f73c9532058a2a6474a067ffb0cab5923aacbbe940f8eb63ae7fd8c6a0b96c64

Sharing

Copy URL

Twitter E-mail

General

Target

f73c9532058a2a6474a067ffb0cab5923aacbbe940f8eb63ae7fd8c6a0b96c64
Size

784KB
MD5

6b35ae9d67f53b02a5d7b7831b3815f3
SHA1

96c81c94d4e854f89760b587b64d429d21596d18
SHA256

f73c9532058a2a6474a067ffb0cab5923aacbbe940f8eb63ae7fd8c6a0b96c64
SHA512

3127ccb948b2dd2e994122cae607192accc64d3f84fd866bf935de3d8fb7a10c57f3f84e09be04f5df68441b658577ce184aa0c0786b2ea2bdbbb79b76ccf945
SSDEEP

24576:rVc27eIoTE56HixDNasMx7SOBdqr/PkECGE2Yj2fDXSPnQDYzIdO+Y5VhGyxcoi4:rVc27eIoTE56HixDNasMx7SOBdqr/PkH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f73c9532058a2a6474a067ffb0cab5923aacbbe940f8eb63ae7fd8c6a0b96c64

Files

f73c9532058a2a6474a067ffb0cab5923aacbbe940f8eb63ae7fd8c6a0b96c64
.exe windows:4 windows x86 arch:x86

ce0c0ce02b1c947d749dd5cba9d2c474

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
free
memset
memcpy
strlen
exit
fflush
floor
fmod

kernel32

GetCommandLineW
SetErrorMode
SetUnhandledExceptionFilter
GetStdHandle
LocalFree
WideCharToMultiByte

shell32

CommandLineToArgvW

odbc32

SQLAllocHandle
SQLBindCol
SQLBindParameter
SQLColumnPrivilegesW
SQLColumnsW
SQLDataSourcesW
SQLDescribeColW
SQLDisconnect
SQLDriverConnectW
SQLDriversW
SQLEndTran
SQLExecute
SQLFetchScroll
SQLForeignKeysW
SQLFreeHandle
SQLFreeStmt
SQLGetConnectAttrW
SQLGetData
SQLGetDiagRecW
SQLGetEnvAttr
SQLGetInfoW
SQLGetStmtAttrW
SQLGetTypeInfoW
SQLMoreResults
SQLNativeSqlW
SQLNumResultCols
SQLPrepareW
SQLPrimaryKeysW
SQLProcedureColumnsW
SQLProceduresW
SQLRowCount
SQLSetConnectAttrW
SQLSetCursorNameW
SQLSetEnvAttr
SQLSetPos
SQLSetStmtAttrW
SQLSpecialColumnsW
SQLStatisticsW
SQLTablePrivilegesW
SQLTablesW

libredrt

system
red/boot
red/copy-cell
red/get-root-node2
red/type-check-alt
red/type-check
red/eval-path*
red/select-key*
red/get-cmdline-args
red/fire
red/set-type
f_attempt
f_first
f_integer?
f_logic?
f_none?
f_string?
f_time?
f_ref?
f_charset
f_cause-error
f_extract
f_extract-boot-args
f_collect
f_rejoin
f_register-scheme
set-quiet
red/natives/print*
red/stk-bottom
red/unset-value
red/none-value
red/true-value
red/boot?
red/redbin/boot-load
red/platform/prin*
red/platform/prin-int*
red/platform/prin-hex*
red/platform/prin-2hex*
red/platform/prin-float*
red/platform/prin-float32*
red/stack/mark-native
red/stack/mark-func
red/stack/mark-loop
red/stack/mark-func-body
red/stack/unwind
red/stack/unwind-last
red/stack/reset
red/stack/push
red/stack/unroll
red/stack/revert
red/stack/pop
red/stack/set-last
red/stack/arguments
red/stack/bottom
red/none/push-last
red/none/push
red/none/make-in
red/logic/false?
red/logic/true?
red/logic/push
red/logic/get
red/logic/box
red/logic/make-in
red/refinement/push
red/binary/rs-length?
red/binary/load-in
red/binary/load
red/binary/rs-append
red/block/push
red/block/push-only*
red/block/append-thru
red/block/rs-head
red/block/rs-length?
red/block/rs-abs-at
red/block/rs-clear
red/block/rs-append-block
red/block/make-in
red/datatype/push
red/date/make-in
red/float/get
red/float/make-in
red/_function/push
red/_function/init-locals
red/get-word/get
red/integer/push
red/integer/get-any*
red/integer/get
red/integer/box
red/integer/make-in
red/object/push
red/object/init-push
red/object/init-events
red/object/get-values
red/object/unchanged?
red/object/unchanged2?
red/object/get-word
red/routine/push
red/string/push
red/string/load
red/string/load-in
red/time/make-in
red/unset/push
red/word/push
red/word/get
red/word/get-local
red/word/set-in
red/word/set-in-ctx
red/word/set
red/word/load
red/word/push-local
red/word/push-in
red/handle/box
red/handle/make-in
red/symbol/make
red/symbol/resolve
red/unicode/to-utf16
red/natives/foreach-next
red/natives/forall-next?
red/natives/forall-end
red/natives/switch*
red/natives/do*
red/natives/get*
red/natives/equal?*
red/natives/not-equal?*
red/natives/type?*
red/natives/reduce*
red/natives/compose*
red/natives/in*
red/natives/parse*
red/natives/union*
red/natives/positive?*
red/natives/lowercase*
red/natives/unset*
red/natives/new-line*
red/natives/zero?*
red/actions/make*
red/actions/to*
red/actions/add*
red/actions/divide*
red/actions/multiply*
red/actions/round*
red/actions/subtract*
red/actions/append*
red/actions/change*
red/actions/copy*
red/actions/find*
red/actions/head*
red/actions/length?*
red/actions/pick*
red/actions/select*
red/actions/sort*
red/actions/trim*

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce0c0ce02b1c947d749dd5cba9d2c474

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

shell32

odbc32

libredrt

Sections

.text Size: 105KB - Virtual size: 105KB

.data Size: 653KB - Virtual size: 652KB

.rdata Size: 5KB - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 852B

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 105KB - Virtual size: 105KB

.data
Size: 653KB - Virtual size: 652KB

.rdata
Size: 5KB - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 852B

.rsrc
Size: 18KB - Virtual size: 18KB