94fd128e0a6e83d867fe6a36e945e541608927aa9dff64c844c4e93cba21402c

Sharing

Copy URL Twitter E-mail

General

Target

94fd128e0a6e83d867fe6a36e945e541608927aa9dff64c844c4e93cba21402c
Size

872KB
MD5

b49f10bb601d8a5c505a65edef89334d
SHA1

30fd4a12fa41f43707798c4a919db611a6e1a623
SHA256

94fd128e0a6e83d867fe6a36e945e541608927aa9dff64c844c4e93cba21402c
SHA512

dadfd872bfa51e3327cdc6fd35ebc13cc28b47a067b0a10ec576e341daaeba9d5c53eb9f8aec7b499e8ed81859be6d3d0cd56c8b7709eb38bd10d7c0dc5cefc8
SSDEEP

12288:eLJge5ZtzMyc4D/gAi6+E9ajudOUOZ/C7wx+4HQfEOQ0SCQPxd/rpTgI9NICPbWJ:eLNIyc4o6ySkasx+AQfHFQxdd0IyE

Score

N/A

Malware Config

Signatures

Files

94fd128e0a6e83d867fe6a36e945e541608927aa9dff64c844c4e93cba21402c
.exe windows x86

d89c153618af3c8f00eefd593e8e434a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msoert2

FIsEmptyA
PszDayFromIndex
CreateTempFileStream
GenerateUniqueFileName
strtrimW
PVGetMsgParam
strtrim
FIsHTMLFileW
fGetBrowserUrlEncoding
CreateTempFile
OpenFileStreamShareW
HrSafeGetStreamSize
FBuildTempPathW
BrowseForFolderW
OpenFileStreamWithFlagsW
IsUpper
MessageBoxInstW
PszMonthFromIndex
HrSetDirtyFlagImpl
HrLPSZToBSTR
AppendTempFileList
_MSG
HrBSTRToLPSZ
HrCreatePhonebookEntry
HrIsStreamUnicode
UlStripWhitespaceW
CleanupGlobalTempFiles
MessageBoxInst
HrStreamSeekBegin
FIsHTMLFile
CreateStreamOnHFile
CleanupFileNameInPlaceW
HrStreamSeekCur
HrGetCertificateParam
PszDupA
ReplaceCharsW
FIsEmptyW
FBuildTempPath
IsValidFileIfFileUrlW
HrCopyStreamCB

odbctrac

TraceSQLDisconnect
TraceSQLCopyDesc
TraceSQLSetStmtAttr
TraceSQLFreeStmt
TraceSQLAllocConnect
TraceSQLDriversW
TraceSQLGetCursorName
TraceSQLPrimaryKeysW
TraceSQLBindCol
TraceSQLSetStmtAttrW
TraceSQLGetInfo
TraceSQLGetStmtOption
TraceSQLSetConnectAttrW
TraceSQLNativeSqlW
TraceSQLDescribeColW
TraceSQLConnectW
TraceSQLProcedureColumnsW
TraceSQLConnect
TraceSQLGetEnvAttr
TraceSQLTablesW
TraceSQLGetConnectAttrW
TraceSQLNativeSql
TraceSQLPrepareW
TraceSQLSetDescRec
TraceSQLForeignKeysW
TraceSQLRowCount
TraceSQLGetData
TraceSQLSpecialColumnsW
TraceSQLGetDescRec
TraceSQLNumResultCols
TraceSQLExecDirect
TraceSQLSetDescField
TraceSQLFreeHandle
TraceSQLExtendedFetch
TraceSQLTransact
TraceSQLTablePrivilegesW
TraceVSControl
TraceSQLColAttributesW
TraceSQLDataSourcesW
TraceSQLDataSources
TraceSQLSetCursorName
TraceSQLProcedureColumns
TraceSQLBrowseConnectW
FireVSDebugEvent
TraceSQLParamData

kernel32

GetThreadPriority
SetConsoleActiveScreenBuffer
LZOpenFileW
SetFileApisToANSI
SetEnvironmentVariableW
WriteFileGather
lstrcmpiW
UnlockFileEx
QueryPerformanceCounter
LocalAlloc
RtlUnwind
VerLanguageNameA
SetConsoleCursorMode
LZOpenFileA
LCMapStringA
SetConsoleOS2OemFormat
GetStartupInfoA
WriteConsoleOutputAttribute
FindNextFileW
GetCurrentThread
SetLocaleInfoA
GetQueuedCompletionStatus
VirtualAlloc
WritePrivateProfileStringA
GetCurrentActCtx
GetConsoleKeyboardLayoutNameW
CreateIoCompletionPort
GetEnvironmentStringsW
LoadLibraryA
GetExitCodeProcess
FileTimeToDosDateTime
GetCompressedFileSizeA

wldap32

ldap_search_s
ldap_extended_operation_sA
ldap_modify_ext_s
ldap_get_next_page
ldap_search_ext_sA
ldap_sasl_bind_sW
ldap_add_ext_sA
ldap_bindW
ldap_modrdn_sW
ldap_abandon
ldap_next_attributeA
ldap_modrdn2_s
ldap_search_stW
ldap_explode_dnA
ldap_count_values
ldap_modrdn
ldap_modrdn2
cldap_openW
ldap_modrdnA
ldap_compare_ext_sW
ldap_search_sA
ldap_parse_sort_control
ldap_extended_operation_sW
cldap_openA
ldap_simple_bind_s
ldap_modify_ext_sA
ldap_rename_extW
ldap_cleanup
ldap_delete_ext
ldap_compare_ext_sA
ldap_simple_bind
ldap_get_valuesW
ldap_modrdnW
ldap_free_controlsA
ldap_memfree
ber_bvfree
ldap_deleteA
ldap_add
ber_skip_tag

olecli32

MfCopy
LeGetUpdateOptions
OleSetBounds
SetNetName
OleQueryOpen
MfCallbackFunc
LeCopyFromLink
GenDraw
LeObjectConvert
ErrQueryOutOfDate
PbCreateInvisible
ErrSetUpdateOptions
OleQueryReleaseStatus
PbCreateFromFile
OleCreateLinkFromClip
OleLoadFromStream
OleQueryName
OleDraw
OleGetData
OleEnumObjects
GenClone
GenGetData
GenRelease
OleRequestData
MfEnumFormat
OleLockServer
PbGetData
OleSetData
DefCreateLinkFromClip
OleObjectConvert
LeSaveToStream
DibChangeData
ObjQueryName
OleSetHostNames
ErrQueryOpen
PbCreateLinkFromFile
LeUpdate
PbCreateFromTemplate
OleSavedClientDoc
OleRelease
MfDraw

msvcirt

?basefield@ios@@2JB
??_Dfstream@@QAEXXZ
?stossc@streambuf@@QAEXXZ
??_Eofstream@@UAEPAXI@Z
?cin@@3Vistream_withassign@@A
??5istream@@QAEAAV0@AAD@Z
?egptr@streambuf@@IBEPADXZ
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
??1ostrstream@@UAE@XZ
?in_avail@streambuf@@QBEHXZ
?seekg@istream@@QAEAAV1@J@Z
?sputbackc@streambuf@@QAEHD@Z
??0iostream@@IAE@ABV0@@Z
?putback@istream@@QAEAAV1@D@Z
??_Dofstream@@QAEXXZ
??1Iostream_init@@QAE@XZ
??0stdiobuf@@QAE@PAU_iobuf@@@Z
??6ostream@@QAEAAV0@J@Z
??_Eostrstream@@UAEPAXI@Z
??5istream@@QAEAAV0@AAM@Z
?underflow@strstreambuf@@UAEHXZ
?unlock@ios@@QAAXXZ
??_Gostream_withassign@@UAEPAXI@Z
??_Dostream@@QAEXXZ
?pbackfail@stdiobuf@@UAEHH@Z
?rdstate@ios@@QBEHXZ

iassdo

DllGetClassObject

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d89c153618af3c8f00eefd593e8e434a

Headers

DLL Characteristics

File Characteristics

Imports

msoert2

odbctrac

kernel32

wldap32

olecli32

msvcirt

iassdo

Sections

.text Size: 188KB - Virtual size: 188KB

.rdata Size: 310KB - Virtual size: 310KB

.data Size: 512B - Virtual size: 1.8MB

.rsrc Size: 372KB - Virtual size: 372KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 188KB - Virtual size: 188KB

.rdata
Size: 310KB - Virtual size: 310KB

.data
Size: 512B - Virtual size: 1.8MB

.rsrc
Size: 372KB - Virtual size: 372KB

.reloc
Size: 1024B - Virtual size: 1024B