6b556ea3f75935c72011f605adcbca30N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6b556ea3f75935c72011f605adcbca30N.exe
Size

1.4MB
MD5

6b556ea3f75935c72011f605adcbca30
SHA1

6f9e1e4f8f0e7303df5566d6f811278abfa31d4a
SHA256

86d7f36e35bb1896310d035cc7e9b6cefb59711bcb65187592e8d5d2caee7354
SHA512

95af8db433362afc6576992c4330a6e348035c204bd3afe4187dcd53412a1f01cd02ff77f57881a3ea87e1313ea96a81831f712adac2bda61ce8d7728d395940
SSDEEP

6144:HC+QLA/I1yeEgou1d8weO/SOoS1syT9hz8SHPQyYOxZ4umGFeAvihpCMeqRO:rUyeH1BsU18SHP3Y4Z4CFe4MX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b556ea3f75935c72011f605adcbca30N.exe

Files

6b556ea3f75935c72011f605adcbca30N.exe
.dll windows:6 windows x86 arch:x86

03b12c0752d525be89249ee5c43a3148

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

odbcjt32.pdb

Imports

msvcrt

wcspbrk
_wsplitpath_s
malloc
bsearch
memcpy
swprintf_s
_splitpath_s
_snprintf_s
_snwprintf_s
towupper
_heapmin
modf
_ftol2_sse
floor
_lock
__dllonexit
_unlock
_except_handler4_common
_amsg_exit
_initterm
_XcptFilter
_ltoa
_ultoa
strncpy_s
_errno
strtod
_ftol2
_ecvt
strchr
_mbsrev
_strnicmp
time
localtime
towlower
_wstat
wcscspn
swscanf_s
strcat_s
sprintf_s
_getcwd
strcpy_s
wcscat_s
wcstok
wcsncat_s
_wchdir
wcstol
wcsstr
wcschr
_itow
_ltow
memmove
_wcsnicmp
wcsncpy_s
wcsrchr
_vsnprintf
calloc
_wtol
_wcsicmp
_wfullpath
_wtoi
free
wcsncmp
_onexit
iswctype
wcscpy_s
memset

kernel32

GetSystemDirectoryA
GetModuleHandleA
OutputDebugStringW
LoadLibraryA
ExpandEnvironmentStringsA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
GetDateFormatA
GetTimeFormatA
GetCurrencyFormatA
GetNumberFormatA
FindResourceW
LoadResource
LockResource
FreeResource
GetTempPathW
GetTempFileNameW
DeleteFileW
MoveFileW
CreateFileW
CloseHandle
FindFirstFileW
FindNextFileW
FindClose
lstrlenW
GetCurrentProcessId
GetProcessVersion
InitializeCriticalSection
DeleteCriticalSection
GetVersion
VirtualQuery
GetSystemDirectoryW
WritePrivateProfileStringW
GetCurrentDirectoryW
GetWindowsDirectoryW
EnterCriticalSection
GetPrivateProfileStringW
GetLastError
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryExA
GetModuleFileNameA
WideCharToMultiByte
GetCurrentThreadId
GetSystemDefaultLCID
LeaveCriticalSection
GetUserDefaultLCID

user32

ReleaseDC
MessageBoxA
GetDC
CreateDialogParamW
DestroyWindow
CharToOemA
CharUpperW
GetDlgCtrlID
LoadCursorA
IsWindowEnabled
DialogBoxParamA
EndDialog
SetWindowLongA
RegisterWindowMessageA
GetWindowLongA
ShowWindow
GetWindowTextLengthW
SetWindowTextW
GetWindow
EnableWindow
SetWindowPos
SetFocus
CharLowerW
LoadStringW
GetParent
GetDesktopWindow
GetWindowRect
GetClientRect
ClientToScreen
MoveWindow
GetWindowTextW
DialogBoxParamW
GetDlgItem
SendMessageW
LoadCursorW
SetCursor
MessageBoxW
LoadStringA

advapi32

RegOpenKeyExW
RegOpenKeyExA
GetUserNameW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegQueryValueExA
RegCloseKey

gdi32

GetTextExtentPointW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

msjet40

ord185
ord112
ord110
ord157
ord56
ord316
ord158
ord304
ord108
ord120
ord159
ord179
ord172
ord126
ord310
ord136
ord145
ord317
ord133
ord140
ord151
ord132
ord138
ord178
ord137
ord302
ord319
ord156
ord146
ord311
ord169
ord154
ord103
ord130
ord107
ord153
ord109
ord104
ord176
ord150
ord906
ord167

mswstr10

ord3

Exports

Exports

AdvancedDialogProc
ConfigDSN
ConfigDSNExW
ConfigDSNW
ConfigDialogProc
ConfigDriverW
DefTxtFmtDlgProc
DllMain
InitDialogAgain
InitializeLoginDialog
InvisibleSelectDb
LoadByOrdinal
LoginDialogProc
OpenDirHook
RepairCompactProc
SQLAllocConnect
SQLAllocEnv
SQLAllocHandle
SQLAllocStmt
SQLBindCol
SQLBindParameter
SQLBulkOperations
SQLCancel
SQLCloseCursor
SQLColAttributeW
SQLColumnsW
SQLConnectW
SQLCopyDesc
SQLDescribeColW
SQLDisconnect
SQLDriverConnectW
SQLEndTran
SQLExecDirectW
SQLExecute
SQLExtendedFetch
SQLFetch
SQLFetchScroll
SQLFreeConnect
SQLFreeEnv
SQLFreeHandle
SQLFreeStmt
SQLGetConnectAttrW
SQLGetCursorNameW
SQLGetData
SQLGetDescFieldW
SQLGetDescRecW
SQLGetDiagFieldW
SQLGetDiagRecW
SQLGetFunctions
SQLGetInfoW
SQLGetStmtAttrW
SQLGetTypeInfoW
SQLMoreResults
SQLNativeSqlW
SQLNumParams
SQLNumResultCols
SQLParamData
SQLPrepareW
SQLProcedureColumnsW
SQLProceduresW
SQLPutData
SQLRowCount
SQLSetConnectAttrW
SQLSetCursorNameW
SQLSetDescFieldW
SQLSetDescRec
SQLSetEnvAttr
SQLSetPos
SQLSetScrollOptions
SQLSetStmtAttrW
SQLSpecialColumnsW
SQLStatisticsW
SQLTablesW
SelectIndexDlgProc
SelectUIdxDlgProc

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 4KB - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03b12c0752d525be89249ee5c43a3148

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

gdi32

comdlg32

msjet40

mswstr10

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 227KB

.data Size: 28KB - Virtual size: 26KB

.sdbid Size: 4KB - Virtual size: 476B

.rsrc Size: 36KB - Virtual size: 33KB

.reloc Size: 148KB - Virtual size: 145KB

.text
Size: 228KB - Virtual size: 227KB

.data
Size: 28KB - Virtual size: 26KB

.sdbid
Size: 4KB - Virtual size: 476B

.rsrc
Size: 36KB - Virtual size: 33KB

.reloc
Size: 148KB - Virtual size: 145KB