ea6bafd96818930f83200987d64c970ad03afcae9d69fbde9dd18f2ace154a99

Sharing

Copy URL

Twitter E-mail

General

Target

ea6bafd96818930f83200987d64c970ad03afcae9d69fbde9dd18f2ace154a99
Size

527KB
MD5

e6eb304d38c6426faa5eaa3576dd72c3
SHA1

435dd07d0f04aec7da02d66b665573e3ee4fe80d
SHA256

ea6bafd96818930f83200987d64c970ad03afcae9d69fbde9dd18f2ace154a99
SHA512

1bfa0aba00bcee022d26836441b792c107afead8783a3273e5202ac43e59e53034a7aadb295b5c3194745b84e5fdf7a818e842efaae995dd8b5ac6d5bd6035cc
SSDEEP

12288:KJzUXNiNnAqFMOg4J6H2Ewuedhx4oUK41HnntYKJ:7elgh6uedhY7ZntYKJ

Score

N/A

Malware Config

Signatures

Files

ea6bafd96818930f83200987d64c970ad03afcae9d69fbde9dd18f2ace154a99
.exe windows x86

fd44c9faedcbda650077f5e6fa038938

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
CompareStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
SetStdHandle
GetProcessHeap
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW
OutputDebugStringW
GetStringTypeW
SetFilePointerEx
WriteConsoleW
SetEndOfFile
ReadFile
Process32NextW
CreateToolhelp32Snapshot
GetFullPathNameW
GetFullPathNameA
GetSystemDirectoryA
UpdateResourceA
EnumResourceTypesA
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
FindResourceExA
CreateEventA
lstrcpyA
FormatMessageW
CloseHandle
SizeofResource
LoadResource
Sleep
WaitForSingleObject
CreateThread
GetLastError
VirtualAlloc
LocalFree
LocalAlloc
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
GetStartupInfoW
GetFileType
GetStdHandle
IsDebuggerPresent
LockResource
FreeResource
FindNextFileW
DeleteCriticalSection
HeapSize
FindFirstFileExW
SetCurrentDirectoryA
GetTempPathA
FindClose
WriteFile
IsProcessorFeaturePresent
GetCommandLineA
RtlUnwind
RaiseException
HeapReAlloc
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
ReadConsoleW

user32

WaitForInputIdle
DefWindowProcA
wsprintfA
SendMessageA
PostMessageA
CreateWindowExA
ShowWindow
GetIconInfo
DestroyCursor
LoadCursorFromFileW
GetWindow
FindWindowExA
FindWindowA
GetDesktopWindow
GetWindowLongA
FillRect
GetSysColorBrush
MapWindowPoints
ClipCursor
GetCursorPos
ShowCursor
MessageBoxA
GetWindowRect
GetClientRect
SetWindowTextA
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
SetActiveWindow
DrawTextA
DrawIcon
ReleaseCapture
SendInput
GetFocus
SendDlgItemMessageA
GetDlgItem
EndDialog
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos

gdi32

SetBkMode
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
SwapBuffers
TextOutA
GetObjectA
GetTextMetricsA
SetTextAlign
SetTextColor
BitBlt
SelectObject
GetStockObject
DeleteDC
CreateRectRgn
CreateMetaFileA
CreateFontIndirectA

winspool.drv

ConnectToPrinterDlg

comdlg32

GetOpenFileNameA
GetFileTitleA

advapi32

RegQueryValueExA
GetUserNameW
RegCloseKey
RegCreateKeyA
AllocateAndInitializeSid
RegCreateKeyExA
RegOpenKeyExW
RegSetValueExA
SetEntriesInAclW
InitializeSecurityDescriptor

shell32

SHGetFolderPathA

ws2_32

WSALookupServiceEnd
WSAProviderConfigChange
WSANtohs

netapi32

NetUserGetInfo
NetApiBufferFree

comctl32

ImageList_DragLeave
ImageList_EndDrag

opengl32

wglGetCurrentDC

imm32

ImmEnumInputContext
ImmGetCompositionStringA
ImmGetContext
ImmDisableTextFrameService

rasapi32

RasGetSubEntryPropertiesW
RasGetSubEntryHandleW

urlmon

HlinkSimpleNavigateToString

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd44c9faedcbda650077f5e6fa038938

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ws2_32

netapi32

comctl32

opengl32

imm32

rasapi32

urlmon

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 396KB - Virtual size: 395KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 396KB - Virtual size: 395KB