c8bba893654d46cd494ed06050b219d8

Sharing

Copy URL Twitter E-mail

General

Target

c8bba893654d46cd494ed06050b219d8
Size

85KB
MD5

c8bba893654d46cd494ed06050b219d8
SHA1

185d83d3dfeb2057b6abdbc3cc45bef2bac4b88d
SHA256

d027f433458fd4bdd6bfcc6063602087b6e96bc65e4f87f6dda61f4fbabd67e9
SHA512

fa11f5cc242801d6031f28ab4d28a56d0039970abcb11fe439f04e38719346c3cbb45c5996f973a675fad6387fcaf0cf7b9d54e09e58db403f32bb1552d8d43c
SSDEEP

1536:hGY73mgC1j3pK0K0HX192FFTBAZdXBjVN0D8UiR5fIY:5LmgC1jZrN192H9AZdBchY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8bba893654d46cd494ed06050b219d8

Files

c8bba893654d46cd494ed06050b219d8
.exe windows:5 windows x86 arch:x86

88892dc242e3fad1c71e76a15cdfd501

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumerateLocalComputerNamesW
VirtualAlloc
GetCurrentThreadId
lstrcat
GetShortPathNameW
TerminateJobObject
SetComputerNameA
GetLastError
GetTickCount
GetNamedPipeInfo
GetCurrentProcessId
DisconnectNamedPipe
PrivMoveFileIdentityW
GetExpandedNameW
GetConsoleInputExeNameA
LoadLibraryA
GetStartupInfoA
HeapCreate
GetSystemTimeAsFileTime
FindFirstFileW
QueryPerformanceCounter

odbcbcp

bcp_batch
bcp_colfmt
bcp_bind
bcp_collen
bcp_moretext
bcp_readfmtA
SQLLinkedServers
dbprtypeW
bcp_colptr
bcp_readfmtW
bcp_initA
SQLInitEnumServers
dbprtypeA
SQLLinkedCatalogsA
bcp_done
bcp_writefmtA
bcp_columns
bcp_writefmtW
LibMain
SQLCloseEnumServers
bcp_setcolfmt
bcp_control

msvcrt20

_mbscpy
_chmod
qsort
??_8fstream@@7Bistream@@@
??_Gstdiostream@@UAEPAXI@Z
??_Eostream_withassign@@UAEPAXI@Z
_wspawnlp
?opfx@ostream@@QAEHXZ
??1strstreambuf@@UAE@XZ
?setmode@filebuf@@QAEHH@Z
??0ifstream@@QAE@H@Z

advapi32

SystemFunction024
CryptGetHashParam
GetAuditedPermissionsFromAclA
ObjectCloseAuditAlarmA
AccessCheckByTypeAndAuditAlarmW
InitializeAcl
RegCreateKeyW
RegConnectRegistryA
DeleteAce
AccessCheckByTypeResultList
MD4Final
LsaCreateTrustedDomain
QueryServiceConfigA
WmiSetSingleItemA
OpenProcessToken
CryptEnumProviderTypesW
QueryTraceA
SetEntriesInAccessListA
CredWriteW

msvcp60

?exp@std@@YA?AV?$complex@O@1@ABV21@@Z
??_F?$complex@O@std@@QAEXXZ
?max@?$numeric_limits@G@std@@SAGXZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPADD@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??_Fctype_base@std@@QAEXXZ
_LDtest
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88892dc242e3fad1c71e76a15cdfd501

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

odbcbcp

msvcrt20

advapi32

msvcp60

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 17KB - Virtual size: 72KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 280B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 17KB - Virtual size: 72KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 280B