bab4a1e9d437af4a147b73c5a5d122b3

Sharing

Copy URL Twitter E-mail

General

Target

bab4a1e9d437af4a147b73c5a5d122b3
Size

143KB
MD5

bab4a1e9d437af4a147b73c5a5d122b3
SHA1

7805a242f09ebb8b15a9001f97a58c099e4c160c
SHA256

0a25737d7ac75151daf453b415a3d7315d88a2998769824b6612e70ba8d4843c
SHA512

26832f62bd1fc1627f4e30f6bf19423fbfb9c69845e3713c60fa86006203cb04550631fb13d345afa83b8b136d10be7dafb48ee0e68f222368fa48e3ca50d455
SSDEEP

3072:E8kfMunJdVF+S7RSuKnXeOrK+6sk7vBqYe45BCzB5xQj5i9n:E8kVnJESwuKnOKK+6b7LWB5EY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bab4a1e9d437af4a147b73c5a5d122b3

Files

bab4a1e9d437af4a147b73c5a5d122b3
.exe windows:5 windows x86 arch:x86

1d002ec1970312dd4d5885d37d689802

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_CreateSemaphore_@16
_DlgDirSelectEx_@16
_QueryDosDevice_@12
_TranslateAccelerator@12
_CreateFont@56
_CreateDirectoryEx_@12
_FindFirstFile_@8
_GetEnhMetaFile_@4
_CreateFileMapping_@24
_CharLowerBuff_@8
_IsCharUpper_@4
_CharPrev_@8
_GetModuleHandle_@4
_GetShortPathName_@12
_MessageBoxIndirect_@4
_OpenBackupEventLog_@8
_FatalAppExit_@8
_FindWindowEx_@16
_GrayString_@36
_NDdeGetErrorString_@12
_wvsprintf_@12
_GetTextExtentPoint@16
_DialogBoxIndirectParam_@20
_ChangeServiceConfig_@44
_CharNext_@4
_CreateScalableFontResource_@16
_NDdeSetShareSecurity_@16
_BeginUpdateResource_@8
_UpdateResource_@24
_WritePrivateProfileSection_@12

wininet

FtpRenameFileW
RetrieveUrlCacheEntryFileW
InternetQueryDataAvailable
FtpRemoveDirectoryW
ShowCertificate
GopherOpenFileA
FtpPutFileA
FindNextUrlCacheGroup
InternetWriteFile
UrlZonesDetach
FtpCommandA
SetUrlCacheGroupAttributeW
InternetCombineUrlA
InternetSecurityProtocolToStringA
FtpGetFileA

odbctrac

TraceSQLGetTypeInfo
TraceSQLBindParameter
TraceSQLPrimaryKeysW
TraceSQLExecDirectW
TraceSQLTransact
TraceSQLDriverConnectW
TraceSQLGetInfoW
TraceSQLSetPos
TraceSQLGetDiagRec
TraceSQLDrivers
TraceSQLColAttributesW
TraceSQLGetStmtAttr
TraceSQLSetDescRec
TraceSQLCloseCursor
TraceSQLDisconnect
TraceSQLColumnPrivileges
TraceSQLGetDiagRecW
TraceSQLGetConnectAttrW
TraceSQLGetConnectOption
TraceSQLAllocConnect
TraceSQLTablePrivileges
TraceSQLExecDirect
TraceSQLMoreResults
TraceSQLDescribeColW
TraceSQLDataSourcesW
TraceSQLFreeConnect

msdart

?WriteUnlock@CReaderWriterLock@@QAEXXZ
?_H1@CLKRLinearHashTable@@ABEKK@Z
?IsValid@CLKRLinearHashTable@@QBE_NXZ
mpCalloc
?_RemoveThisFromGlobalList@CLKRLinearHashTable@@AAEXXZ
?ReadLock@CFakeLock@@QAEXXZ
?sm_wDefaultSpinCount@CCritSec@@1GA
?GetStatistics@CLKRLinearHashTable@@QBE?AVCLKRHashTableStats@@XZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?ReadUnlock@CLKRHashTable@@QBEXXZ
?_Unlock@CSpinLock@@AAEXXZ
?SetDefaultSpinAdjustmentFactor@CFakeLock@@SGXN@Z
?IsWin9x@CMdVersionInfo@@SAHXZ
??1CCritSec@@QAE@XZ

hhsetup

?bIsVisable@CFolder@@QAEHXZ
?AddChildFolder@CFolder@@QAEPAV1@PBGKPAKG@Z
?GetCollectionFileName@CCollection@@QAEPBDXZ
?SetVolume@CLocation@@QAEXPBD@Z
?GetLanguage@CFolder@@QAEGXZ
?GetTitleW@CFolder@@QAEPBGXZ
?SetMasterCHM@CCollection@@QAEXPBDG@Z
??4CTitle@@QAEAAV0@ABV0@@Z
?GetVisableRootFolder@CCollection@@QAEPAVCFolder@@XZ
?RemoveAll@CPointerList@@QAEXXZ
?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?GetNextLocation@CLocation@@QAEPAV1@XZ
?SetSampleLocation@CCollection@@QAEXPBD@Z
?Release@CCollection@@AAEKXZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?GetId@CTitle@@QAEPADXZ

secur32

QuerySecurityContextToken
LsaGetLogonSessionData
LsaFreeReturnBuffer
SaslGetProfilePackageW
TranslateNameW
QuerySecurityPackageInfoW
LsaRegisterPolicyChangeNotification
DecryptMessage
CredUnmarshalTargetInfo
EnumerateSecurityPackagesA
SaslInitializeSecurityContextW
SaslEnumerateProfilesW
LsaConnectUntrusted
AcquireCredentialsHandleW
SaslInitializeSecurityContextA

kernel32

ZombifyActCtx
SwitchToFiber
GlobalAlloc
GetComputerNameExA
QueryDosDeviceW
EnumerateLocalComputerNamesW
LoadLibraryW
GetConsoleWindow
MapViewOfFile
DebugSetProcessKillOnExit
RemoveDirectoryA
OutputDebugStringW
ReadConsoleInputExA
GlobalFindAtomW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d002ec1970312dd4d5885d37d689802

Headers

File Characteristics

Imports

sqlunirl

wininet

odbctrac

msdart

hhsetup

secur32

kernel32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 100KB - Virtual size: 100KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 2KB - Virtual size: 2KB