a289581d8f0d62fa49a9ba77772842e4

Sharing

Copy URL

Twitter E-mail

General

Target

a289581d8f0d62fa49a9ba77772842e4
Size

85KB
MD5

a289581d8f0d62fa49a9ba77772842e4
SHA1

638df1ddeccc6e2cd9b7e6375971142390ddc07b
SHA256

b919e3dbabdb71ed8ab9f0d9ddd61ef132a83a5d90cf2951572ff96de24a90d4
SHA512

2d66fe0555acef3b2a3b7b4e89f95d894896e827f03d4e40b7a3d2ac483db7b02253e4c7283ecad0924d53331660bebf5f7e505bce571e9563ee22e2e2e6e461
SSDEEP

1536:Z7MIllAmhfD9uD2AWex7Y6WctFe6AG7c/QlScwV80N3uT2UdY:te20D2AwctFe6AOMQlZ8tAY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a289581d8f0d62fa49a9ba77772842e4

Files

a289581d8f0d62fa49a9ba77772842e4
.exe windows:5 windows x86 arch:x86

de4eaa709562f9bd00c6702dd0c68fa9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt20

?doallocate@strstreambuf@@MAEHXZ
isxdigit
fwprintf
ungetc
?sputbackc@streambuf@@QAEHD@Z
?is_open@ofstream@@QBEHXZ
?setmode@filebuf@@QAEHH@Z
_mbsninc
ftell
__p__winver
??_Dostrstream@@QAEXXZ

msvcrt40

_wfindnexti64
_isatty
__RTCastToVoid
?set_terminate@@YAP6AXXZP6AXXZ@Z
__isascii
??6ostream@@QAEAAV0@N@Z
??1bad_cast@@UAE@XZ
isprint
??0stdiobuf@@QAE@ABV0@@Z
_mbsnextc
??_8ostream@@7B@
__p___wargv
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
signal
rename
iswdigit

msvcrt

__p__commode
__CxxUnregisterExceptionObject
_lseeki64
_adj_fpatan
memmove
fgetwc
??_7exception@@6B@
_daylight
_CIfmod
system
_strerror
__p___initenv
isprint
_getdrive
__crtLCMapStringW
_spawnvpe
??_Eexception@@UAEPAXI@Z
__getmainargs
_mbsset
_strset
__set_app_type
_ismbckata
bsearch
_CIatan2
_ismbcspace

kernel32

GetLastError
SwitchToFiber
DebugActiveProcess
MoveFileW
GetCurrentThreadId
LoadLibraryA
GetStartupInfoA
SetCriticalSectionSpinCount
HeapCreate
ReadConsoleA
GlobalFindAtomA
OpenProfileUserMapping
BaseUpdateAppcompatCache
SetLocalPrimaryComputerNameA
FindFirstChangeNotificationA
SetEndOfFile
GetConsoleFontSize
QueryPerformanceCounter
LocalFileTimeToFileTime
GetCurrentProcessId
SetThreadContext
GetPrivateProfileIntA
GetSystemTimeAsFileTime
GetTickCount
SetConsoleMenuClose
GetProfileStringA
VirtualAlloc
InitAtomTable
VirtualProtectEx

odbctrac

TraceSQLGetConnectAttr
TraceSQLSpecialColumns
TraceSQLBindParam
TraceSQLSetDescRec
TraceSQLColAttributesW
TraceSQLBindCol
TraceCloseLogFile
TraceSQLProceduresW
TraceSQLForeignKeys
TraceSQLEndTran
TraceSQLProcedures
TraceSQLGetEnvAttr
TraceSQLDataSourcesW
TraceSQLForeignKeysW
TraceSQLGetDiagFieldW
TraceSQLGetConnectOption
TraceSQLNumResultCols
TraceSQLGetConnectAttrW
TraceSQLCopyDesc
TraceSQLPutData

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de4eaa709562f9bd00c6702dd0c68fa9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt20

msvcrt40

msvcrt

kernel32

odbctrac

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 21KB - Virtual size: 52KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 312B

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 21KB - Virtual size: 52KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 312B