9b0fbfde8af982d1694f52a771e275480477a31f176ea76e25d271dc51a110d0

Sharing

Copy URL

Twitter E-mail

General

Target

9b0fbfde8af982d1694f52a771e275480477a31f176ea76e25d271dc51a110d0
Size

46KB
MD5

1df37bf80005a70869240317bf28d82e
SHA1

b260cc1b368a4e05966ba10c466f67ff2249afea
SHA256

9b0fbfde8af982d1694f52a771e275480477a31f176ea76e25d271dc51a110d0
SHA512

8b07d00c6dd57ae6a32efd404f36446ac24653e5a9bc6b134b257f7eae07478a493a4f9327d21b672cb02105891772ae925d2692989904d47514e2b3ea7f7082
SSDEEP

768:vMdlEI79nFyqibLT6tjlR31P85Mtz9jlxPrC4GyviTROKw06FGO7vNYPGa:vMd/79n7WLT6t3lP3zBv1vis06AuqPd

Score

N/A

Malware Config

Signatures

Files

9b0fbfde8af982d1694f52a771e275480477a31f176ea76e25d271dc51a110d0
.exe windows x86

36d2ea1537b6ffb6372ecb43dc90441c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GdiGetDevmodeForPage
CreateEllipticRgnIndirect
GetBrushAttributes
CreateICA
SetMapMode
DdEntry28
GdiSwapBuffers
DdEntry15
StartDocA
Polyline
EngUnlockSurface
GetOutlineTextMetricsW
DdEntry20
StretchBlt
GetOutlineTextMetricsA
CreateEnhMetaFileA
GetCharWidthA
GetSystemPaletteEntries
DdEntry13
GetBrushOrgEx
GetTextExtentPointW
EngDeleteSemaphore
TranslateCharsetInfo
GdiReleaseDC
CreateSolidBrush
ArcTo
GdiFullscreenControl

sqlsrv32

SQLBrowseConnectW
SQLParamData
SQLGetInfoW
SQLSetCursorNameW
SQLProcedureColumnsW
SQLFreeHandle
SQLFetchScroll
BCP_moretext
SQLSetScrollOptions
BCP_getcolfmt
SQLRowCount
LibMain
SQLSetEnvAttr
WizIntSecurityDlgProc
SQLCloseCursor
WizLanguageDlgProc
SQLGetDescRecW
SQLBindParameter
SQLTablePrivilegesW
SQLGetDiagFieldW
SQLGetConnectAttrW
BCP_init
SQLFetch
SQLColumnPrivilegesW
SQLSetConnectOptionW
BCP_colptr
SQLSetConnectAttrW
SQLSpecialColumnsW
ConfigDSNW

kernel32

SetComputerNameA
WaitForSingleObjectEx
SetUserGeoID
EnumerateLocalComputerNamesW
DuplicateConsoleHandle
HeapAlloc
SetThreadUILanguage
LZOpenFileW
OpenWaitableTimerW
GetConsoleCommandHistoryA
UnmapViewOfFile
ResetWriteWatch
SetComputerNameW
FindNextVolumeMountPointA
FindActCtxSectionStringA
LockFileEx
FindActCtxSectionGuid
GetConsoleFontSize
HeapCreate
RaiseException
GetComputerNameW
GetPriorityClass
LoadLibraryA
SetConsoleTextAttribute
Process32NextW
SetConsoleWindowInfo
VirtualAlloc
GetNamedPipeHandleStateW
RegisterConsoleIME
ProcessIdToSessionId
BackupRead

msvcirt

??4exception@@QAEAAV0@ABV0@@Z
??5istream@@QAEAAV0@AAI@Z
??5istream@@QAEAAV0@PAVstreambuf@@@Z
??_Gostream@@UAEPAXI@Z
?clear@ios@@QAEXH@Z
?egptr@streambuf@@IBEPADXZ
?open@ofstream@@QAEXPBDHH@Z
??0fstream@@QAE@XZ
?get@istream@@QAEAAV1@AAC@Z
??_8strstream@@7Bistream@@@
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
??0ostream@@IAE@XZ
??0ofstream@@QAE@PBDHH@Z
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??1iostream@@UAE@XZ
??1exception@@UAE@XZ
??6ostream@@QAEAAV0@G@Z
?str@ostrstream@@QAEPADXZ
?oct@@YAAAVios@@AAV1@@Z
??0istream_withassign@@QAE@XZ
?ebuf@streambuf@@IBEPADXZ
??0ostrstream@@QAE@XZ
__dummy_export
??6ostream@@QAEAAV0@C@Z

adsldpc

LdapGetValues
LdapIsClassNameValidOnServer
FreeObjectInfo
LdapAttributeFree
LdapParsePageControl
LdapReadAttribute2
ADSIGetColumn
ADSIAbandonSearch
LdapInitializeSearchPreferences
MapADSTypeToLDAPType
BuildADsPathFromLDAPPath
LdapCloseObject
LdapDeleteExtS
ConvertSidToU2Trustee
LdapCountEntries
LdapReadAttributeFast
intcmp
SchemaGetClassInfoByIndex
ADsSetObjectAttributes
ADsGetObjectAttributes
LdapcSetStickyServer
LdapResult
SchemaGetObjectCount

crypt32

CertSetCRLContextProperty
CryptSIPLoad
CryptEncryptMessage
CryptMsgCountersignEncoded
I_CryptGetLruEntryData
CryptMemAlloc
CryptGetAsyncParam
CryptSetKeyIdentifierProperty
CertAddCTLLinkToStore
I_CryptFindLruEntryData
CryptSIPVerifyIndirectData
CertCreateSelfSignCertificate
CertSaveStore
CryptUninstallDefaultContext
CryptRegisterOIDFunction
CertAddEncodedCertificateToStore
CertGetCTLContextProperty
CertComparePublicKeyInfo
CertVerifyValidityNesting
I_CryptRegisterSmartCardStore
CryptVerifyMessageSignature
CryptEnumOIDInfo
CryptFindOIDInfo
CertOpenStore
CertAddSerializedElementToStore
CertIsRDNAttrsInCertificateName
CryptSignAndEncryptMessage
CertGetIssuerCertificateFromStore

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36d2ea1537b6ffb6372ecb43dc90441c

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

sqlsrv32

kernel32

msvcirt

adsldpc

crypt32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 81KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 240B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 81KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 240B