972d874c4fbe5a5dd6dea4d1c4a1e6efcc002c1664a0b7fe82f9c1852202f886

Sharing

Copy URL

Twitter E-mail

General

Target

972d874c4fbe5a5dd6dea4d1c4a1e6efcc002c1664a0b7fe82f9c1852202f886
Size

378KB
MD5

5a5d18fc310896ed25a4a7a5829e5c44
SHA1

cba6a4307ff6b5bae29e8f1a319dfaef7c54429c
SHA256

972d874c4fbe5a5dd6dea4d1c4a1e6efcc002c1664a0b7fe82f9c1852202f886
SHA512

1c13ab77ea7fb6f8d11cb50e32e231dd942277280d835811482d5ef106f13bb8fc14d78fb39cd04a650a1728c8aedcf593cbcf5c1ba40a531ca105a6796302bb
SSDEEP

6144:qH/4/Sml2QjyGW8GEu72qXaKchAN1aUbzZdYVOd2Lvzp70yuaEaYKwISxn:qQCQObLlLKKcy37YY2Lvzp7FufhKg

Score

N/A

Malware Config

Signatures

Files

972d874c4fbe5a5dd6dea4d1c4a1e6efcc002c1664a0b7fe82f9c1852202f886
.exe windows x86

715a008a825540221cbf61b46fc53a51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCreateUserProcess
RtlIntegerToUnicodeString
ZwReadRequestData
RtlDeleteElementGenericTable
ZwRegisterThreadTerminatePort
NtWriteFile
RtlEqualPrefixSid
ZwDuplicateObject
ZwQueryVolumeInformationFile
NtQueryEaFile
RtlAllocateAndInitializeSid
NtGetWriteWatch
ZwOpenEventPair
DbgUiGetThreadDebugObject
RtlGetAce
ZwQuerySystemTime
RtlSubtreePredecessor
ZwClose
ZwOpenIoCompletion
RtlRandom
ZwSetIoCompletion
ZwSetContextThread
RtlOpenCurrentUser
NtNotifyChangeMultipleKeys
RtlInterlockedFlushSList
RtlDosSearchPath_U
NtCreateMailslotFile
RtlDestroyProcessParameters
memcpy
DbgUiDebugActiveProcess
NtAccessCheck
NtAllocateLocallyUniqueId
RtlIntegerToChar
ZwVdmControl
ZwCreateSection
strtol
RtlAppendStringToString
RtlAddAccessDeniedAceEx
RtlTimeToElapsedTimeFields
ZwSetSystemPowerState
NtWaitForKeyedEvent
RtlInt64ToUnicodeString
RtlLookupElementGenericTableAvl
NtQuerySecurityObject
RtlPushFrame

ws2_32

getservbyname
WSAAsyncGetProtoByNumber
ntohl
WSANtohl
WSAStartup
WSADuplicateSocketW
closesocket
WSAGetServiceClassInfoA
WSAGetLastError
WSACancelBlockingCall
WSALookupServiceBeginA
WSCInstallProvider
WSCEnableNSProvider
WSAProviderConfigChange
getnameinfo
WSAAddressToStringW
inet_ntoa
WSAUnhookBlockingHook
WSAGetQOSByName
WSAHtons
WPUCompleteOverlappedRequest
WSAAsyncGetServByPort
WSAGetServiceClassNameByClassIdW
gethostname
WSALookupServiceNextA
WSCEnumProtocols
inet_addr
WSAAsyncGetServByName
WSAInstallServiceClassW
WSAEnumProtocolsA
WSASocketW
WSACreateEvent
WSCGetProviderPath
WSANSPIoctl
sendto
WSCWriteNameSpaceOrder
connect
WSARecvFrom
WSAEnumNameSpaceProvidersA
WSAAddressToStringA
WSASetServiceW
WSAIoctl
WSASetServiceA
getpeername
ioctlsocket

clbcatq

CheckMemoryGates
GetCatalogObject2
ServerGetApplicationType
InprocServer32FromString
DllGetClassObject
SetSetupSave
SetupOpen
ActivatorUpdateForIsRouterChanges
CLSIDFromStringByBitness
DeleteAllActivatorsForClsid
ComPlusMigrate
OpenComponentLibraryEx
CreateComponentLibraryEx
SetupSave
DowngradeAPL
GetComputerObject
CoRegCleanup
GetCatalogObject
UpdateFromAppChange
OpenComponentLibraryOnMemEx
OpenComponentLibraryOnStreamEx
SetSetupOpen
UpdateFromComponentChange
GetSimpleTableDispenser

kernel32

EnumerateLocalComputerNamesA
EndUpdateResourceW
GetPrivateProfileStructA
GlobalUnlock
EnumDateFormatsW
GetEnvironmentVariableA
VirtualAllocEx
QueryDosDeviceW
ConnectNamedPipe
VirtualAlloc
GetCommProperties
SetConsoleWindowInfo
MapViewOfFile
GetCurrentThread
GetStringTypeExW
PrepareTape
EnumSystemLocalesW
ProcessIdToSessionId
lstrcpyW
FindNextVolumeA
DebugSetProcessKillOnExit
GetConsoleHardwareState
SetConsoleInputExeNameW
GetConsoleAliasesLengthW
LocalAlloc
GetModuleFileNameA
CompareStringW
GetVolumePathNameW
GetVolumeInformationA
TermsrvAppInstallMode
LoadLibraryA
GetStringTypeW
GetHandleContext
EnumSystemCodePagesA
ReplaceFileA
SetConsoleTitleW
SetConsoleTextAttribute
DeleteTimerQueueEx
GetSystemPowerStatus
GetEnvironmentStringsW
QueryPerformanceCounter
LocalLock
OpenFileMappingW
TlsFree

msvcrt40

__p__acmdln
frexp
__doserrno
towlower
_waccess
_control87
?stossc@streambuf@@QAEXXZ
??Bios@@QBEPAXXZ
cosh
?getline@istream@@QAEAAV1@PACHD@Z
memmove
_filbuf
?getline@istream@@QAEAAV1@PADHD@Z
??1ostrstream@@UAE@XZ
wcsncpy
_j1
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
_mbsspn
??1ofstream@@UAE@XZ
_strrev
_cwait
wcspbrk
_clearfp
_wsystem
_rmdir
_getws
?close@fstream@@QAEXXZ
_ismbchira
?binary@filebuf@@2HB
?close@ifstream@@QAEXXZ
_logb
_spawnle
_chdir
??_E__non_rtti_object@@UAEPAXI@Z
_dup
??0ios@@IAE@XZ
_seterrormode
_yn
?tie@ios@@QBEPAVostream@@XZ
_wasctime
?read@istream@@QAEAAV1@PACH@Z
??5istream@@QAEAAV0@AAK@Z

odbcjt32

SQLProcedureColumnsW
SQLGetTypeInfoW
SQLNumResultCols
AdvancedDialogProc
InitializeLoginDialog
SQLPrepareW
SQLMoreResults
SQLSetConnectAttrW
SQLAllocConnect
SQLNumParams
SQLSetScrollOptions
SelectUIdxDlgProc
SQLGetCursorNameW
SQLExecDirectW
SQLSetCursorNameW
SQLBulkOperations
SQLGetDescFieldW
SQLEndTran
DefTxtFmtDlgProc
SQLColumnsW
RepairCompactProc
SQLSetDescFieldW
SQLNativeSqlW
SQLExecute
SQLFreeConnect
InvisibleSelectDb
LoginDialogProc
InitDialogAgain
ConfigDialogProc
ConfigDSNW
SQLGetConnectAttrW
SQLFetch
OpenDirHook

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

715a008a825540221cbf61b46fc53a51

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ws2_32

clbcatq

kernel32

msvcrt40

odbcjt32

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 1KB - Virtual size: 628KB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 1KB - Virtual size: 628KB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 1024B - Virtual size: 1024B