c6fa4daed8fabb168bf4233def885095

Sharing

Copy URL Twitter E-mail

General

Target

c6fa4daed8fabb168bf4233def885095
Size

364KB
MD5

c6fa4daed8fabb168bf4233def885095
SHA1

e8eb48e066a27f3fafd6a72d623d067acd13e650
SHA256

8ee8ce49932a1066c6340a38ed51e3df1aee46e74df579575addf689cb055422
SHA512

4dce322a18c0b885b2cf0f9092a0857c93ae2a305f748b104ac41074c5bb8ce4fc5fdebf1c2f69098a0c13b892901bd62e2e7e99bddbda55ba728718d309b0bd
SSDEEP

6144:sABfjbz1CRIOZipKeabUJXpWjOl270HthU6geiQY5i:3fvppwbcpSOTNhU6geNKi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6fa4daed8fabb168bf4233def885095

Files

c6fa4daed8fabb168bf4233def885095
.exe windows:5 windows x86 arch:x86

6c074a043c41547aba22d8e626bc1e19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

DoneFILTERPerformanceData
FsCiShutdown
?Marshall@CVectorRestriction@@QBEXAAVPSerStream@@@Z
?IsCIStarted@CMachineAdmin@@QAEHXZ
?UnMarshall@CDbColId@@QAEHAAVPDeSerStream@@@Z
?MakeLocalICommand@@YGJPAPAUIUnknown@@PAUICiCDocStore@@PAU1@@Z
?RemoveFirstChild@CDbCmdTreeNode@@IAEPAV1@XZ
??0CPersDeComp@@QAE@AAVPDirectory@@KAAVCPhysIndex@@KHH@Z
?Add@CDbSortSet@@QAEHABVCDbColId@@KI@Z
?GetCategory@CCatState@@QBEPBGI@Z
?GetVPathAuthorization@CMetaDataMgr@@QAEKPBG@Z
??0CPhysStorage@@IAE@AAVPStorage@@AAVPStorageObject@@KIPAVPMmStream@@HIH@Z
?GetFileName@CPathParser@@QBEHPAGAAK@Z
?WritePropertyInNewRecord@CPropStoreManager@@QAEKKABVCStorageVariant@@@Z
?InitializeForRead@CDynStream@@QAEXXZ
?GetEntryBuffer@CGenericCiProxy@@QAEPAEAAK@Z
?ReleaseWorkThreads@CWorkQueue@@QAEXXZ
?GetOleDBErrorInfo@@YGJPAUIUnknown@@ABU_GUID@@KIPAUtagERRORINFO@@PAPAUIErrorInfo@@@Z
?PidToRealPid@CPidMapper@@QAEKK@Z
SetCatalogState
?WriteProperty@CPropStoreManager@@QAEJAAVCCompositePropRecordForWrites@@KABVCStorageVariant@@@Z
?QueryCatalogAdmin@CCatalogEnum@@QAEPAVCCatalogAdmin@@XZ
?UnMarshall@CDbPropSet@@QAEHAAVPDeSerStream@@@Z
?FormFullTree@CTextToTree@@QAEPAUtagDBCOMMANDTREE@@XZ
CITextToFullTreeEx
??1CRangeKeyRepository@@UAE@XZ
?ReadProperty@CPropStoreManager@@QAEHKKPAUtagPROPVARIANT@@PAI@Z
?PauseCI@CMachineAdmin@@QAEHXZ
??1CGenericCiProxy@@UAE@XZ

mfcsubs

??M@YG_NPBGABVCString@@@Z
??9@YG_NABVCString@@PBG@Z
??H@YG?AVCString@@ABV0@G@Z
??4CString@@QAEABV0@ABV0@@Z
??ACMapStringToPtr@@QAEAAPAXPBG@Z
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
?Init@CString@@IAEXXZ
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
?ConcatCopy@CString@@IAEXHPBGH0@Z
?MakeUpper@CString@@QAEXXZ
?InsertAt@CStringArray@@QAEXHPAV1@@Z
??0CStringArray@@QAE@XZ
??0CObject@@IAE@XZ
?FindOneOf@CString@@QBEHPBG@Z
??0CString@@QAE@PBG@Z
?MakeReverse@CString@@QAEXXZ
?Create@CPlex@@SGPAU1@AAPAU1@II@Z
?GetBuffer@CString@@QAEPAGH@Z
?Append@CStringArray@@QAEHABV1@@Z
?RemoveAll@CMapStringToPtr@@QAEXXZ
??1CMapStringToPtr@@UAE@XZ
??_7CStringArray@@6B@
?NewAssoc@CMapStringToPtr@@IAEPAUCAssoc@1@XZ
??4CPlex@@QAEAAU0@ABU0@@Z
??YCString@@QAEABV0@ABV0@@Z
??N@YG_NABVCString@@PBG@Z
??O@YG_NPBGABVCString@@@Z

apphelp

SdbGetStandardDatabaseGUID
ApphelpCheckInstallShieldPackage
SdbFindFirstNamedTag
ApphelpCheckIME
SdbReadQWORDTagRef
SdbFindFirstMsiPackage
ApphelpUpdateCacheEntry
SdbCloseApphelpInformation
SdbFindNextTag
SdbGetMsiPackageInformation
SdbReadQWORDTag
SdbGetTagFromTagID
SdbReleaseDatabase
ApphelpShowDialog
SdbReadEntryInformation
SdbFindNextTagRef
SdbGetPermLayerKeys
SdbEnumMsiTransforms
SdbReadBYTETag
ApphelpCheckRunApp
SdbOpenDatabase
SdbGetEntryFlags
GetPermLayers
SdbReadStringTagRef
SdbCreateMsiTransformFile
SdbReadDWORDTag
SdbGetDatabaseVersion
AllowPermLayer
SdbQueryDataEx
SdbGetDatabaseID
SdbQueryData
SdbReadWORDTagRef
SdbFindFirstTag

odbccp32

SQLInstallDriverManagerW
SQLValidDSN
SQLInstallDriverW
SQLInstallODBC
SQLGetPrivateProfileString
SQLGetTranslator
SQLPostInstallerErrorW
SQLRemoveTranslatorW
SQLReadFileDSN
ODBCCPlApplet
SQLCreateDataSourceEx
SQLWritePrivateProfileString
SQLRemoveDriverManager
SQLConfigDataSource
SQLGetConfigMode
SQLInstallerError
SQLInstallTranslator
SQLManageDataSources
SQLRemoveDriverW
SQLCreateDataSourceW
SQLWriteFileDSN
SQLWriteFileDSNW
SQLGetPrivateProfileStringW
SQLPostInstallerError
SQLValidDSNW
SQLRemoveDefaultDataSource
SQLGetTranslatorW
SQLCreateDataSourceExW
SelectTransDlg
SQLRemoveDriver
SQLConfigDataSourceW
SQLInstallTranslatorW
SQLInstallTranslatorExW
SQLWritePrivateProfileStringW
SQLWriteDSNToIni
SQLInstallDriverExW
SQLInstallDriverManager
SQLInstallerErrorW

mprapi

MprConfigInterfaceCreate
MprAdminInterfaceTransportAdd
MprDomainRegisterRasServer
MprAdminInterfaceCreate
MprAdminInterfaceDisconnect
MprInfoBlockQuerySize
MprConfigServerRefresh
MprAdminTransportGetInfo
MprConfigBufferFree
MprAdminUserWriteProfFlags
MprAdminIsDomainRasServer
MprAdminInterfaceSetInfo
MprAdminTransportCreate
MprConfigTransportGetHandle
MprAdminServerSetCredentials
MprInfoBlockFind
MprAdminInterfaceGetHandle
MprInfoDuplicate
MprAdminConnectionClearStats
MprConfigInterfaceGetHandle
MprAdminUpgradeUsers
MprAdminMIBEntrySet
MprAdminUserRead
MprDomainQueryRasServer
MprAdminInterfaceTransportSetInfo
MprAdminInterfaceQueryUpdateResult
MprAdminRegisterConnectionNotification

msvcrt40

_wfindnext
_setmode
_snwprintf
_atoldbl
?is_open@ifstream@@QBEHXZ
_heapset
??0Iostream_init@@QAE@XZ
?put@ostream@@QAEAAV1@D@Z
isxdigit
__doserrno
_fileno
?base@streambuf@@IBEPADXZ
abs
_wcsupr
_adj_fprem
??0ios@@IAE@XZ
mbtowc
_tzname
wcsspn
log10
?_query_new_handler@@YAP6AHI@ZXZ
_wcslwr
?flags@ios@@QBEJXZ
_mbsbtype
?str@strstreambuf@@QAEPADXZ
?setp@streambuf@@IAEXPAD0@Z
??_Eexception@@UAEPAXI@Z
fputwc
_execle
??4exception@@QAEAAV0@ABV0@@Z
_heapmin
??6ostream@@QAEAAV0@PBC@Z
_mbspbrk
_putw
??1filebuf@@UAE@XZ
_ismbcsymbol
remove
??4bad_cast@@QAEAAV0@ABV0@@Z
??0bad_cast@@QAE@ABQBD@Z

kernel32

LZSeek
GetPrivateProfileSectionW
GetConsoleAliasExesA
SetConsoleTextAttribute
SetLocaleInfoA
WriteFileEx
ReadFileScatter
TlsAlloc
FindNextVolumeW
DebugSetProcessKillOnExit
OpenFileMappingW
GetStartupInfoW
WriteConsoleInputVDMW
VirtualAlloc
WriteConsoleInputA
ClearCommBreak
InterlockedFlushSList
GetStringTypeExA
GetCommConfig
GetDiskFreeSpaceA
InterlockedPopEntrySList
WideCharToMultiByte
GetGeoInfoW
_lclose
SetConsoleNumberOfCommandsA
GetConsoleCommandHistoryA
SetSystemTimeAdjustment
CreateProcessInternalA
GetNumberOfConsoleInputEvents
GetModuleHandleW
GetTickCount
GlobalFindAtomW
Thread32Next
GetCommandLineA
GetConsoleHardwareState
QueryPerformanceCounter
GlobalSize
GetConsoleInputExeNameW
LoadLibraryA
ReadDirectoryChangesW
IsProcessInJob
EnumSystemLanguageGroupsW
EnumSystemCodePagesA
IsSystemResumeAutomatic
BuildCommDCBAndTimeoutsW
GetCPInfoExW

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 599KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c074a043c41547aba22d8e626bc1e19

Headers

DLL Characteristics

File Characteristics

Imports

query

mfcsubs

apphelp

odbccp32

mprapi

msvcrt40

kernel32

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 161KB - Virtual size: 599KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 161KB - Virtual size: 599KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 1024B