9c96a2e258aab8efb9af749bc4abedcf6624fd73dc9e44b68daa0d1c01f38159

Sharing

Copy URL Twitter E-mail

General

Target

9c96a2e258aab8efb9af749bc4abedcf6624fd73dc9e44b68daa0d1c01f38159
Size

640KB
MD5

3cb5e971d8d284b90a000f198312f21e
SHA1

02107a230dc1b81f7f12aafd0a0ce2891036636e
SHA256

9c96a2e258aab8efb9af749bc4abedcf6624fd73dc9e44b68daa0d1c01f38159
SHA512

21ef9af6ca8331e17846375f48834d9075d7d1167223eeafa2c68515b390259fc3b943881d74e2a571b2f6408dd21d01c9af2de2d497f801ac1566ff5bd29182
SSDEEP

12288:qP2dzTh7NOpTRrNhpW3+DacYJf8nZd7ce9jmXDx93cmvFOlqZuCbCGa8FzqDFcPW:wKKrxW3+DacYJf8nZd7ce9jmXDx93cm6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c96a2e258aab8efb9af749bc4abedcf6624fd73dc9e44b68daa0d1c01f38159

Files

9c96a2e258aab8efb9af749bc4abedcf6624fd73dc9e44b68daa0d1c01f38159
.dll windows:4 windows x86 arch:x86

cf44d302d535813c6b0f4412623510b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetSystemDirectoryW
OutputDebugStringA
GetLastError
GetLongPathNameA
GetProcAddress
LoadLibraryA
DisableThreadLibraryCalls
GetModuleHandleA
GetSystemDirectoryA
CreateFileA
GetFileSize
CloseHandle
MoveFileExA
GetModuleFileNameA
LocalAlloc
LocalLock
LocalUnlock
LocalFree
FreeLibrary

odbc32

ord31
ord4
ord43
ord45
ord145
ord15
ord14
ord9
ord1
ord2
ord57
ord157
ord16
ord13
ord3
ord8
ord108
ord40
ord140
ord141
ord12
ord68
ord72
ord119
ord19
ord39
ord51
ord50
ord59
ord47
ord29
ord75
ord37
ord24
ord41
ord111
ord76
ord154
ord127
ord54
ord20
ord18
ord36
ord10
ord11

statrn32

ord4
ord3
ord1
ord6
ord21
ord24
ord2
ord5
ST_ToIDate
ST_FromIDate
ord8

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msvcrt

_memccpy
_close
_adjust_fdiv
_initterm
strchr
atoi
strcmp
_getdrive
_getcwd
_makepath
_strcmpi
sprintf
strcat
fputs
vsprintf
strcpy
fopen
fseek
ftell
_ftol
_splitpath
toupper
memset
realloc
strncpy
__mb_cur_max
_isctype
_pctype
strstr
strtol
strncmp
_vsnprintf
memcpy
strlen
_wremove
_waccess
_wfopen
malloc
fwrite
fclose
free
_strnicmp

user32

wsprintfA
MessageBoxA

Exports

Exports

closer
closew
do_something
get_data_sources
open_db
rd_data
read_dict
wcase
wdict

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 464KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf44d302d535813c6b0f4412623510b0

Headers

File Characteristics

Imports

kernel32

odbc32

statrn32

version

msvcrt

user32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 48KB - Virtual size: 45KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 464KB - Virtual size: 1.4MB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 48KB - Virtual size: 45KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 464KB - Virtual size: 1.4MB