0cc7d19717a9181649647d2363289502

Sharing

Copy URL Twitter E-mail

General

Target

0cc7d19717a9181649647d2363289502
Size

359KB
MD5

0cc7d19717a9181649647d2363289502
SHA1

3c4a9495e7a0af335ab34bf3527254d9004f6d3e
SHA256

b2d836d250de719aabb185678800862b934a6ee34fb4bb4f97a7dee6d7afe62d
SHA512

724384444b037ca93185ad3f39b759870063b1fc459ee1ce91c24cf91ad41d74accecb176d4739fb4692d8db4b2d26c68623d8693f2dc0b2a9cce0b0f040be75
SSDEEP

6144:PzGyuUmL+Xx14Gf8vD9zJo3gifHL/8XWHCFKew02Z101nGjKoPMQ9UcBuNXId:PzRuUPLe19Xxw5xZWQ9BBkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cc7d19717a9181649647d2363289502

Files

0cc7d19717a9181649647d2363289502
.exe windows:5 windows x86 arch:x86

303f5c61556fb62a8ffc833d318f534c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cmutil

?LoadEntry@CIniW@@IBEPAGPBG@Z
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
SzToWz
?WPPB@CIniA@@QAEXPBD0H@Z
?SetEntry@CIniW@@QAEXPBG@Z
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
?GetPrimaryFile@CIniA@@QBEPBDXZ
?GetSection@CIniA@@QBEPBDXZ
??4CmLogFile@@QAEAAV0@ABV0@@Z
?WPPS@CIniW@@QAEXPBG00@Z
?LoadEntry@CIniA@@IBEPADPBD@Z
?CIni_SetFile@CIniA@@KGXPAPADPBD@Z
??_FCIniW@@QAEXXZ
WzToSzWithAlloc
CmStripFileNameW
?SetEntry@CIniA@@QAEXPBD@Z
?SetPrimaryFile@CIniW@@QAEXPBG@Z
CmStrchrW
CmParsePathW
CmStrtokA
?GetLogFilePath@CmLogFile@@QAEPBGXZ
CmAtolA
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
?LoadSection@CIniW@@QBEPAGPBG@Z
CmLoadImageW
?GetFile@CIniW@@QBEPBGXZ
?SetParams@CmLogFile@@QAEJHKPBD@Z
?IsEnabled@CmLogFile@@QAEHXZ
?FormatWrite@CmLogFile@@AAEXW4_CMLOG_ITEM@@PAG@Z
?Clear@CIniA@@QAEXXZ
??_FCIniA@@QAEXXZ
?Init@CRandom@@QAEXK@Z
?GetPrimaryRegPath@CIniA@@QBEPBDXZ

kernel32

GetTempFileNameA
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedExchange
GetConsoleAliasExesLengthW
GlobalFindAtomW
InitAtomTable
GetModuleHandleW
GetStringTypeExA
LoadLibraryA
DeviceIoControl
GetStartupInfoW
HeapWalk
SetTimeZoneInformation
CreateMutexA
CommConfigDialogW
LoadModule
HeapFree
RtlZeroMemory
GetConsoleCursorMode
OutputDebugStringA
GetModuleHandleExA
SetSystemPowerState
IsDebuggerPresent
GetConsoleInputExeNameA
SetMailslotInfo
GetConsoleCP
GetSystemDirectoryW
OpenMutexA
GetFirmwareEnvironmentVariableA
HeapReAlloc
GetGeoInfoA
VirtualAlloc
BeginUpdateResourceW
AddLocalAlternateComputerNameA
IsBadCodePtr
SetupComm
FindFirstFileExA
EnumDateFormatsA
GetStringTypeExW
HeapSetInformation
LocalShrink
SetSystemTime
GetDiskFreeSpaceW

sqlwoa

_tsystem
_CreateWindowEx@48
_SetWindowText@8
_CommDlg_OpenSave_GetFilePath@12
_MoveFile@8
_LoadLibrary@4
_SetWindowLong@12
_DefWindowProc@16
_FreeEnvironmentStrings@4
_PeekMessage@20
_DeleteFile@4
_LoadCursor@8
_GetTextExtentPoint@16
_GetTextMetrics@8
_GetSaveFileName@4
_LoadString@16
_ExtTextOut@32
_CallWindowProc@20
_SendMessage@16
_CharLower@4
_GetProp@8
_GetWindowLong@8
newMultiByteFromWideCharEx
_LoadMenu@8
_MAKEINTRESOURCE@4
_WinHelp@16
_GetWindowText@12
_GetObject@12
newWideCharFromMultiByte
_SetProp@12
AllocConvertMultiSZNameToA
_SetDlgItemText@12
ConvertMultiSZNameToW
newMultiByteFromWideChar
_GetWindowTextLength@4
_CommDlg_OpenSave_GetSpec@12

sqlsrv32

SQLSetConnectAttrW
SQLNumParams
SQLBulkOperations
SQLNumResultCols
TestDlgProc
SQLFreeHandle
ConnectDlgProc
SQLMoreResults
SQLFetchScroll
SQLGetDiagFieldW
SQLDisconnect
BCP_moretext
SQLSetPos
SQLGetDescFieldW
SQLPutData
BCP_batch
SQLExtendedFetch
SQLSetScrollOptions
BCP_readfmt
SQLGetDescRecW
BCP_setcolfmt
SQLDescribeColW
BCP_bind
SQLGetTypeInfoW
BCP_control

winscard

SCardListInterfacesW
SCardReleaseStartedEvent
SCardReleaseContext
SCardConnectW
SCardSetAttrib
SCardForgetReaderGroupW
g_rgSCardRawPci
SCardLocateCardsByATRA
SCardIntroduceCardTypeA
SCardListCardsW
SCardReleaseNewReaderEvent
SCardListReadersW
SCardGetProviderIdA
SCardAddReaderToGroupW
SCardLocateCardsA
SCardListReaderGroupsA
SCardGetCardTypeProviderNameA
SCardListReadersA
SCardForgetCardTypeA
SCardLocateCardsW
SCardAccessStartedEvent
SCardIntroduceReaderW
SCardAccessNewReaderEvent
SCardListCardsA
SCardDisconnect
SCardControl
SCardRemoveReaderFromGroupA
SCardState
SCardListReaderGroupsW
SCardReleaseAllEvents
ClassInstall32
SCardForgetReaderGroupA
SCardGetStatusChangeA
SCardIntroduceReaderGroupA
SCardGetCardTypeProviderNameW
SCardIntroduceReaderGroupW
SCardSetCardTypeProviderNameA
SCardForgetReaderW
SCardGetStatusChangeW
SCardIsValidContext
SCardReconnect
SCardListInterfacesA
SCardFreeMemory

wdigest

CredentialUpdateNotify
CredentialUpdateFree
CredentialUpdateRegister
SpUserModeInitialize
SpLsaModeInitialize
SpInitialize
SpInstanceInit

gdi32

EngDeletePath
SetStretchBltMode
GetCharWidthA
CreateRectRgn
GdiQueryTable
DdEntry12
DdEntry49
GetOutlineTextMetricsA
DdEntry16
GdiEntry1
ResetDCW
EngCreateSemaphore
EnableEUDC
FrameRgn
GdiPlayDCScript
GetFontUnicodeRanges
StretchBlt
DdEntry44
DPtoLP
PATHOBJ_vEnumStart
GetRelAbs
GetDIBits
GdiGetBatchLimit
GetPolyFillMode
XLATEOBJ_cGetPalette
EngLoadModule
GetCharWidthFloatW
TranslateCharsetInfo
GetGlyphOutlineA
EngUnlockSurface
SelectObject
GdiAddGlsBounds
GetTextMetricsA
Chord

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

303f5c61556fb62a8ffc833d318f534c

Headers

DLL Characteristics

File Characteristics

Imports

cmutil

kernel32

sqlwoa

sqlsrv32

winscard

wdigest

gdi32

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 119KB - Virtual size: 119KB

.data Size: 145KB - Virtual size: 569KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 145KB - Virtual size: 569KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1KB - Virtual size: 1KB