3a04d44b838cf86973d7a08c0d6284ca86ceddff3190d6929a81fd7df8e61803

Sharing

Copy URL Twitter E-mail

General

Target

3a04d44b838cf86973d7a08c0d6284ca86ceddff3190d6929a81fd7df8e61803
Size

134KB
MD5

057a77c5494f873eb8261d276c3d1cae
SHA1

9bb5ba3808188a60212bf18686e1a8dd9371e4e2
SHA256

3a04d44b838cf86973d7a08c0d6284ca86ceddff3190d6929a81fd7df8e61803
SHA512

a16496167b791ce68616004d6360a6631827d7bff094795f52911162c0aa15b15b654019a2fb7f519d0b01b47f3dec587716aa988a0bc80352f03749bcf1d47f
SSDEEP

3072:kRJGW6UgVJnwTrF21lOTUCkvAxg/8Fy29IP+luFIfMaeQdW:kRJ/8JwTrFEOTUCW8FZ9IGluFIk0k

Score

N/A

Malware Config

Signatures

Files

3a04d44b838cf86973d7a08c0d6284ca86ceddff3190d6929a81fd7df8e61803
.exe windows x86

cd3edf054ea444c23ee25d26eac42f27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextW
PrintDlgA
PrintDlgW
PageSetupDlgA
ChooseFontW
FindTextA
CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW
GetFileTitleA

kernel32

FindFirstFileW
GetEnvironmentStringsW
CreateProcessA
lstrcatA
SetHandleCount
ResumeThread
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetTickCount
GetLastError
FreeEnvironmentStringsW
LocalAlloc
GetProcessHeap
lstrcmpA
OpenEventA
Sleep
GetSystemDirectoryA
VirtualAlloc
DeleteCriticalSection
WaitForSingleObject
GetDriveTypeW
GetOEMCP
GetCurrentProcessId
SetErrorMode
GetCurrentThreadId
lstrcatW
IsBadCodePtr
InitializeCriticalSection
GetFileAttributesW
LCMapStringW
GetSystemTimeAsFileTime
GetLocaleInfoA
DeleteFileW
GetSystemInfo
GetVersion
GetExitCodeProcess
lstrcpynA
ExitProcess

msvcrt

towupper
rand
_controlfp
_CIpow
_unlock
wcsncat
_fileno
_exit
__badioinfo
atol
time
__set_app_type
fseek
__CxxFrameHandler
?terminate@@YAXXZ
isalnum
_snprintf

ole32

CoUninitialize
CreateILockBytesOnHGlobal
CoTaskMemAlloc
WriteClassStm
CoMarshalInterface
CoRevokeClassObject
CoCreateInstance
CoCreateFreeThreadedMarshaler
OleSaveToStream
MkParseDisplayName
CoTaskMemFree
CoInitializeSecurity
ReadClassStm
CoRevertToSelf
CoCreateGuid
PropVariantClear
StringFromCLSID
StringFromGUID2
IIDFromString

ntdll

RtlAddAccessAllowedAce
NlsMbOemCodePageTag
RtlFreeHeap
RtlOemToUnicodeN
RtlEnterCriticalSection
NtOpenEvent
NtImpersonateAnonymousToken
NtQueryAttributesFile
RtlCreateSecurityDescriptor
RtlOemStringToUnicodeString
NtQuerySecurityObject
RtlExpandEnvironmentStrings_U
RtlConvertSidToUnicodeString
RtlMakeSelfRelativeSD
wcsncmp
NtAdjustPrivilegesToken
RtlTimeFieldsToTime
NtSetInformationFile
NtUnmapViewOfSection
RtlQueryInformationAcl

shlwapi

SHDeleteValueA
StrToIntW
StrRChrW
PathFindFileNameA
SHGetValueW
SHDeleteKeyW
PathIsDirectoryW
StrCmpIW
StrCmpW
AssocQueryStringW
UrlCanonicalizeW
StrCatBuffW
PathStripToRootA
wnsprintfA
UrlUnescapeW
PathFindExtensionW
PathAddBackslashW
PathIsRelativeW
StrToIntExW
PathRemoveBlanksW
PathGetDriveNumberW
StrStrW
PathRemoveFileSpecW
StrDupW

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 68KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd3edf054ea444c23ee25d26eac42f27

Headers

File Characteristics

Imports

comdlg32

kernel32

msvcrt

ole32

ntdll

shlwapi

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 68KB - Virtual size: 193KB

.reloc Size: 512B - Virtual size: 483B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 68KB - Virtual size: 193KB

.reloc
Size: 512B - Virtual size: 483B