7bcff4035a9298f16f2253151884cc96a62a8001b135e8c231819b098459a9ca

Sharing

Copy URL

Twitter E-mail

General

Target

7bcff4035a9298f16f2253151884cc96a62a8001b135e8c231819b098459a9ca
Size

636KB
MD5

f9555f1a60106a41b9f527bf86bf2842
SHA1

2cd758947132a2208101e86fac9478fce610813f
SHA256

7bcff4035a9298f16f2253151884cc96a62a8001b135e8c231819b098459a9ca
SHA512

6f84708b1f9f8743f01e3a6a81f254988c2fc83c6ca33336a7a139e8a349f7a77182290038fafaff2fa3057f2e2fb5f09d53fc874985d242501471af5cd3fbce
SSDEEP

6144:t87P/lGV9CrDE0UXLBdcbns5HKFygjCBGUhoO4jsRiljfNtoS9YiUyx1NKOEqcYt:t8DlGV4rDE0UXLUb8gjCBGXRNthbD1c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bcff4035a9298f16f2253151884cc96a62a8001b135e8c231819b098459a9ca

Files

7bcff4035a9298f16f2253151884cc96a62a8001b135e8c231819b098459a9ca
.dll windows:4 windows x64 arch:x64

065c56d09941f27cdfde76258bdc0ae6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\depot\bas\SAP_DB\78_SP_REL\gen\opt\ntamd64\usr\symbols\sqlrun.pdb

Imports

ws2_32

getservbyname
ntohs
WSAStartup
WSAGetLastError

kernel32

GetEnvironmentVariableW
GetComputerNameA
TlsSetValue
OpenProcess
VirtualAlloc
VirtualFree
GetSystemInfo
GetVersionExA
SleepEx
TlsFree
TlsAlloc
DuplicateHandle
GlobalMemoryStatusEx
FreeLibrary
GetProcAddress
LoadLibraryA
GetProcessAffinityMask
ReleaseSemaphore
GetTickCount
CreateSemaphoreA
GetSystemTime
FileTimeToSystemTime
QueryPerformanceCounter
SetThreadAffinityMask
QueryPerformanceFrequency
GetEnvironmentVariableA
RaiseException
Sleep
MoveFileExA
DeleteFileA
SetEndOfFile
DisableThreadLibraryCalls
GetExitCodeProcess
WaitForSingleObject
GetLastError
CreateProcessA
CreateDirectoryA
GetModuleFileNameA
TlsGetValue
GetSystemWindowsDirectoryA
GetFileAttributesA
LocalFree
SetLastError
FormatMessageA
lstrlenA
LocalAlloc
GetCommandLineW
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLocalTime
GetCurrentProcessId
CloseHandle
GetCurrentProcess
GetCurrentThread
GetSystemTimeAsFileTime
GetFileAttributesExA
GetFileSize
CreateFileA
ReadFile
WriteFile
UnlockFile
LockFileEx
SetFilePointer

shell32

CommandLineToArgvW
SHGetFolderPathA

user32

CharUpperBuffA
wsprintfA

msvcr80

isupper
floor
_fpclass
_environ
_snprintf
calloc
_errno
isspace
__sys_errlist
__sys_nerr
_mkdir
_rmdir
sscanf
??2@YAPEAX_K@Z
clock
_chmod
isalpha
atol
strcspn
_time64
_encode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
__clean_type_info_names_internal
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
iscntrl
memcmp
isdigit
_stricmp
strstr
memchr
strtoul
__CxxFrameHandler3
memmove
toupper
_stat64i32
_putenv
strspn
strncat
strncmp
strncpy
getenv
??3@YAXPEAX@Z
atoi
memcpy
sprintf
_strupr
fopen
fgets
fclose
perror
tolower
memset
printf
malloc
free
__iob_func
fprintf
strrchr
strchr
_purecall
_strdup
_strnicmp
_mktemp
signal

advapi32

GetSidSubAuthority
GetKernelObjectSecurity
GetSecurityDescriptorDacl
AllocateAndInitializeSid
GetAclInformation
GetLengthSid
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupPrivilegeDisplayNameA
ReportEventA
DeregisterEventSource
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
GetAce
AddAce
GetSecurityDescriptorControl
MakeAbsoluteSD
SetSecurityDescriptorDacl
SetKernelObjectSecurity
EqualSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
GetNamedSecurityInfoA
SetEntriesInAclA
FreeSid
SetNamedSecurityInfoA
RegSetKeySecurity
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegConnectRegistryA
RegQueryInfoKeyA
RegEnumValueA
EnumServicesStatusA
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
CloseServiceHandle
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
LookupAccountNameA
GetSidIdentifierAuthority
GetSidSubAuthorityCount
IsValidSecurityDescriptor
CopySid
InitializeSecurityDescriptor

Exports

Exports

en950ApplStartupProgram

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

065c56d09941f27cdfde76258bdc0ae6

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

shell32

user32

msvcr80

advapi32

Exports

Exports

Sections

.text Size: 310KB - Virtual size: 309KB

.rdata Size: 151KB - Virtual size: 151KB

.data Size: 149KB - Virtual size: 441KB

.pdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 310KB - Virtual size: 309KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 149KB - Virtual size: 441KB

.pdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB