ed01c99063740a0d4c0aca74f5d6520f39436c02721f8506a25e5f68ccfc6896

Sharing

Copy URL

Twitter E-mail

General

Target

ed01c99063740a0d4c0aca74f5d6520f39436c02721f8506a25e5f68ccfc6896
Size

383KB
MD5

308146d731b2c5e6ef7f0f282951e962
SHA1

88cd9372823de70eefb6f4ddcc879d6298d6d74d
SHA256

ed01c99063740a0d4c0aca74f5d6520f39436c02721f8506a25e5f68ccfc6896
SHA512

81a5a89d1d5d2619e6392a38c7cbcf6fa35cef9734bb534098831340b272d995fe4e28be6b5a0f57c7741a55f1968fc1fd2f0fcd54a6d7f7cf30aebfc49df107
SSDEEP

6144:QDm0gD2JZVaG7XsYAZxKSezrjU27kaO8/3l91efCoVdaErfbn/+o2wfkUKLeRlhK:QkKfVaG7cYS4Hk2/V91efCotb/+zwfkW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed01c99063740a0d4c0aca74f5d6520f39436c02721f8506a25e5f68ccfc6896

Files

ed01c99063740a0d4c0aca74f5d6520f39436c02721f8506a25e5f68ccfc6896
.exe windows:5 windows x86 arch:x86

5c79b9014aea4aead762483809414e34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

odbc32

SQLGetData
SQLDriverConnectW
SQLGetConnectOption
SQLGetDescRec
SQLGetInfoW
SQLColumns
SQLNumParams
SQLSetCursorNameA
SQLDataSources
SQLGetDescFieldA
SQLNativeSqlW
SQLCopyDesc
SQLDescribeCol
SQLColumnPrivilegesW
SQLEndTran
SQLAllocStmt
SQLColumnPrivileges
SQLExecDirect
SQLSetStmtAttr
PostComponentError
SQLSetDescFieldA
SQLGetConnectAttr
SQLSetDescFieldW
SQLTransact
SQLGetCursorNameA
SQLSpecialColumnsW
SQLGetStmtAttr
SQLForeignKeysW
CursorLibLockDbc
SQLTablePrivilegesW
CollectODBCPerfData
SQLProcedureColumnsW
SQLDriverConnectA
SQLGetEnvAttr
SQLGetDiagRecW
SQLGetCursorName

kernel32

PeekConsoleInputW
ResumeThread
GetProfileSectionW
GetEnvironmentStringsA
GetCommandLineW
GetSystemTimeAdjustment
GetMailslotInfo
AreFileApisANSI
GetConsoleAliasesW
GetSystemWow64DirectoryA
TlsSetValue
HeapCreate
VirtualAlloc
Thread32First
RegisterConsoleVDM
GetEnvironmentVariableA
CreateSemaphoreW
RtlCaptureStackBackTrace
WritePrivateProfileStringW
CreateActCtxW
ReadFileScatter
EnumResourceLanguagesW
GetConsoleFontSize
CloseConsoleHandle
GetConsoleNlsMode
GetThreadSelectorEntry
DeleteCriticalSection
Beep
LoadLibraryA
GetCurrentThreadId
EndUpdateResourceA
LocalSize
QueryDosDeviceW
SetSystemTime
BackupWrite
GlobalUnfix
GetStringTypeExA
GetFileInformationByHandle
GetCPInfoExA
DeleteTimerQueue
GetProfileSectionA
GetCurrentThread
FindCloseChangeNotification
HeapValidate

wininet

ShowClientAuthCerts
InternetOpenA
InternetTimeFromSystemTime
FindNextUrlCacheEntryW
InternetSetPerSiteCookieDecisionW
InternetHangUp
HttpAddRequestHeadersW
DeleteUrlCacheEntry
InternetQueryDataAvailable
UnlockUrlCacheEntryFileW
InternetCreateUrlW
InternetSetCookieExW
InternetAutodial
HttpOpenRequestA
RetrieveUrlCacheEntryStreamW
InternetConnectW
InternetSetOptionW
GopherCreateLocatorA
GopherOpenFileW
SetUrlCacheEntryGroupA
CreateUrlCacheEntryA
FtpFindFirstFileA
HttpQueryInfoW
HttpOpenRequestW
GopherGetLocatorTypeA
InternetTimeFromSystemTimeW
FindFirstUrlCacheGroup
FindCloseUrlCache
InternetTimeToSystemTimeA
FtpSetCurrentDirectoryW
InternetFortezzaCommand
DeleteUrlCacheGroup
InternetGetPerSiteCookieDecisionW
FtpRemoveDirectoryA
PrivacySetZonePreferenceW
FindFirstUrlCacheEntryExW
FtpCommandA
ReadUrlCacheEntryStream
FtpGetCurrentDirectoryA
FindNextUrlCacheEntryExW
IsHostInProxyBypassList
InternetCheckConnectionA
FtpSetCurrentDirectoryA

pdh

PdhTranslateLocaleCounterW
PdhEnumLogSetNamesA
PdhBrowseCountersA
PdhGetDefaultPerfCounterA
PdhUpdateLogW
PdhSelectDataSourceW
PdhConnectMachineA
PdhOpenQueryH
PdhEnumMachinesHA
PdhCloseQuery
PdhGetFormattedCounterArrayW
PdhEnumObjectsW
PdhParseInstanceNameA
PdhBrowseCountersW
PdhValidatePathA
PdhGetDataSourceTimeRangeW
PdhGetDataSourceTimeRangeA
PdhParseInstanceNameW
PdhSelectDataSourceA
PdhCloseLog
PdhTranslateLocaleCounterA
PdhSetLogSetRunID
PdhEnumMachinesW
PdhUpdateLogFileCatalog
PdhCollectQueryData
PdhExpandWildCardPathHA

ntdsapi

DsFreeNameResultW
DsListDomainsInSiteA
DsReplicaConsistencyCheck
DsReplicaSyncAllA
DsClientMakeSpnForTargetServerW
DsGetRdnW
DsBindW
DsServerRegisterSpnW
DsListRolesA
DsReplicaUpdateRefsW
DsListServersForDomainInSiteW
DsListServersInSiteA
DsReplicaDelW
DsCrackNamesW
DsBindWithSpnW
DsReplicaDelA
DsReplicaUpdateRefsA
DsClientMakeSpnForTargetServerA
DsCrackSpn2A
DsReplicaSyncA
DsaopBindWithSpn
DsLogEntry
DsCrackSpnW
DsRemoveDsDomainA
DsCrackSpn3W
DsInheritSecurityIdentityW
DsReplicaModifyA
DsReplicaGetInfoW
DsMakeSpnW
DsReplicaModifyW
DsListServersInSiteW
DsBindWithCredA
DsMapSchemaGuidsW
DsFreeSchemaGuidMapW
DsReplicaVerifyObjectsA
DsListInfoForServerW
DsCrackUnquotedMangledRdnA
DsReplicaVerifyObjectsW
DsUnBindA
DsFreeSpnArrayA
DsReplicaAddW
DsIsMangledRdnValueW

ntdll

RtlTimeFieldsToTime
RtlIsActivationContextActive
ZwInitializeRegistry
NtCreateNamedPipeFile
_i64tow
isdigit
RtlDefaultNpAcl
ZwImpersonateThread
RtlEnterCriticalSection
NtMakePermanentObject
RtlQueryProcessDebugInformation
NtSetInformationFile
iswlower
RtlGetDaclSecurityDescriptor
NtUnlockVirtualMemory
RtlRemoveVectoredExceptionHandler
RtlSecondsSince1980ToTime
NtQueryOpenSubKeys
NtMapViewOfSection
NtDuplicateToken
RtlComputeImportTableHash
ZwMapViewOfSection
RtlCreateBootStatusDataFile
RtlCaptureContext
NtFreeUserPhysicalPages

rastapi

RemovePort
RastapiSetCalledID
PortOpen
PortInit
DeviceEnum
DeviceDone
DeviceGetDevConfig
PortChangeCallback
DeviceConnect
PortSetIoCompletionPort
SetCommSettings
PortGetInfo
DeviceGetInfo
UnloadRastapiDll
EnableDeviceForDialIn
PortTestSignalState
DeviceSetDevConfig
PortSetInfo
PortDisconnect
PortReceive
AddPorts
GetZeroDeviceInfo
PortCompressionSetInfo
PortSetFraming
DeviceListen
PortEnum
PortClose
RastapiGetCalledID
PortGetStatistics
PortReceiveComplete
DeviceSetInfo
PortClearStatistics

Sections

.text
Size: 98KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c79b9014aea4aead762483809414e34

Headers

DLL Characteristics

File Characteristics

Imports

odbc32

kernel32

wininet

pdh

ntdsapi

ntdll

rastapi

Sections

.text Size: 98KB - Virtual size: 100KB

.rdata Size: 75KB - Virtual size: 76KB

.data Size: 512B - Virtual size: 644KB

.rsrc Size: 207KB - Virtual size: 208KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 98KB - Virtual size: 100KB

.rdata
Size: 75KB - Virtual size: 76KB

.data
Size: 512B - Virtual size: 644KB

.rsrc
Size: 207KB - Virtual size: 208KB

.reloc
Size: 1024B - Virtual size: 4KB