ade426ec31491b5c831c3cd8d01d8df0760bc6bf1979c42fc7680a851f17f20b

Sharing

Copy URL

Twitter E-mail

General

Target

ade426ec31491b5c831c3cd8d01d8df0760bc6bf1979c42fc7680a851f17f20b
Size

387KB
MD5

188df7f0a1b886006192c0e4cb3fe2ed
SHA1

b033153f04953284639d81d870a9c12a4423ef5b
SHA256

ade426ec31491b5c831c3cd8d01d8df0760bc6bf1979c42fc7680a851f17f20b
SHA512

6250ad8b4581b143444da7a4ac3185eb946b790bea33603f681b99655f2bca37bdfe9ac69dd387ca0e0e0471d360233fff56c735d8c24eec5ad54a71793b9a71
SSDEEP

6144:VlPZrDGjD6TMklSRXhUxZGYzLn8Ae5Wwn8fGl5k3ZFo1tbC4Ceux5u6TIw:VZtDwYMklFzL8HsY8fcEKtbCO5MIw

Score

N/A

Malware Config

Signatures

Files

ade426ec31491b5c831c3cd8d01d8df0760bc6bf1979c42fc7680a851f17f20b
.exe windows x86

3c7ef053d46f124b693e9a30cd988a69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsCreateStandardDnsNameCopy
DnsIpv6StringToAddress
DnsSetConfigDword
DnsAcquireContextHandle_A
DnsRecordSetCompare
DnsReleaseContextHandle
DnsApiRealloc
QueryDirectEx
DnsNotifyResolver
DnsQuery_A
CombineRecordsInBlob
DnsValidateName_W
Dns_GetRandomXid
DnsReplaceRecordSetW
DnsQueryExA
Dns_CreateMulticastSocket
DnsDhcpSrvRegisterInit
DnsValidateName_A
DnsRecordBuild_UTF8
DnsRecordStringForType
DnsRecordListFree
DnsRecordCompare
DnsQuery_W
DnsGetLastFailedUpdateInfo
DnsUtf8ToUnicode
DnsIsStatusRcode
DnsUpdateTest_W
Dns_WriteQuestionToMessage
DnsAsyncRegisterHostAddrs
DnsNameCompare_A
DnsNameCompareEx_UTF8
DnsFindAuthoritativeZone
Dns_FindAuthoritativeZoneLib
DnsDhcpSrvRegisterHostName
Dns_ReadRecordStructureFromPacket
DnsQueryExW
DnsNotifyResolverClusterIp
NetInfo_Copy
Dns_InitializeWinsock

odbcbcp

LibMain
bcp_initW
bcp_columns
bcp_control
bcp_moretext
SQLLinkedCatalogsA
bcp_done
bcp_collen
bcp_batch
bcp_getcolfmt
bcp_exec
bcp_colptr
bcp_readfmtA
bcp_writefmtW
bcp_setcolfmt
bcp_initA
dbprtypeW
SQLLinkedServers
SQLGetNextEnumeration
bcp_colfmt
bcp_writefmtA
bcp_bind
SQLInitEnumServers
SQLLinkedCatalogsW
bcp_readfmtW
bcp_sendrow
dbprtypeA
SQLCloseEnumServers

msvcrt40

strchr
_CIfmod
__wgetmainargs
?sh_write@filebuf@@2HB
??5istream@@QAEAAV0@PAC@Z
_stricmp
_strcmpi
?xalloc@ios@@SAHXZ
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??0stdiostream@@QAE@ABV0@@Z
??4Iostream_init@@QAEAAV0@ABV0@@Z
_j1
_wfopen
_mbstrlen
?freeze@strstreambuf@@QAEXH@Z
?underflow@strstreambuf@@UAEHXZ
??_7ifstream@@6B@
??_8ifstream@@7B@
_getdrive
wcsspn
_wgetcwd
_loaddll
??_Glogic_error@@UAEPAXI@Z
??0filebuf@@QAE@H@Z
_dup
_tolower
?oct@@YAAAVios@@AAV1@@Z
_yn
_adj_fprem
??0exception@@QAE@ABV0@@Z
_timezone
_wfdopen
?lockc@ios@@KAXXZ
?overflow@filebuf@@UAEHH@Z
??_Gostream@@UAEPAXI@Z
?basefield@ios@@2JB
_mtlock
??5istream@@QAEAAV0@AAK@Z
setvbuf

samlib

SamRemoveMultipleMembersFromAlias
SamLookupIdsInDomain
SamEnumerateAliasesInDomain
SamGetAliasMembership
SamCloseHandle
SamSetInformationUser
SamDeleteAlias
SamiEncryptPasswords
SamGetCompatibilityMode
SamQueryInformationAlias
SamAddMemberToGroup
SamChangePasswordUser3
SamOpenAlias
SamiSetBootKeyInformation
SamTestPrivateFunctionsUser
SamRidToSid
SamGetMembersInGroup
SamOpenUser
SamShutdownSamServer
SamLookupDomainInSamServer
SamOpenGroup
SamDeleteUser
SamSetSecurityObject
SamiLmChangePasswordUser
SamLookupNamesInDomain
SamiSetDSRMPassword
SamAddMemberToAlias
SamConnectWithCreds
SamFreeMemory
SamCreateUserInDomain
SamiChangePasswordUser
SamQueryDisplayInformation
SamGetDisplayEnumerationIndex
SamChangePasswordUser
SamCreateGroupInDomain
SamQueryInformationUser

ufat

Format
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
?QueryNthCluster@FAT@@QBEKKK@Z
??0REAL_FAT_SA@@QAE@XZ
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??0EA_SET@@QAE@XZ
?QueryLongName@FATDIR@@QAEEJPAVWSTRING@@@Z
??1ROOTDIR@@UAE@XZ
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?FreeChain@FAT@@QAEXK@Z
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
?Initialize@FAT_DIRENT@@QAEEPAXE@Z
??1FAT_DIRENT@@UAE@XZ
??1REAL_FAT_SA@@UAE@XZ
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
?IsValidLastWriteTime@FAT_DIRENT@@QBEEXZ
??1FILEDIR@@UAE@XZ
??1CLUSTER_CHAIN@@UAE@XZ
?Read@EA_SET@@UAEEXZ
??0FAT_DIRENT@@QAE@XZ
FormatEx
Recover

kernel32

SetProcessAffinityMask
EnumSystemCodePagesA
GetProcessHeap
QueueUserWorkItem
LocalUnlock
UnregisterWaitEx
GetLocaleInfoW
SetHandleContext
DeleteFileW
WTSGetActiveConsoleSessionId
SetConsoleCursor
GetBinaryTypeA
SetConsoleHardwareState
GlobalAddAtomW
GetDefaultCommConfigA
LZRead
ScrollConsoleScreenBufferW
GetSystemTimeAsFileTime
SetFilePointerEx
GlobalHandle
OpenProcess
SetTermsrvAppInstallMode
GetSystemTime
HeapCreate
HeapFree
FindFirstVolumeMountPointA
OpenProfileUserMapping
SetClientTimeZoneInformation
VirtualAlloc
FlushConsoleInputBuffer
CompareFileTime
ExpungeConsoleCommandHistoryW
GetPrivateProfileStringW
ReadConsoleOutputCharacterA
GetConsoleKeyboardLayoutNameW
SetConsoleDisplayMode
RegisterConsoleVDM
EnumCalendarInfoA
SetSystemPowerState
LoadLibraryA
lstrlenA
SetConsoleKeyShortcuts
LocalAlloc

serialui

drvSetDefaultCommConfigA
drvSetDefaultCommConfigW
drvCommConfigDialogW
drvCommConfigDialogA
drvGetDefaultCommConfigA
drvGetDefaultCommConfigW

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 561KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c7ef053d46f124b693e9a30cd988a69

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

odbcbcp

msvcrt40

samlib

ufat

kernel32

serialui

Sections

.text Size: 145KB - Virtual size: 145KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 1KB - Virtual size: 561KB

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 145KB - Virtual size: 145KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 1KB - Virtual size: 561KB

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 1024B - Virtual size: 1024B