
SHA1

06f079f270fcbe59264998f3d98d6b9218c792c3
SHA256

edc9d847b12c44be2ba0e04f51aece0d8700333a562abfc1f4df7f666bef7ec2
SHA512

6925c0f44bf862218e56455b44fdccd2987252d9570358f861c5bb065ac4c36f40aab871b1c14ed6f23f98487768a2c263ab4db9e8665f2813908c014876cc4e
SSDEEP

1536:3RzPY1RUOn1Atwr9/seouVa6JWJA3IpW6qAgYK:3Rb2n1Aar9/NoR6JWnPa

Score

N/A

Malware Config

Signatures

Files

edc9d847b12c44be2ba0e04f51aece0d8700333a562abfc1f4df7f666bef7ec2
.exe windows x86

febc636125d89e01201f55015abcd611

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcns4

RpcNsProfileDeleteW
RpcNsBindingLookupBeginW
RpcNsProfileEltInqBeginW
RpcNsGroupMbrInqDone
RpcNsBindingExportPnPW
RpcNsEntryObjectInqDone
RpcNsProfileEltRemoveA
RpcNsProfileEltRemoveW
RpcNsGroupMbrAddA
RpcNsProfileDeleteA
RpcNsBindingSelect
RpcNsBindingLookupDone
RpcNsBindingLookupNext
I_RpcNsSendReceive
RpcNsProfileEltInqNextW
RpcNsMgmtBindingUnexportW
RpcNsBindingImportNext
RpcNsGroupDeleteW
RpcNsMgmtEntryDeleteA
RpcNsBindingExportA
RpcNsBindingImportBeginW
RpcNsBindingImportDone
RpcNsProfileEltInqBeginA
RpcNsBindingExportPnPA
RpcNsEntryExpandNameA
I_RpcNsRaiseException
RpcNsGroupMbrInqNextA
RpcNsMgmtBindingUnexportA
RpcNsMgmtEntryInqIfIdsW

kernel32

CreateHardLinkW
SetFilePointerEx
SetCommConfig
BaseCleanupAppcompatCacheSupport
SetFileTime
SetThreadLocale
GetExitCodeThread
GetTempPathA
SetThreadAffinityMask
GetBinaryTypeA
GetGeoInfoW
GetConsoleFontInfo
AddLocalAlternateComputerNameW
AttachConsole
GetProfileStringW
GetGeoInfoA
lstrcpy
HeapCreate
IsDebuggerPresent
ExpungeConsoleCommandHistoryA
GetLastError
DeleteCriticalSection
WriteFileGather
LoadLibraryA
WriteProcessMemory
ExpandEnvironmentStringsA
GetComPlusPackageInstallStatus
WaitCommEvent
BaseDumpAppcompatCache
VirtualAlloc
FindActCtxSectionStringW
SetLocalTime
SetMessageWaitingIndicator

wininet

InternetFindNextFileA
FtpGetFileA
GetUrlCacheEntryInfoExA
InternetCreateUrlW
InternetCrackUrlW
FindFirstUrlCacheContainerW
InternetGoOnlineA
HttpAddRequestHeadersA
DeleteUrlCacheEntry
DeleteUrlCacheEntryW
SetUrlCacheEntryInfoW
InternetTimeFromSystemTimeA
InternetSetOptionW
SetUrlCacheEntryGroup
FindNextUrlCacheContainerA
RunOnceUrlCache
InternetInitializeAutoProxyDll
IncrementUrlCacheHeaderData
InternetGetPerSiteCookieDecisionA
InternetGetConnectedStateExW
InternetSecurityProtocolToStringW
IsUrlCacheEntryExpiredW
SetUrlCacheConfigInfoA
ShowSecurityInfo
HttpSendRequestExA
FtpCreateDirectoryW
InternetSetDialStateW
FtpGetCurrentDirectoryW
HttpQueryInfoW
InternetSetDialState

msvcrt

_spawnle
_fmode
_wchmod
fflush
atexit
_ismbcpunct
raise
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
_ismbstrail
_ungetwch
ungetwc
??_7exception@@6B@
_commode
ldexp
_fstat64
_strrev
??8type_info@@QBEHABV0@@Z
strncpy
_pgmptr
frexp
__p___argv
__crtGetStringTypeW
wcspbrk
_wrename

odbctrac

TraceSQLExtendedFetch
TraceSQLSetDescField
TraceSQLColumnPrivilegesW
TraceSQLSetParam
TraceSQLBrowseConnectW
TraceSQLColumns
TraceSQLDriverConnectW
TraceSQLColumnsW
TraceSQLParamOptions
TraceSQLBrowseConnect
TraceSQLNativeSqlW
TraceSQLPrimaryKeys
TraceSQLDisconnect
TraceSQLDataSources
TraceSQLSetDescFieldW
TraceSQLGetStmtAttrW
TraceSQLRowCount
TraceSQLSetConnectOptionW
TraceSQLConnectW
TraceSQLAllocHandle
TraceSQLDataSourcesW
TraceSQLGetStmtAttr
TraceCloseLogFile
TraceSQLFreeEnv
TraceSQLGetDescRec
TraceSQLAllocStmt

advapi32

FlushTraceW
WmiOpenBlock
I_ScIsSecurityProcess
NotifyBootConfigStatus
CheckTokenMembership
ObjectOpenAuditAlarmW
StartTraceW
SetKernelObjectSecurity
LogonUserA
RemoveTraceCallback
QueryTraceA
GetCurrentHwProfileA
AccessCheckByTypeResultList
GetTrusteeTypeA
GetServiceKeyNameA
GetLocalManagedApplicationData
CredDeleteW
LsaFreeMemory
CryptGetProvParam
GetNamedSecurityInfoExW
CryptHashData

secur32

LsaRegisterPolicyChangeNotification
QueryContextAttributesA
LsaLookupAuthenticationPackage
SaslGetProfilePackageW
ApplyControlToken
LsaDeregisterLogonProcess
SaslAcceptSecurityContext
GetUserNameExA
LsaRegisterLogonProcess
ImportSecurityContextA
GetUserNameExW
TranslateNameA
LsaCallAuthenticationPackage
AddSecurityPackageW
SetContextAttributesW
VerifySignature
SecpTranslateName
AcceptSecurityContext
DeleteSecurityPackageW
FreeContextBuffer
SaslEnumerateProfilesA
MakeSignature
LsaEnumerateLogonSessions
DeleteSecurityPackageA
SaslIdentifyPackageW
LsaGetLogonSessionData
QuerySecurityPackageInfoW
LsaLogonUser
ImportSecurityContextW
QuerySecurityPackageInfoA

msvcrt40

??5istream@@QAEAAV0@AAO@Z
_wcsicmp
fread
_control87
??5istream@@QAEAAV0@AAK@Z
fwrite
_getdrives
?init@ios@@IAEXPAVstreambuf@@@Z
??_Gostrstream@@UAEPAXI@Z
?fd@filebuf@@QBEHXZ
??0fstream@@QAE@HPADH@Z
_mbscspn
??_7ifstream@@6B@
exp
??6ostream@@QAEAAV0@PBD@Z
_commode
ctime
?x_lockc@ios@@0U_CRT_CRITICAL_SECTION@@A
?get@istream@@QAEAAV1@AAD@Z
labs
_ismbcsymbol
_lsearch
??_Gostream_withassign@@UAEPAXI@Z

user32

EndDialog

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

febc636125d89e01201f55015abcd611

Headers

DLL Characteristics

File Characteristics

Imports

rpcns4

kernel32

wininet

msvcrt

odbctrac

advapi32

secur32

msvcrt40

user32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 17KB - Virtual size: 50KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 164B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 17KB - Virtual size: 50KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 164B