cadf959e5fabe446d8958426ee39070451307af6dd65b17eca4b004a7a6b99aa

Sharing

Copy URL Twitter E-mail

General

Target

cadf959e5fabe446d8958426ee39070451307af6dd65b17eca4b004a7a6b99aa
Size

78KB
MD5

58643ac20ed785a7c68100005916a839
SHA1

f873953711976eb85a6c0a1f2c887757bb191444
SHA256

cadf959e5fabe446d8958426ee39070451307af6dd65b17eca4b004a7a6b99aa
SHA512

e840732774e759b59a53704624337c56c0c3eddf36a6a989dc86327e1d954ecdabb45c00c3b6faf55411e0e14eef709ce3003517e02b1ba09ce803104c204457
SSDEEP

1536:Rz6uVCWSyQXFarYFtqLluov5rJja2DaJ3WkiRNVgdxnoEeeD//P:Y4XSyK0YFtqL3J+0a1WkiRzgdhoy//

Score

N/A

Malware Config

Signatures

Files

cadf959e5fabe446d8958426ee39070451307af6dd65b17eca4b004a7a6b99aa
.exe windows x86

eb324d57760d07a101973a9d5705f7dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

odbctrac

TraceSQLGetConnectAttrW
TraceSQLColumnPrivilegesW
TraceSQLAllocHandleStdW
TraceSQLDescribeParam
TraceSQLGetConnectAttr
TraceSQLSetScrollOptions
TraceSQLGetConnectOptionW
TraceSQLGetCursorName
TraceSQLPrimaryKeysW
TraceSQLGetStmtAttr
TraceVersion
TraceSQLExecute
TraceSQLPrepareW
TraceSQLSetConnectOption
TraceSQLAllocEnv
TraceSQLPrepare
TraceSQLSpecialColumns
TraceSQLProceduresW
TraceCloseLogFile
TraceSQLTransact
TraceSQLColAttributeW
TraceSQLErrorW
TraceSQLSetDescField
TraceSQLDisconnect
TraceSQLCopyDesc
TraceSQLFreeConnect
TraceSQLForeignKeysW
TraceSQLTablePrivileges
TraceSQLGetDiagFieldW
TraceSQLEndTran
TraceSQLGetCursorNameW
TraceSQLDrivers
TraceSQLColumnPrivileges
TraceSQLGetTypeInfo
TraceSQLGetDescFieldW

kernel32

GetLocaleInfoW
GetVolumePathNameW
PostQueuedCompletionStatus
GetTickCount
GetCPInfo
SetSystemTime
FindFirstVolumeA
FreeConsole
GetCommandLineW
UnlockFileEx
GetPrivateProfileStringA
CreateWaitableTimerA
LocalUnlock
lstrcpynW
WriteConsoleInputVDMA
DuplicateHandle
SetLocalPrimaryComputerNameW
GetEnvironmentVariableA
CreateWaitableTimerW
ReleaseActCtx
GetDateFormatA
FindNextChangeNotification
RegisterConsoleVDM
RtlMoveMemory
CommConfigDialogW
GetSystemWindowsDirectoryW
LoadLibraryA
GetProfileStringW
ReadConsoleInputW
PeekConsoleInputW
CreateEventA
SetConsoleLocalEUDC
GetModuleHandleExW
DeleteFiber
RaiseException
GetStartupInfoW
OpenFile
GetNumberFormatW
CmdBatNotification
CreateDirectoryExW
SetLastConsoleEventActive
GlobalFix
ReadConsoleInputExA
GetConsoleDisplayMode
SetMailslotInfo
SetUserGeoID
DeleteFileA
SetSystemTimeAdjustment
InvalidateConsoleDIBits
CreateMutexW
CreateMailslotA
DeleteAtom
CreateProcessInternalW
WaitForMultipleObjects
CreateThread
FindActCtxSectionStringW
MapViewOfFile
SetThreadLocale
RegisterConsoleOS2
FindActCtxSectionGuid
SetFirmwareEnvironmentVariableW
UTUnRegister
LocalAlloc
GetTempFileNameW
DeleteVolumeMountPointW
FatalExit
SuspendThread
CopyLZFile
UnregisterWaitEx
GetShortPathNameA
UnregisterConsoleIME
GetPrivateProfileStructW
CompareFileTime
OpenMutexA
FindFirstVolumeMountPointW
EnumResourceTypesW
VirtualAlloc
GetCommState
CreateDirectoryA
WriteConsoleOutputCharacterW
CreateMutexA
GetDevicePowerState
GetConsoleAliasesA
IsBadHugeReadPtr
GetCompressedFileSizeW
ExpungeConsoleCommandHistoryW
VerLanguageNameW
HeapLock
SetupComm
CreateDirectoryW
DeleteTimerQueue
DebugActiveProcessStop
HeapWalk
GlobalAddAtomA
CallNamedPipeW
GlobalFindAtomW
CancelIo
GetTapeParameters
SetComputerNameExA
GlobalSize
GetCalendarInfoA
SetDefaultCommConfigW
DebugBreak
CreateToolhelp32Snapshot
SetThreadIdealProcessor
OpenWaitableTimerW
IsDBCSLeadByteEx
DeleteTimerQueueTimer
GetEnvironmentVariableW
GetVolumeNameForVolumeMountPointW
LZOpenFileA
GetCalendarInfoW
IsSystemResumeAutomatic
SetFirmwareEnvironmentVariableA
SetLocalTime
GetLastError
SetConsoleHardwareState

mfcsubs

??YCString@@QAEABV0@G@Z
??4CPlex@@QAEAAU0@ABU0@@Z
?Lock@CCriticalSection@@QAEHXZ
?FindOneOf@CString@@QBEHPBG@Z
?Mid@CString@@QBE?AV1@HH@Z
?SetAt@CString@@QAEXHG@Z
??O@YG_NPBGABVCString@@@Z
?RemoveKey@CMapStringToPtr@@QAEHPBG@Z
??4CString@@QAEABV0@PBG@Z
?IsEmpty@CString@@QBEHXZ
?LoadStringW@CString@@QAEHI@Z
??0CString@@QAE@GH@Z
?Mid@CString@@QBE?AV1@H@Z
?FormatMessageW@CString@@QAAXIZZ
??P@YG_NABVCString@@PBG@Z
??_7CSyncObject@@6B@
??BCCriticalSection@@QAEPAU_RTL_CRITICAL_SECTION@@XZ
??1CCriticalSection@@UAE@XZ
?FreeExtra@CStringArray@@QAEXXZ
??H@YG?AVCString@@PBGABV0@@Z
?AfxGetEmptyString@@YGABVCString@@XZ
??0CStringArray@@QAE@XZ
??0CMapStringToPtr@@QAE@H@Z
??1CStringArray@@UAE@XZ
??H@YG?AVCString@@GABV0@@Z
?MakeReverse@CString@@QAEXXZ
?GetStartPosition@CMapStringToPtr@@QBEPAU__POSITION@@XZ
?Left@CString@@QBE?AV1@H@Z

mapi32

ScGenerateMuid@4
UNKOBJ_COFree@8
HrComposeEID@28
MAPIInitialize
MAPIAdminProfiles@8
MNLS_IsBadStringPtrW@8
OpenStreamOnFile
HrSzFromEntryID@12
UlRelease@4
FBadColumnSet@4
RTFSync
MAPIInitialize@4
SzFindLastCh@8
PpropFindProp@12
HrAddColumns@16
cmc_act_on
WrapCompressedRTFStream
BMAPISaveMail
cmc_logoff
UNKOBJ_Free@8
HrEntryIDFromSz@12
FBadSortOrderSet@4
OpenTnefStreamEx@32
UNKOBJ_ScAllocateMore@16
UlAddRef@4
MAPIFindNext
ScCopyProps@16
BMAPIReadMail
WrapCompressedRTFStream@12
HrThisThreadAdviseSink@8
PropCopyMore@16
MAPIOpenLocalFormContainer@4

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb324d57760d07a101973a9d5705f7dc

Headers

File Characteristics

Imports

odbctrac

kernel32

mfcsubs

mapi32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 11KB - Virtual size: 154KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 11KB - Virtual size: 154KB

.rsrc
Size: 3KB - Virtual size: 2KB