90f277b97d30399367a7e56551bbf2135c4968ade64100863095dc7031f34c91

Sharing

Copy URL

Twitter E-mail

General

Target

90f277b97d30399367a7e56551bbf2135c4968ade64100863095dc7031f34c91
Size

276KB
MD5

0f98b7b43ab1b3e2a957c5361fc403cd
SHA1

6afc0ae820991afcf9d6eeab0cbb68378b2f8d00
SHA256

90f277b97d30399367a7e56551bbf2135c4968ade64100863095dc7031f34c91
SHA512

f56b1fbf9ec6c63807882166fd8845ba4660eb16403706d4d0b3c4ee3de8a86549771e516d017058da9a023f787b997855733b975ad98569975655d92101ffb3
SSDEEP

6144:kTkJkvRAhoED0xWSVwbhDV4UszE7hvrimn:kwCAh1S2wUszE7hv9n

Score

N/A

Malware Config

Signatures

Files

90f277b97d30399367a7e56551bbf2135c4968ade64100863095dc7031f34c91
.exe windows x86

1263d471a0f2e9a98846386838077c21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
CompareStringW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
CloseHandle
HeapAlloc
HeapFree
GetACP
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
GetModuleFileNameA
WriteFile
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
LoadLibraryW
RaiseException
MultiByteToWideChar
VirtualProtect

user32

CreateMDIWindowA
ImpersonateDdeClientWindow
SetKeyboardState
CreateCursor
LockWindowUpdate
GetDesktopWindow
ReuseDDElParam
EqualRect
DefWindowProcW
CreateIcon
IsCharAlphaA
ChangeDisplaySettingsExA
GetUserObjectSecurity
SetMessageExtraInfo
DdeQueryStringW
DefFrameProcA
AnyPopup
CharLowerBuffW
VkKeyScanExW
UnhookWinEvent
IsCharUpperW
OpenWindowStationA
TranslateAcceleratorW
ChangeDisplaySettingsExW
ToUnicodeEx
CreateWindowStationA
UnregisterHotKey

winspool.drv

DocumentPropertySheets
EnumJobsW
AddJobA
EnumPrintProcessorsA
GetFormW
ord207
GetSpoolFileHandle
PrinterProperties
DeleteMonitorW
EnumPrinterDriversW
EnumPrinterDriversA
CloseSpoolFileHandle
DeletePrintProcessorA
EnumPrintersA
GetPrinterA
AddPrintProcessorW
ord103
DeletePrinterKeyA
DeletePrinterDriverA
PlayGdiScriptOnPrinterIC
DeletePrintProcessorW
FindClosePrinterChangeNotification
ord209
DeletePrinterDataExW
XcvDataW

wininet

InternetCloseHandle
HttpSendRequestA
InternetCrackUrlA
FindNextUrlCacheContainerW
ParseX509EncodedCertificateForListBoxEntry
GetUrlCacheConfigInfoW
GopherCreateLocatorA
FtpCreateDirectoryA
InternetCombineUrlA
SetUrlCacheEntryInfoA
InternetConnectW
UnlockUrlCacheEntryFile
RetrieveUrlCacheEntryStreamA
InternetWriteFileExA
GetUrlCacheConfigInfoA
InternetSetCookieA
GetUrlCacheHeaderData
HttpOpenRequestA
GopherGetAttributeW
FindFirstUrlCacheContainerA

shlwapi

PathIsContentTypeW
StrChrIA
SHDeleteKeyA
UrlGetLocationW
UrlUnescapeA
StrCSpnA
StrFormatByteSizeA
SHRegCreateUSKeyA
UrlCanonicalizeW
PathUnquoteSpacesA
SHRegWriteUSValueW
StrSpnW
PathRemoveBackslashW
PathIsDirectoryW
PathParseIconLocationA
PathUnquoteSpacesW
PathCompactPathExW
PathCombineW
SHEnumValueA
PathStripPathA
StrCatW
SHRegDeleteEmptyUSKeyA
StrStrIW
SHEnumKeyExA
StrCmpW

crypt32

CryptHashPublicKeyInfo
CertAddSerializedElementToStore
CertDuplicateCRLContext
CertEnumCertificatesInStore
CertAddEncodedCRLToStore
CertGetIntendedKeyUsage
CertSerializeCertificateStoreElement
CertIsRDNAttrsInCertificateName
CryptImportPublicKeyInfo
CryptVerifyCertificateSignature
CertDeleteCTLFromStore
CryptFormatObject
CryptExportPublicKeyInfo
CertSetEnhancedKeyUsage
CertAddCRLContextToStore
CertCompareCertificate
CertCreateCTLContext
CryptSignAndEncryptMessage

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1263d471a0f2e9a98846386838077c21

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

wininet

shlwapi

crypt32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 30KB - Virtual size: 32KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 166KB - Virtual size: 165KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 30KB - Virtual size: 32KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 166KB - Virtual size: 165KB

.reloc
Size: 6KB - Virtual size: 5KB