55e756d3ce6c7901e184d7d54665087dccfc84c729f9257d1bbd077c64ceb4bd

Sharing

Copy URL

Twitter E-mail

General

Target

55e756d3ce6c7901e184d7d54665087dccfc84c729f9257d1bbd077c64ceb4bd
Size

785KB
MD5

a1fea7e0569718e42c0987f42f95288f
SHA1

32601720e93a1d7446efc68c149cf089cbb959e2
SHA256

55e756d3ce6c7901e184d7d54665087dccfc84c729f9257d1bbd077c64ceb4bd
SHA512

198a2efe18f3b920614ac7f2f9a7bcf5bb085cff5d9b73e9d29e832107881735b464ca5d5e801fed60dc8efa1fa330f7b7f0b33da91e67c139dbc00d91c40d4c
SSDEEP

12288:Ttn0VzT6GU2YKUPmHMwKeEpn7TLkJK2B0a1kCSglGDPnWzzuvjkx62MZCTr1JqnJ:Z0EsUPsPfBzBfuvjkzM0Tr1J+uQDPr5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55e756d3ce6c7901e184d7d54665087dccfc84c729f9257d1bbd077c64ceb4bd

Files

55e756d3ce6c7901e184d7d54665087dccfc84c729f9257d1bbd077c64ceb4bd
.dll windows:5 windows x86 arch:x86

ac7bd5146b05a2c5c10abab8f051c1b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\obj\nt_ms_x86_p\dbdata12.pdb

Imports

kernel32

CompareStringA
CompareStringW
GetProcessHeap
FreeLibrary
LoadLibraryA
GetProcAddress
GetLastError
FormatMessageA
CreateMutexA
WaitForSingleObject
ReleaseMutex
IsValidCodePage
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepEx
Sleep
CloseHandle
WaitForSingleObjectEx
SetEvent
CreateEventA
GetCurrentThreadId
GetModuleFileNameA
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
CreateProcessA
GetExitCodeProcess
WaitForMultipleObjects
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
TerminateThread
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
DuplicateHandle
GetCurrentThread
GetCurrentProcess
IsBadReadPtr
MultiByteToWideChar
GetOEMCP
GetACP
WideCharToMultiByte
GetTimeZoneInformation
SystemTimeToFileTime
GetLocalTime
GetTickCount
FileTimeToSystemTime
QueryPerformanceCounter
GetSystemDefaultLangID
IsDBCSLeadByte
GetFileAttributesA
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetComputerNameExA
GetVersionExA
GetModuleHandleA
SetErrorMode
GetFullPathNameA
CreateFileA
LocalFree
VirtualQuery
GetSystemDirectoryA
GetWindowsDirectoryA
GetStdHandle
OpenProcess
GetSystemInfo
GetVersion
GetEnvironmentVariableA
IsDebuggerPresent
DebugBreak
SetCurrentDirectoryA
LocalAlloc
SetLastError
GetCurrentDirectoryA
OpenFileMappingA
OpenMutexA
DisconnectNamedPipe
ReadFile
WriteFile
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeA
SetNamedPipeHandleState
WaitNamedPipeA
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
FindClose
GetDriveTypeA
FindFirstFileA
SetEnvironmentVariableA
ExitThread
ResumeThread
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
InterlockedIncrement
InterlockedDecrement
RaiseException
GetCPInfo
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
TerminateProcess
HeapSize
VirtualAlloc
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateDirectoryA

user32

GetWindowTextLengthA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SetWindowLongA
EndDialog
GetWindowLongA
GetWindowTextA
EnumWindows
DialogBoxParamA
CharUpperA
CharLowerA
IsCharAlphaA
GetForegroundWindow
LoadStringA
LoadStringW
MessageBoxA
GetWindowThreadProcessId
wsprintfW

advapi32

CreateServiceA
InitializeSid
GetSidSubAuthority
AllocateAndInitializeSid
GetKernelObjectSecurity
GetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAce
GetAce
EqualSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetKernelObjectSecurity
FreeSid
RegEnumKeyExA
RegQueryInfoKeyA
RevertToSelf
AccessCheck
MapGenericMask
OpenThreadToken
ImpersonateSelf
GetFileSecurityA
GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
CloseServiceHandle
QueryServiceStatus
QueryServiceConfig2A
StartServiceA
DeleteService
ChangeServiceConfig2A
ControlService
RegEnumKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
LsaClose
LsaEnumerateAccountRights
LsaFreeMemory
LsaOpenPolicy
LsaAddAccountRights
LsaRemoveAccountRights
OpenEventLogA
GetOldestEventLogRecord
ReadEventLogA
CloseEventLog
ChangeServiceConfigA

ws2_32

socket
inet_addr
inet_ntoa
select
setsockopt
getsockopt
recv
send
recvfrom
sendto
getsockname
getpeername
bind
closesocket
accept
WSAGetLastError
WSASetLastError
__WSAFDIsSet
shutdown
ioctlsocket
WSAStartup
WSACleanup
gethostname
gethostbyaddr
gethostbyname
ntohl
ntohs
htonl
htons
listen
connect

shell32

ShellExecuteExA
ord680

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

AsaCommand_BeginExecuteNonQueryDirect
AsaCommand_BeginExecuteReaderDirect
AsaCommand_Cancel
AsaCommand_EndExecuteNonQuery
AsaCommand_EndExecuteReader
AsaCommand_ExecuteNonQuery
AsaCommand_ExecuteReader
AsaCommand_Fini
AsaCommand_FreeOutputParameterValues
AsaCommand_Prepare
AsaConnectionStringParser_Fini
AsaConnectionStringParser_GetParameter
AsaConnectionStringParser_GetParameterCount
AsaConnectionStringParser_Init
AsaConnectionStringParser_ParseConnectionString
AsaConnection_BeginTransaction
AsaConnection_Close
AsaConnection_CloseDataReaders
AsaConnection_DtcEnlist
AsaConnection_GetWhereabouts
AsaConnection_IsAlive
AsaConnection_Open
AsaConnection_SendTransactionCookie
AsaConnection_SetMessageCallback
AsaDataReader_Close
AsaDataReader_FetchRows
AsaDataReader_FreeColumnNames
AsaDataReader_FreeSchema
AsaDataReader_FreeValue
AsaDataReader_FreeValues
AsaDataReader_GetColumnNames
AsaDataReader_GetSchema
AsaDataReader_GetValue
AsaDataReader_GetValueL
AsaDataReader_GetValues
AsaDataReader_HasRows
AsaDataReader_IsDBNull
AsaDataReader_NextResult
AsaDataReader_Read
AsaDataReader_ReadBytes
AsaDataReader_ReadBytesCE
AsaDataReader_ReadChars
AsaDataReader_ReadCharsCE
AsaException_Fini
AsaException_GetErrorCount
AsaException_GetErrorInfo
AsaTransaction_Commit
AsaTransaction_Rollback
AsaTransaction_RollbackToName
AsaTransaction_Save
Asa_GetString
SAConnectionStringBuilder_FreeLinksOptions
SAConnectionStringBuilder_ParseLinksOptions
SADataSourceEnumerator_FreeResults
SADataSourceEnumerator_GetDataSources
SATrace_FireEvent
Unmanaged_Fini
Unmanaged_FreeMemory
Unmanaged_Init
_AsaCommand_BeginExecuteNonQueryDirect@24
_AsaCommand_BeginExecuteReaderDirect@24
_AsaCommand_Cancel@4
_AsaCommand_EndExecuteNonQuery@16
_AsaCommand_EndExecuteReader@20
_AsaCommand_ExecuteNonQuery@24
_AsaCommand_ExecuteReader@28
_AsaCommand_Fini@4
_AsaCommand_FreeOutputParameterValues@8
_AsaCommand_Prepare@36
_AsaConnectionStringParser_Fini@4
_AsaConnectionStringParser_GetParameter@32
_AsaConnectionStringParser_GetParameterCount@8
_AsaConnectionStringParser_Init@4
_AsaConnectionStringParser_ParseConnectionString@12
_AsaConnection_BeginTransaction@12
_AsaConnection_Close@4
_AsaConnection_CloseDataReaders@4
_AsaConnection_DtcEnlist@8
_AsaConnection_GetWhereabouts@12
_AsaConnection_IsAlive@8
_AsaConnection_Open@8
_AsaConnection_SendTransactionCookie@12
_AsaConnection_SetMessageCallback@8
_AsaDataReader_Close@4
_AsaDataReader_FetchRows@12
_AsaDataReader_FreeColumnNames@12
_AsaDataReader_FreeSchema@12
_AsaDataReader_FreeValue@12
_AsaDataReader_FreeValues@12
_AsaDataReader_GetColumnNames@12
_AsaDataReader_GetSchema@12
_AsaDataReader_GetValue@12
_AsaDataReader_GetValueL@24
_AsaDataReader_GetValues@12
_AsaDataReader_HasRows@8
_AsaDataReader_IsDBNull@12
_AsaDataReader_NextResult@8
_AsaDataReader_Read@8
_AsaDataReader_ReadBytes@36
_AsaDataReader_ReadBytesCE@32
_AsaDataReader_ReadChars@36
_AsaDataReader_ReadCharsCE@32
_AsaException_Fini@4
_AsaException_GetErrorCount@8
_AsaException_GetErrorInfo@36
_AsaTransaction_Commit@4
_AsaTransaction_Rollback@4
_AsaTransaction_RollbackToName@8
_AsaTransaction_Save@8
_Asa_GetString@16
_SAConnectionStringBuilder_FreeLinksOptions@8
_SAConnectionStringBuilder_ParseLinksOptions@12
_SADataSourceEnumerator_FreeResults@8
_SADataSourceEnumerator_GetDataSources@8
_SATrace_FireEvent@4
_Unmanaged_Fini@0
_Unmanaged_FreeMemory@4
_Unmanaged_Init@8

Sections

.text
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac7bd5146b05a2c5c10abab8f051c1b7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ws2_32

shell32

version

Exports

Exports

Sections

.text Size: 520KB - Virtual size: 520KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 137KB - Virtual size: 151KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 520KB - Virtual size: 520KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 137KB - Virtual size: 151KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 33KB - Virtual size: 32KB