73c73058b23a286bae1db6793221677dc82bf3422023bf3546a885effd76d2b8

Sharing

Copy URL

Twitter E-mail

General

Target

73c73058b23a286bae1db6793221677dc82bf3422023bf3546a885effd76d2b8
Size

652KB
MD5

ac3a1837d61529c1ce005742c4dd6afb
SHA1

fbd3a5e7919f19f8fea02b05c985d4368d64ffa2
SHA256

73c73058b23a286bae1db6793221677dc82bf3422023bf3546a885effd76d2b8
SHA512

16a0a3db934c1792c5c9085beab1a69c8a0745c9a0e07bce0cd3d04d0fe3427f046f3a5c6fd636590d828c0d552b6832d302af41be0a53fecc2231f92704fa66
SSDEEP

12288:EubwXEhbtOJztSGVVW3+DacYJf8nZd7ce9jmXDx93cmvFOlqZuCbCGa8FzyUnKjg:cXTSaW3+DacYJf8nZd7ce9jmXDx93cmX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73c73058b23a286bae1db6793221677dc82bf3422023bf3546a885effd76d2b8

Files

73c73058b23a286bae1db6793221677dc82bf3422023bf3546a885effd76d2b8
.dll windows:4 windows x86 arch:x86

c8b421dbcebcde41a3847966cb9dccfd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetSystemDirectoryW
OutputDebugStringA
GetLastError
GetLongPathNameA
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleA
GetSystemDirectoryA
CreateFileA
GetFileSize
CloseHandle
MoveFileExA
GetModuleFileNameA
LocalAlloc
LocalLock
LocalUnlock
LocalFree
LoadLibraryA
FreeLibrary

odbc32

ord31
ord43
ord15
ord45
ord14
ord9
ord1
ord145
ord2
ord57
ord157
ord16
ord13
ord3
ord8
ord108
ord40
ord140
ord141
ord41
ord12
ord68
ord72
ord119
ord19
ord39
ord51
ord50
ord59
ord47
ord29
ord75
ord37
ord24
ord11
ord111
ord76
ord154
ord127
ord54
ord20
ord18
ord36
ord10
ord4

statrn32

ord3
ord1
ord6
ord21
ord24
ord2
ord5
ST_ToIDate
ord4
ord8
ST_FromIDate

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msvcrt

_close
_adjust_fdiv
_initterm
strchr
atoi
strcmp
_getdrive
_getcwd
_makepath
_strcmpi
sprintf
strcat
fputs
vsprintf
strcpy
fopen
fseek
ftell
_ftol
_splitpath
toupper
memset
realloc
strncpy
__mb_cur_max
_isctype
_pctype
strstr
strtol
strncmp
_vsnprintf
memcpy
strlen
_wremove
_waccess
_wfopen
malloc
fwrite
fclose
free
_strnicmp

user32

MessageBoxA
wsprintfA

Exports

Exports

closer
closew
do_something
get_data_sources
open_db
rd_data
read_dict
wcase
wdict

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 476KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c8b421dbcebcde41a3847966cb9dccfd

Headers

File Characteristics

Imports

kernel32

odbc32

statrn32

version

msvcrt

user32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 48KB - Virtual size: 45KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 476KB - Virtual size: 1.5MB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 48KB - Virtual size: 45KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 476KB - Virtual size: 1.5MB