c25fce2998ec36eac9bc7aa93c05bc48ad0e7f8b4d451737a9c50e1b913a53f5N

Sharing

Copy URL Twitter E-mail

General

Target

c25fce2998ec36eac9bc7aa93c05bc48ad0e7f8b4d451737a9c50e1b913a53f5N
Size

1.5MB
MD5

a37e7b0e9984d97a89a9e77dfa94c480
SHA1

e4e049abd1fcf11f646bc05ec401355ae04380c6
SHA256

c25fce2998ec36eac9bc7aa93c05bc48ad0e7f8b4d451737a9c50e1b913a53f5
SHA512

a0c2cbc0b09fd0d56afdea0b6cebc9469cb993fc57b960619ee32b7b2c01cf15841a6d8d1de21598ae557f3f2d1cf911a60c4e21e6f39566f119d71b03d5f69e
SSDEEP

12288:ycyQvIS0gNtOPuftk/s1IEDAOncNApqLIhoev0rHdm:jvIgNt8Att1IgAOnZk6oe8rH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c25fce2998ec36eac9bc7aa93c05bc48ad0e7f8b4d451737a9c50e1b913a53f5N

Files

c25fce2998ec36eac9bc7aa93c05bc48ad0e7f8b4d451737a9c50e1b913a53f5N
.exe windows:6 windows x86 arch:x86

1230fae33692c99f2f2fd8f579c13082

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DCEXEC.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

GetLastError
WaitForSingleObject
WaitForMultipleObjects
LoadResource
SizeofResource
GetFileType
GetStdHandle
WriteFile
CloseHandle
FormatMessageW
OpenEventW
FindResourceW
FindResourceExW
WideCharToMultiByte
GetUserDefaultLangID
GetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleMode
WriteConsoleW
GetConsoleCP
InterlockedIncrement
FreeLibrary
HeapSetInformation
SetUnhandledExceptionFilter
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetCommandLineW
GetSystemDirectoryW
CreateFileW
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetStartupInfoW
CreateProcessW
GetExitCodeThread
InterlockedDecrement
ReadProcessMemory
HeapCreate
VirtualQuery
GetSystemInfo
CreateMutexW
SetHandleInformation
ReleaseMutex
GetDateFormatW
GetTimeFormatW
IsWow64Process
GetVersionExW
GetTempFileNameW
GetNativeSystemInfo
GlobalMemoryStatus
GetUserDefaultUILanguage
FindFirstFileW
GetFullPathNameW
GetModuleFileNameW
FindClose
SetLastError
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DecodePointer
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalFree
LockResource
GetModuleHandleW
DeleteCriticalSection
EncodePointer
InterlockedCompareExchange
Sleep
InterlockedExchange
RaiseException
GetProcAddress
GetExitCodeProcess
VirtualFree

msvcr100

vswprintf_s
wcschr
memmove_s
memcpy_s
_wtoi
__CxxFrameHandler3
_CxxThrowException
_vscwprintf
??_V@YAXPAX@Z
free
??3@YAXPAX@Z
_vsnwprintf
_resetstkoflw
_vsnwprintf_l
_wmakepath_s
_wsplitpath_s
wmemcpy_s
_beginthreadex
memset
wcsncat_s
swprintf_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_crt_debugger_hook
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z

shell32

CommandLineToArgvW

ole32

CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SysAllocStringLen

sqltdiagn

??0CEntryExit@@QAE@PAVCDebugLog@@PBGPAJK1@Z
??1CEntryExit@@QAE@XZ
?SQLToolsDiag_TraceMsg@@YAXPBGKPAGZZ

datacollectorcontroller

?DeleteControllerInstance@CDataCollectorControllerFactory@@SA?AW4DC_RETURN_TYPE@@AAPAVIDataCollectorController@@@Z
?CreateControllerInstance@CDataCollectorControllerFactory@@SA?AW4DC_RETURN_TYPE@@AAPAVIDataCollectorController@@@Z

msvcp100

?_Decref@facet@locale@std@@QAEPAV123@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z

psapi

GetModuleFileNameExW
EnumProcessModules

version

VerQueryValueW
GetFileVersionInfoW

Exports

Exports

DmpGetClientExport
DmpRemoteDumpRequest
SSISBeginDump
SSISGetExtraDumpFileHandle

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1230fae33692c99f2f2fd8f579c13082

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcr100

shell32

ole32

oleaut32

sqltdiagn

datacollectorcontroller

msvcp100

psapi

version

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1.4MB - Virtual size: 1.4MB