aa8cff6c582811e58e5f735b1eeedf1f

Sharing

Copy URL Twitter E-mail

General

Target

aa8cff6c582811e58e5f735b1eeedf1f
Size

160KB
MD5

aa8cff6c582811e58e5f735b1eeedf1f
SHA1

b5218cf881bd02c2329ec8020776b0b3d6cbd173
SHA256

6135f6a876711159117f2b5920147a87415a891be85b9fa997e9c9005307aa44
SHA512

d09d9ad41a789cc6fa06e26b3e1dca9ee3e4fc83181dce5dc60e1312d74c663e7891d70bb6099399bfcc2a4ce0c7d83ef830e48e0d4b289347fd4a688646da48
SSDEEP

3072:7wfpKhbdTz1twuf3y4novRVgKK/+DbkZVnqp2TmckBcG/xsx8nRuLa:7wfCj+wC4noZJK/KkZVn/MZK8nRuL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa8cff6c582811e58e5f735b1eeedf1f

Files

aa8cff6c582811e58e5f735b1eeedf1f
.exe windows:5 windows x86 arch:x86

83f691756c655c72b1e676f68e64db8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbccp32

SQLWritePrivateProfileStringW
SQLInstallDriverManagerW
SQLInstallerError
SQLGetTranslatorW
SQLInstallTranslator
SQLInstallDriverEx
SQLWriteDSNToIniW
SQLLoadDriverListBox
SQLSetConfigMode
SQLInstallDriverExW
SQLInstallODBC
SQLPostInstallerError
SQLRemoveDSNFromIni
SQLInstallTranslatorExW
SQLConfigDriver
SQLGetInstalledDrivers
SQLGetPrivateProfileString
SQLPostInstallerErrorW
SQLCreateDataSource
SQLCreateDataSourceEx
SQLInstallDriverManager
SQLGetAvailableDrivers
SQLConfigDataSource
SQLRemoveTranslator
SQLConfigDataSourceW

msoert2

HrIStreamToBSTR
CreateTempFile
OpenFileStreamShare
PszDupW
CleanupFileNameInPlaceW
PszAllocW
IsUpper
CreateStreamOnHFileW
FIsEmptyW
HrBSTRToLPSZ
OpenFileStreamWithFlagsW
PszScanToCharA
IVoidPtrList_CreateInstance
UlStripWhitespace
HrGetBodyElement
HrCheckTridentMenu
OpenFileStream
CryptFreeFunc
HrStreamSeekSet
WriteStreamToFile
CopyRegistry
WriteStreamToFileW
HrCopyStreamCBEndOnCRLF
OpenFileStreamW
UnlocStrEqNW
HrIsStreamUnicode
FIsSpaceW
ReplaceChars
HrFindInetTimeZone
CryptAllocFunc
CleanupFileNameInPlaceA
CreateSystemHandleName
HrCopyStreamCB
strtrimW
DeleteTempFile
StrToUintW
HrSafeGetStreamSize
CreateEnumFormatEtc
FIsHTMLFileW
HrGetStreamPos
OpenFileStreamShareW
CchFileTimeToDateTimeW

mswsock

rexec
NPLoadNameSpaces
EnumProtocolsA
dn_expand
rcmd
GetServiceA
s_perror
GetTypeByNameW
GetNameByTypeA
MigrateWinsockConfiguration
StartWsdpService
getnetbyname
NSPStartup
WSPStartup
GetAddressByNameW
GetServiceW
GetAcceptExSockaddrs
AcceptEx
GetTypeByNameA
SetServiceW
inet_network
TransmitFile
sethostname
rresvport
GetNameByTypeW
WSARecvEx
StopWsdpService
SetServiceA
EnumProtocolsW
GetAddressByNameA

kernel32

FreeLibraryAndExitThread
InterlockedExchangeAdd
GetOEMCP
VirtualAlloc
TlsGetValue
GetSystemWindowsDirectoryA
FindActCtxSectionStringA
GetConsoleKeyboardLayoutNameW
FreeUserPhysicalPages
IsWow64Process
SetCurrentDirectoryW
LoadLibraryA
DeleteTimerQueueEx
IsValidLocale
GetSystemDirectoryW
LocalAlloc
AreFileApisANSI
LeaveCriticalSection
SetProcessWorkingSetSize
SwitchToThread
DeleteCriticalSection
ReplaceFileA
WriteConsoleInputA
GetConsoleAliasA
GetTapeStatus
OpenConsoleW
EnterCriticalSection
FillConsoleOutputAttribute
SetConsoleCtrlHandler
RegisterWaitForSingleObject
FileTimeToSystemTime
WriteFileGather
CopyFileExA
GetPrivateProfileStructA

winmm

mciGetErrorStringW
midiStreamOut
midiOutCacheDrumPatches
midiOutCachePatches
midiOutGetDevCapsW
waveOutWrite
sndPlaySoundA
waveOutPrepareHeader
mixerClose
waveOutGetErrorTextA
midiOutGetDevCapsA
WOW32ResolveMultiMediaHandle
mmioDescend
mciSendCommandA
mixerGetDevCapsW
midiStreamClose
midiInGetErrorTextW
midiDisconnect
midiOutGetNumDevs
mmGetCurrentTask
PlaySound
mxd32Message
mmioAscend
mmioSeek
mciGetYieldProc
mmTaskBlock

lz32

LZOpenFileA
CopyLZFile
LZStart
LZRead
LZCreateFileW
LZClose
LZDone
GetExpandedNameA
LZOpenFileW
LZCopy
LZSeek
LZCloseFile
GetExpandedNameW
LZInit

msvcrt

__set_app_type
exit
__p__commode
__getmainargs

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83f691756c655c72b1e676f68e64db8d

Headers

DLL Characteristics

File Characteristics

Imports

odbccp32

msoert2

mswsock

kernel32

winmm

lz32

msvcrt

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 12KB - Virtual size: 178KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 12KB - Virtual size: 178KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB