de22e7f162f56ded157ca02a804646d4

Sharing

Copy URL Twitter E-mail

General

Target

de22e7f162f56ded157ca02a804646d4
Size

84KB
MD5

de22e7f162f56ded157ca02a804646d4
SHA1

95a3f12afc9db25228dc224f4c44420ff1a7482e
SHA256

62f82efabc54446214c0e9e298ab1aad69dc045c83a575e219c338626fa8801b
SHA512

ed5e6ee65abbde5ad4ef3af27983828470ca48b2bc9cd7525a2b1c9b60b399801b35189590f62baf920240f332ca226cf19b8127fdcb2008b4894bf3d6541560
SSDEEP

1536:Vq8sJ2007xR9ON/+JuoDfig62EIxadqiCUFXC6WNP/STGh+ltM5azFYuIeCtYVSx:wTJD07xR9iW0oDfsdR5E6ySTGEliGw0Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de22e7f162f56ded157ca02a804646d4

Files

de22e7f162f56ded157ca02a804646d4
.exe windows:5 windows x86 arch:x86

2afa3311476efb7b1ec4d363114dd39d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbcbcp

bcp_readfmtA
SQLGetNextEnumeration
SQLLinkedCatalogsA
bcp_initW
bcp_initA
bcp_readfmtW
bcp_control
bcp_writefmtW
bcp_setcolfmt
SQLInitEnumServers
bcp_colfmt

kernel32

DisableThreadLibraryCalls
DeactivateActCtx
SetMailslotInfo
GetLastError
HeapCreate
GetLocaleInfoW
GetNamedPipeInfo
ConvertDefaultLocale
LoadLibraryA
LockFile
GetConsoleTitleW
MoveFileWithProgressW
WriteConsoleInputVDMA
SetComPlusPackageInstallStatus
CallNamedPipeW
GetCurrentThreadId
CreateEventW
GetSystemTimeAsFileTime
SetErrorMode
GetConsoleAliasesLengthW
GetProcessTimes
GetTickCount
GetLongPathNameW
VirtualAlloc
VirtualQuery
GetCurrentProcessId
EraseTape
QueryPerformanceCounter
lstrcatA
GetStartupInfoA
SetConsoleScreenBufferSize

cmutil

SzToWzWithAlloc
CmLoadSmallIconA
?SetRegPath@CIniW@@QAEXPBG@Z
?GPPS@CIniA@@QBEPADPBD00@Z
?Clear@CmLogFile@@QAEXH@Z
?Start@CmLogFile@@QAEJH@Z
??_FCIniW@@QAEXXZ
?SetEntryFromIdx@CIniW@@QAEXK@Z
?SetICSDataPath@CIniA@@QAEXPBD@Z
?SetRegPath@CIniA@@QAEXPBD@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
?LoadSection@CIniA@@QBEPADPBD@Z
CmConvertRelativePathW
?GetRegPath@CIniA@@QBEPBDXZ
SzToWz
?GetPrimaryRegPath@CIniA@@QBEPBDXZ
?SetICSDataPath@CIniW@@QAEXPBG@Z
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z

winmm

wid32Message
joy32Message
mmioSendMessage
mciGetYieldProc
mmioInstallIOProcA
aux32Message
mciDriverNotify
joyGetDevCapsA
midiStreamProperty
mixerMessage
midiStreamOut
CloseDriver
waveOutGetNumDevs
mciExecute
PlaySound
midiInGetErrorTextW
midiOutMessage
auxGetDevCapsW
midiStreamPause
midiOutGetNumDevs
mixerSetControlDetails
waveInClose
midiInGetDevCapsW
waveOutGetPosition
waveOutPause
waveOutSetVolume
midiInUnprepareHeader
mciGetErrorStringW
waveOutClose
joyGetPos
midiOutReset
timeSetEvent
timeKillEvent
mmTaskYield
GetDriverModuleHandle
auxSetVolume
midiStreamRestart
waveInStop
joySetThreshold

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2afa3311476efb7b1ec4d363114dd39d

Headers

DLL Characteristics

File Characteristics

Imports

odbcbcp

kernel32

cmutil

winmm

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 21KB - Virtual size: 30KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 244B

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 21KB - Virtual size: 30KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 244B