dd5510b35bfd83908e277c971126e01a316c55490970f46d5c6fda4651b75670

Sharing

Copy URL Twitter E-mail

General

Target

dd5510b35bfd83908e277c971126e01a316c55490970f46d5c6fda4651b75670
Size

868KB
MD5

d411146d4c9c2da0fcf15776c9c63750
SHA1

9c97ea4a9011a9ada3a0684d646571bd2097cf52
SHA256

dd5510b35bfd83908e277c971126e01a316c55490970f46d5c6fda4651b75670
SHA512

d4bbb95c282f2a83cbeef69c732a8c51366f483f5ba12b4c4288ae9a4f77e41d1780fe675e0bd6fbb4fd9259edda9b645d159e2332508b55fe9b1bcd642f0b87
SSDEEP

24576:clctO85aBc9jGWCmNLmsGggKK6WdG97dqEo4BuwAE:cv85aVUNL6g36dG98Ef

Score

N/A

Malware Config

Signatures

Files

dd5510b35bfd83908e277c971126e01a316c55490970f46d5c6fda4651b75670
.exe windows x86

d385548da15c9c4d4d3b8f43abedebdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasman

RasRpcUnloadDll
RasLinkGetStatistics
RasDeviceConnect
RasPortEnum
RasCompressionGetInfo
RasFreeBuffer
RasInitialize
RasSetDevConfig
RasPortBundle
RasGetFramingCapabilities
RasIsTrustedCustomDll
RasRpcGetSystemDirectory
RasRegisterRedialCallback
RasReferenceCustomCount
RasGetDevConfigEx
RasmanUninitialize
RasRpcGetVersion
RasAllocateRoute
RasRpcGetErrorString
RasRpcConnect
RasPortSend
RasProtocolEnum
RasRpcDeviceEnum
RasSecurityDialogSend
RasPortGetFramingEx
RasRegisterPnPHandler
RasGetDialParams
RasDoIke
RasEnableIpSec
RasEnumConnectionPorts
RasRPCBind
RasPortGetBundle
RasSetConnectionParams
RasGetConnectInfo
RasPortClearStatistics
RasPortEnumProtocols
RasInitializeNoWait
RasPortOpenEx
RasRegisterPnPEvent
RasSetCachedCredentials
RasServerPortClose
RasSecurityDialogReceive
RasGetConnectionParams
RasSetDialParams
RasSetConnectionUserData

kernel32

ShowConsoleCursor
GetCurrentThread
LocalAlloc
GetConsoleAliasW
Thread32Next
LoadLibraryA
SetFirmwareEnvironmentVariableA
TlsGetValue
GetEnvironmentStringsW
VirtualAlloc
SetComputerNameExW
AddAtomA
GetLongPathNameA
LZInit
MapViewOfFile
SetConsoleCursorMode
QueryPerformanceCounter
OpenFile
GenerateConsoleCtrlEvent
DuplicateConsoleHandle
VirtualQueryEx
lstrcmpA
CreateMemoryResourceNotification
CreateDirectoryExW
SetThreadAffinityMask
SetConsoleTitleW
FindFirstChangeNotificationW
OpenEventW
SetHandleContext
GetThreadTimes
GetDefaultCommConfigA

query

??1CDbCmdTreeNode@@QAE@XZ
?Shutdown@CWorkQueue@@QAEXXZ
?AddToWorkList@CWorkManager@@QAEXPAVCFwAsyncWorkItem@@@Z
?GetVPathSSLAccess@CMetaDataMgr@@QAEKPBG@Z
?MinPageInUse@CPhysStorage@@QAEHAAK@Z
?IsWriteProtected@CDriveInfo@@QAEHXZ
??0CFwEventItem@@QAE@GKGKPAX@Z
?SetPhrase@CContentRestriction@@QAEXPBG@Z
??0CRegChangeEvent@@QAE@PBGH@Z
?Copy@CDbProp@@QAEHABUtagDBPROP@@@Z
DllGetClassObject
?GetScodeError@@YGJAAVCException@@@Z
?_FindGroupListAnchor@CDbNestingNode@@AAEPAVCDbProjectListAnchor@@XZ
?StopFiltering@CFilterDaemon@@QAEXXZ
?EnumerateValues@CRegAccess@@QAEXPAGAAVCRegCallBack@@@Z
?Read@CRegAccess@@QAEPAGPBG0@Z
?GetVPathAccess@CMetaDataMgr@@QAEKPBG@Z
??1CVirtualString@@QAE@XZ
?SetAlias@CScopeAdmin@@QAEXPBG@Z
?GetDrive@CDriveInfo@@SGXPBGPAG@Z
?Get@CRegAccess@@QAEKPBG@Z
?IsLeaf@CRestriction@@QBEHXZ
??1CAllocStorageVariant@@IAE@XZ
?Empty@CSdidLookupTable@@QAEXXZ
?Grow@CDynStream@@QAEXAAVPStorage@@K@Z
?GetLCIDFromString@@YGKPAG@Z
?NameToReal@CPidRemapper@@QAEKPBVCFullPropSpec@@@Z
?GetWString@CMemDeSerStream@@UAEPAGXZ
?Read@CDynStream@@QAEKPAXK@Z
??1CDFA@@QAE@XZ
?RequiresFlush@CPhysStorage@@QAEHK@Z

msdart

?_CalcKeyHash@CLKRLinearHashTable@@ABEKK@Z
?IsWriteLocked@CFakeLock@@QBE_NXZ
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
?IsWinNt4orLater@CMdVersionInfo@@SAHXZ
?IsWriteUnlocked@CSpinLock@@QBE_NXZ
?IsReadLocked@CReaderWriterLock2@@QBE_NXZ
?ReadLock@CSpinLock@@QAEXXZ
?Last@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_RemoveThisFromGlobalList@CLKRLinearHashTable@@AAEXXZ
?WriteLock@CCritSec@@QAEXXZ
?ReadOrWriteLock@CCritSec@@QAE_NXZ
SetMemHook
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
??1CLockedDoubleList@@QAE@XZ
?IsWriteLocked@CReaderWriterLock2@@QBE_NXZ
?Clear@CLKRLinearHashTable@@QAEXXZ
?_WriteLockSpin@CReaderWriterLock@@AAEXXZ
?_H1@CLKRLinearHashTable@@CGKKK@Z
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
?FindRecord@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?GetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGNXZ
?ReadLock@CCritSec@@QAEXXZ
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
?Apply@CLKRHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z

sqlsrv32

SQLGetStmtAttrW
BCP_bind
SQLNativeSqlW
SQLFreeStmt
SQLFreeHandle
BCP_batch
SQLProceduresW
SQLPrimaryKeysW
SQLDescribeParam
SQLGetTypeInfoW
SQLFetchScroll
SQLPutData
SQLSetDescFieldW
SQLGetDescRecW
SQLBrowseConnectW
SQLParamData
WizLanguageDlgProc
SQLTablesW
SQLSetStmtAttrW
SQLSetConnectAttrW
SQLGetData
BCP_writefmt
SQLDebug
BCP_colfmt
SQLColumnsW
SQLDriverConnectW
BCP_sendrow
WizDatabaseDlgProc
SQLForeignKeysW
FinishDlgProc
ConfigDriverW
BCP_init
SQLSpecialColumnsW
SQLBindCol
SQLNumResultCols
SQLRowCount
SQLExecDirectW
BCP_getcolfmt
BCP_columns
SQLSetDescRec
ConfigDSNW
SQLGetDiagRecW
SQLTablePrivilegesW
BCP_done
BCP_readfmt

mfcsubs

?FreeDataChain@CPlex@@QAEXXZ
?GetUpperBound@CStringArray@@QBEHXZ
??8@YG_NABVCString@@PBG@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
?InsertAt@CStringArray@@QAEXHPAV1@@Z
??9@YG_NABVCString@@0@Z
?Mid@CString@@QBE?AV1@H@Z
??1CObject@@UAE@XZ
?FreeAssoc@CMapStringToPtr@@IAEXPAUCAssoc@1@@Z
?Right@CString@@QBE?AV1@H@Z
??_FCMapStringToPtr@@QAEXXZ
?IsEmpty@CMapStringToPtr@@QBEHXZ
?ConcatInPlace@CString@@IAEXHPBG@Z
?GetData@CStringArray@@QAEPAVCString@@XZ
??4CString@@QAEABV0@PBD@Z
??P@YG_NABVCString@@PBG@Z
??0CMapStringToPtr@@QAE@H@Z
??_7CCriticalSection@@6B@
?AllocBeforeWrite@CString@@IAEXH@Z
??ACStringArray@@QBE?AVCString@@H@Z
??4CPlex@@QAEAAU0@ABU0@@Z
??0CString@@QAE@PBD@Z
?AfxGetEmptyString@@YGABVCString@@XZ
??H@YG?AVCString@@GABV0@@Z
?MakeUpper@CString@@QAEXXZ
?SetAt@CStringArray@@QAEXHPBG@Z
??BCCriticalSection@@QAEPAU_RTL_CRITICAL_SECTION@@XZ
?GetBufferSetLength@CString@@QAEPAGH@Z
??H@YG?AVCString@@ABV0@0@Z
??0CString@@QAE@ABV0@@Z
?Unlock@CCriticalSection@@UAEHXZ
?Add@CStringArray@@QAEHPBG@Z
?IsEmpty@CString@@QBEHXZ
??_7CSyncObject@@6B@
??0CObject@@IAE@XZ
?Collate@CString@@QBEHPBG@Z
??9@YG_NABVCString@@PBG@Z
?UnlockBuffer@CString@@QAEXXZ

duser

DetachWndProc
GetGadgetProperty
DUserPostEvent
GetGadgetScale
GetStdColorBrushI
FindStdColor
GetGadgetBufferInfo
GetDebug
AutoTrace
SetGadgetCenterPoint
GetGadgetMessageFilter
SetGadgetScale
SetGadgetMessageFilter
GetStdColorF
DUserGetRotatePRID
DUserRegisterSuper
RegisterGadgetMessageString
DUserGetRectPRID
DUserBuildGadget
GetGadgetRect
EnumGadgets
GetStdColorPenI
SetGadgetBufferInfo
GetGadgetFocus
GetStdColorI

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d385548da15c9c4d4d3b8f43abedebdf

Headers

DLL Characteristics

File Characteristics

Imports

rasman

kernel32

query

msdart

sqlsrv32

mfcsubs

duser

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 304KB - Virtual size: 304KB

.data Size: 1KB - Virtual size: 1.8MB

.rsrc Size: 397KB - Virtual size: 397KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 304KB - Virtual size: 304KB

.data
Size: 1KB - Virtual size: 1.8MB

.rsrc
Size: 397KB - Virtual size: 397KB

.reloc
Size: 1024B - Virtual size: 1024B