b39116dd0e0297fac7671b997d2c52c3b8e3f07f17f123159fa14d6f1dc15438

Sharing

Copy URL

Twitter E-mail

General

Target

b39116dd0e0297fac7671b997d2c52c3b8e3f07f17f123159fa14d6f1dc15438
Size

515KB
MD5

ce104128c07ba3601a236c0a6142f625
SHA1

7bb97c6c53cd7169ee8c404a259fa4f741251e65
SHA256

b39116dd0e0297fac7671b997d2c52c3b8e3f07f17f123159fa14d6f1dc15438
SHA512

f6421359c2c0dada0bee1d9fb0b4ceb09622a38dc426e54ce4e8d992d0636c4f6887d00eaaf4e045bf90356ca112b60fb855953fd123be80f396201cf81045db
SSDEEP

12288:MfwsyioAEu8HUC068Yinb7eV+Zw2hxMvo3Jbc:+yioA2iXMvuJg

Score

N/A

Malware Config

Signatures

Files

b39116dd0e0297fac7671b997d2c52c3b8e3f07f17f123159fa14d6f1dc15438
.exe windows x86

35218c1c4bb9a55bec3c6b73940f43cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PurgeComm
SetCommMask
SetCommState
SetCommTimeouts
lstrcmpW
lstrlenW
WideCharToMultiByte
GetUserDefaultUILanguage
GetSystemDirectoryW
SetLastError
GetTickCount
CreateDirectoryA
GetSystemInfo
GetModuleHandleW
GetProcAddress
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileSize
GetCommState
GetModuleFileNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileSectionW
MultiByteToWideChar
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryExW
RaiseException
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
ClearCommError
SetupComm
FreeLibrary
ClearCommBreak
Sleep
CreateEventW
CancelIo
DeviceIoControl
GetOverlappedResult
GetLastError
CloseHandle
OutputDebugStringW
OutputDebugStringA
WriteFile
ReadFile
CreateFileW
SetFilePointer
CreateFileA

user32

GetDlgItem
CreateDialogParamW
SetWindowPos
ShowWindow
PostQuitMessage
PostMessageW
SendMessageW
SendMessageA
DispatchMessageW
TranslateMessage
GetWindowTextW
GetMessageW
wsprintfW
SetDlgItemTextW
EnableWindow
UpdateWindow
GetParent
GetWindowTextA
SetWindowTextW
GetDesktopWindow
GetWindowTextLengthW
GetWindowRect
MessageBoxW
CopyRect
OffsetRect

winspool.drv

EnumPrintersA
OpenPrinterA
SetJobA
EnumJobsA
DeletePrinter
GetPrinterA
ord204
SetPrinterDataW
AddPrinterDriverW
EnumPrintersW
EnumPortsW
OpenPrinterW
XcvDataW
DeleteMonitorA
AddMonitorW
EnumMonitorsA
EnumPortsA
ClosePrinter
DeletePrinterDriverA
GetPrinterDriverDirectoryW
EnumPrinterDriversA
AddPrinterW

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegEnumKeyA
RegOpenKeyA
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
QueryServiceStatusEx
StartServiceW
SetFileSecurityA
SetSecurityDescriptorDacl

shell32

SHGetFolderPathW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW

msvcp120d

?_Launch@_Pad@std@@QAEXPAU_Thrd_imp_t@@@Z
?_Release@_Pad@std@@QAEXXZ
??1_Pad@std@@QAE@XZ
??0_Pad@std@@QAE@XZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Thrd_detach
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
??0id@locale@std@@QAE@I@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
??0_Container_base12@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z

winmm

timeGetTime

ws2_32

gethostname
sendto
recvfrom
WSAIoctl
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket
shutdown
setsockopt
send
recv
inet_ntoa
inet_addr
htons
closesocket
bind
connect

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
CM_Get_Parent
CM_Get_DevNode_Registry_PropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA

shlwapi

StrCpyW
StrCatW
PathIsDirectoryA
PathAddBackslashA
SHDeleteKeyA
StrCmpW
wnsprintfW
wvnsprintfW
StrRChrW
PathFileExistsW

comctl32

ord17

version

VerInstallFileW

msvcr120d

_onexit
__dllonexit
_calloc_dbg
_unlock
_lock
_vswprintf
wcstol
system
_CRT_RTC_INITW
strncpy
_vsnprintf
wprintf
??_V@YAXPAX@Z
?terminate@@YAXXZ
exit
wcsstr
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
_CrtSetCheckCount
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_except_handler4_common
strrchr
strchr
memcmp
swprintf_s
__CxxFrameHandler3
_CxxThrowException
_beginthreadex
_CrtDbgReportW
_hypot
setlocale
_vsnwprintf
sprintf
_snprintf
printf
fprintf
__iob_func
_time64
_difftime64
_wsplitpath_s
_wmakepath_s
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
memcpy
memset
strcmp
strlen
memmove
strstr
wcscat_s
wcscpy_s
wcslen
atoi
mbstowcs
malloc
free
wcstombs
strtol
_invalid_parameter

Sections

.textbss
Size: - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35218c1c4bb9a55bec3c6b73940f43cf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

shell32

msvcp120d

winmm

ws2_32

setupapi

shlwapi

comctl32

version

msvcr120d

Sections

.textbss Size: - Virtual size: 179KB

.text Size: 392KB - Virtual size: 391KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 22KB - Virtual size: 23KB

.idata Size: 9KB - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 18KB - Virtual size: 17KB

.textbss
Size: - Virtual size: 179KB

.text
Size: 392KB - Virtual size: 391KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 22KB - Virtual size: 23KB

.idata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 18KB - Virtual size: 17KB