1030757705c66d8a3b3f8476b6dc5a99

Sharing

Copy URL Twitter E-mail

General

Target

1030757705c66d8a3b3f8476b6dc5a99
Size

29KB
MD5

1030757705c66d8a3b3f8476b6dc5a99
SHA1

9cc2e76d74357438a39d36a659faf14043352f73
SHA256

147d44d72e868ef941b5fda35bd396c667d2915fd88cdc976f6c4cd3219efaff
SHA512

544b9382c0e6976c9cfdabb674a515d01875c4179eb0264775f26b0c2efc88e9c894f9fe7f1e0548fc736139f50e4855ef0dfb546873266a95a931ae0858ec56
SSDEEP

768:NKTcZqLUs8i25q3xYJW6adpQHUI3tqpVFZ:QTDLp8VcBYAdpQHUI3tqr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1030757705c66d8a3b3f8476b6dc5a99

Files

1030757705c66d8a3b3f8476b6dc5a99
.exe windows:5 windows x86 arch:x86

fb2f6b5b02ed29748a57143c907824d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreateDirectoryObject
RtlProtectHeap
RtlUniform
ZwQuerySystemEnvironmentValue
NtQueryValueKey
NtMapUserPhysicalPagesScatter
RtlQueryHeapInformation
RtlComputePrivatizedDllName_U
NtReadRequestData
RtlGetNativeSystemInformation
RtlCreateEnvironment
RtlNewSecurityObjectEx
ZwLockVirtualMemory
NtAddAtom
RtlFreeOemString
ZwQuerySystemInformation
NtSaveKeyEx
ZwCancelIoFile
ZwSignalAndWaitForSingleObject
RtlDnsHostNameToComputerName
NtQuerySymbolicLinkObject
RtlIpv6StringToAddressA
RtlConvertSidToUnicodeString
strtoul
NtSuspendProcess
RtlResetRtlTranslations
NtSetBootOptions
ZwGetContextThread
NtOpenProcess
RtlDestroyProcessParameters
NtSaveKey
NtConnectPort
RtlGenerate8dot3Name
RtlSetSaclSecurityDescriptor
ZwGetWriteWatch
qsort
wcsspn
ZwQueryTimerResolution
ZwAccessCheckAndAuditAlarm
LdrFindEntryForAddress
RtlImageDirectoryEntryToData
ZwSetInformationProcess
ZwOpenJobObject
iswlower
CsrCaptureMessageMultiUnicodeStringsInPlace
ZwFindAtom
ZwRequestWaitReplyPort
RtlFreeHandle
RtlActivateActivationContext
ZwQueryInformationJobObject
RtlpNtSetValueKey
NtReadFileScatter
ZwSetDebugFilterState
RtlDeleteRegistryValue
log
NtQueryVirtualMemory
ZwClearEvent
RtlIsValidHandle
NtCreateEventPair
atol
RtlGetSaclSecurityDescriptor
ZwReadFile
RtlAddAccessDeniedAce
NtSetContextThread
RtlDebugPrintTimes
RtlImpersonateSelf
RtlUnicodeStringToOemSize
NtOpenKey
LdrFindResourceEx_U
ZwQueryFullAttributesFile
RtlSizeHeap
NtDeleteAtom
ZwCreateToken
ZwLockRegistryKey
PfxInitialize
RtlRegisterSecureMemoryCacheCallback
ZwCreateDirectoryObject
RtlAppendUnicodeStringToString
NtAccessCheckByTypeResultList
RtlAllocateHandle
RtlCaptureStackBackTrace
ispunct
ZwCreateEvent
LdrAddRefDll
ZwQuerySymbolicLinkObject
CsrFreeCaptureBuffer
RtlDumpResource
RtlxUnicodeStringToOemSize
ZwMakePermanentObject
CsrClientCallServer
NtQueryObject
VerSetConditionMask
ZwCreateKeyedEvent
ZwVdmControl
RtlDeregisterWait
NtQueryEaFile
NtVdmControl
NtQueryTimerResolution
NtSetInformationObject
_ultoa
RtlZeroHeap
RtlGetLengthWithoutLastFullDosOrNtPathElement
ZwCreateKey
NtMapUserPhysicalPages
NtQueryInformationProcess
RtlSetAttributesSecurityDescriptor
RtlSetUserValueHeap
strcat
_CIlog
RtlCreateTimer
RtlUnlockHeap
KiUserExceptionDispatcher
_CIpow
RtlSystemTimeToLocalTime
ZwSetInformationThread

msvcrt40

??_Eostrstream@@UAEPAXI@Z
??0ostrstream@@QAE@XZ
??0ifstream@@QAE@H@Z
??0fstream@@QAE@ABV0@@Z
?setf@ios@@QAEJJ@Z
putwchar
??_Glogic_error@@UAEPAXI@Z
memcmp
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
ferror
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
??1streambuf@@UAE@XZ
??0ostrstream@@QAE@PADHH@Z
?x_maxbit@ios@@0JA
_strlwr
_mbscpy
??6ostream@@QAEAAV0@C@Z
getenv
_wctime
?unlockc@ios@@KAXXZ
?clog@@3Vostream_withassign@@A
?in_avail@streambuf@@QBEHXZ
fputwc
_wunlink
scanf
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
vfwprintf
?_query_new_handler@@YAP6AHI@ZXZ
??0iostream@@IAE@XZ
?sunk_with_stdio@ios@@0HA
??0ifstream@@QAE@XZ
??5istream@@QAEAAV0@PAD@Z

sqlwoa

_DeleteFile@4
_CharUpper@4
_CommDlg_OpenSave_GetFilePath@12
_SetWindowText@8
_LoadString@16
_trename
_GetDiskFreeSpaceEx@16
_CreateDialogIndirectParam@20
_GetWindowText@12
newMultiByteFromWideChar
_SetWindowLong@12
_GetVersionEx@4
_SendMessage@16
_RemoveProp@8
_tfopen
_MoveFile@8
_GetDlgItemText@16
AllocConvertMultiSZNameToA
newMultiByteFromWideCharSize
_FreeEnvironmentStrings@4
_CharLower@4
_MAKEINTRESOURCE@4
_GetTextExtentPoint@16
_LoadBitmap@8
_IsDialogMessage@8
_GetTextMetrics@8
_FormatMessage@28
_DefWindowProc@16
_LoadLibrary@4
newMultiByteFromWideCharEx
_CreateFont@56

kernel32

FindResourceW
GetConsoleCommandHistoryLengthA
GetLastError
GenerateConsoleCtrlEvent
GetConsoleCharType
GetConsoleCommandHistoryW
GetExitCodeThread
FreeEnvironmentStringsW
RegisterWowExec
EnumResourceNamesA
QueryPerformanceCounter
SetTermsrvAppInstallMode
SetFirmwareEnvironmentVariableW
SetErrorMode
GetStringTypeExW
MapViewOfFileEx
RemoveVectoredExceptionHandler
VerSetConditionMask
VirtualAlloc
ResetEvent
GetVolumePathNameW
SetConsoleHardwareState
CreateActCtxA
OpenSemaphoreA
Heap32Next
SetWaitableTimer
VirtualLock

sqlunirl

_SHGetFileInfo_@20
_UnregisterClass_@8
_DlgDirListComboBox_@20
_NDdeIsValidShareName_@4
_LoadMenuIndirect_@4
_CharPrev_@8
_GetFileAttributes_@4
_GetCharABCWidths_@16
_NDdeGetErrorString_@12
AbortSystemShutdown_
_ShellExecute_@24
_CreateEvent_@16
_GlobalAddAtom_@4
_LookupPrivilegeValue_@12
_LoadImage_@24
ConvertMultiSZNameToW
_ChooseColor_@4
_ReplaceText_@4
_CopyEnhMetaFile_@8
_FindText_@4
_GetDefaultCommConfig_@12
_EnumResourceNames_@16
_IsCharAlpha_@4
_CreateProcess_@40
_GlobalFindAtom_@4
_CharNext_@4
_GetFileAttributesEx_@12
_RegEnumValue_@32
__lcreat_@8
_AppendMenu_@16
_ReportEvent_@36
_GetTempFileName_@16
_ChangeMenu_@20
_GetFileTitle@12
_CreateEnhMetaFile_@16
_BuildCommDCB_@8
_PolyTextOut_@12
_trename
_GetFileSecurity_@20

odbcjt32

ConfigDriverW
SQLGetDescFieldW
SQLSetPos
SQLFreeConnect
SQLMoreResults
SQLSetEnvAttr
SQLColumnsW
SQLEndTran
SQLPutData
LoadByOrdinal
SQLCloseCursor
SQLProceduresW
SelectUIdxDlgProc
SQLParamData
SQLGetConnectAttrW
DefTxtFmtDlgProc
SQLProcedureColumnsW
SQLGetData
SQLSetScrollOptions
SQLGetDiagRecW
ConfigDSNExW
SQLAllocEnv
SQLAllocConnect
SQLFetch
SQLBindCol
SQLGetTypeInfoW
SQLFetchScroll
SQLBindParameter
RepairCompactProc
SQLNumResultCols

opengl32

glRasterPos3iv
glGetTexParameterfv
glNewList
glTexCoord4fv
glLoadMatrixd
glDrawElements
glTexCoord1sv
glGetTexLevelParameterfv
glClearDepth
glGetPolygonStipple
glGetTexEnvfv
glPopName
glNormal3f
glEvalCoord2f
glEnd
glVertex4f
glMapGrid2d
glCopyPixels
glEvalPoint1
glGetIntegerv
glSelectBuffer
glRenderMode
glVertex2sv
glCullFace
glRasterPos2f
glTexCoordPointer
glGetPointerv
glTexCoord3s
glIndexdv
wglGetCurrentDC
glIndexPointer
glRasterPos4f
glAccum
glColor3uiv
glColorMaterial
glFlush
glPixelTransferi
glTexCoord3d
glGetTexLevelParameteriv

query

?AddCatalog@CMachineAdmin@@QAEXPBG0@Z
?EndTransaction@CPropStoreManager@@QAEXKHKK@Z
?CreateSubdirs@CMachineAdmin@@QAEXPBG@Z
?Clone@CRestriction@@QBEPAV1@XZ
?SetCD@CCatState@@QAEXPBG@Z
?CoTaskAllocator@@3VCCoTaskAllocator@@A
??0CCategorizationSet@@QAE@ABV0@@Z
SetupCacheEx
?SetUI8@CStorageVariant@@QAEXT_ULARGE_INTEGER@@I@Z
??1CSort@@QAE@XZ
?RequiresFlush@CPhysStorage@@QAEHK@Z
??0CDbColId@@QAE@ABV0@@Z
?DecodeURLEscapes@@YGXPAEAAKPAGK@Z
?Write@CDynStream@@QAEXPAXK@Z
?SetLogonInfo@CScopeAdmin@@QAEXPBG0AAVCCatalogAdmin@@@Z
?Find@CStaticPropertyList@@UAEPBVCPropEntry@@PBG@Z
??1CPropStoreManager@@QAE@XZ
?InitializeForWrite@CDynStream@@QAEXK@Z
?UnMarshall@CDbProp@@QAEHAAVPDeSerStream@@@Z
?ContainsDrive@CDriveInfo@@SGHPBG@Z
CIMakeICommand
??0CLangList@@QAE@PAUICiCLangRes@@K@Z
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?ChangeCurrentDepth@CCatState@@QAEXH@Z
?GetNumber@CQueryScanner@@QAEHAA_JAAH@Z
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?SetScopePropertiesNoThrow@@YGJPAUICommand@@IPBQBGPBK11@Z
??0CPersDeComp@@QAE@AAVPDirectory@@KAAVCPhysIndex@@KHH@Z
??0CTimeLimit@@QAE@KK@Z
?SetLocale@CCatState@@QAEXPBG@Z
??0CDbColumnNode@@QAE@ABUtagDBID@@H@Z
?AppendChild@CDbCmdTreeNode@@IAEXPAV1@@Z
?GetCategory@CCatState@@QBEPBGI@Z
?Shutdown@CWorkQueue@@QAEXXZ
?_FindOrAddAnchor@CDbProjectNode@@AAEPAVCDbProjectListAnchor@@XZ
?IsScopeValid@@YGJPBGIH@Z
?Find@CPropertyList@@UAEPBVCPropEntry@@ABVCDbColId@@@Z
?SetBSTR@CStorageVariant@@QAEXPAGI@Z
?DataWriteRead@CRequestClient@@QAEXPAXK0KAAK@Z
??1CCatalogAdmin@@QAE@XZ

msvcrt

_wcsicmp
getchar
_wfullpath
_tempnam
fgetwc
_putenv
_ismbcgraph
_mbsncoll
??8type_info@@QBEHABV0@@Z
_fpclass
log10
_wsearchenv
??_Gbad_typeid@@UAEPAXI@Z
_fcvt
_getws
_ltoa
_wrename
_findnext64
__p__acmdln
memcpy
_global_unwind2
wcstod
_getdrive
wcscat
wcsncpy
_stricoll
_getw
_localtime64
_heapadd
__crtLCMapStringA
_mktime64
__p__wenviron
??_Ebad_typeid@@UAEPAXI@Z
__threadid
??9type_info@@QBEHABV0@@Z
_vscprintf
__argc

shfolder

SHGetFolderPathW
SHGetFolderPathA

user32

IsIconic
SetScrollPos
MoveWindow
EndDialog

gdi32

RectVisible

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb2f6b5b02ed29748a57143c907824d8

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt40

sqlwoa

kernel32

sqlunirl

odbcjt32

opengl32

query

msvcrt

shfolder

user32

gdi32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 680B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 680B