73073ab70fce50cef43ce017d99196dfee832acf3a2280154f912ce99fa59220

Sharing

Copy URL Twitter E-mail

General

Target

73073ab70fce50cef43ce017d99196dfee832acf3a2280154f912ce99fa59220
Size

688KB
MD5

069a8fbe7ecda7c6f5167c8d2a979d90
SHA1

9780adb071abf2ff9c1839b7062ac54caa44a700
SHA256

73073ab70fce50cef43ce017d99196dfee832acf3a2280154f912ce99fa59220
SHA512

654087ad7d4130f91f1e9d03126a4dd5a23661e8c2893270ab177ad0ae0f6af0675ebdfc2edb25a9b125aade2cab0dfaf137a5ab4abd9a8f54f9e9ca622f46be
SSDEEP

12288:knEqJVoOdn54XI7YiU2ckPNe+w944bzkVjmXhdk9d:2EAm6MYNef9Nbz8ou

Score

N/A

Malware Config

Signatures

Files

73073ab70fce50cef43ce017d99196dfee832acf3a2280154f912ce99fa59220
.exe windows x86

7498af57fd57c182d0a776ea672a388b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

FindClosePrinterChangeNotification
EnumPrintersA
WritePrinter
DeletePrinterDriverExA
AddJobA
DeletePrinterDataA
XcvDataW
EndDocPrinter
AddPrintProvidorA
AddPrintProcessorA
DeletePrinterDriverA
AddPortA
DeleteFormA
SetPortA
SetPrinterDataExA
AddMonitorA
GetPrinterDataA
PrinterMessageBoxA
GetPrinterDriverDirectoryA
OpenPrinterA
DeletePrinterKeyA
ConfigurePortA
ClosePrinter
DeletePrinterDataExA
DeletePrinterConnectionA
EnumPrinterKeyA
AbortPrinter
EndPagePrinter
GetPrinterA
DeletePrinter
WaitForPrinterChange
GetPrinterDriverA
AddFormA

kernel32

RtlUnwind
IsBadCodePtr
IsBadReadPtr
GetLocaleInfoW
LoadLibraryA
GetOEMCP
GetACP
HeapSize
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
GetCurrentProcess
SetTapeParameters
GetDriveTypeA
GetProcAddress
LoadLibraryExA
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetCPInfo
ExitProcess
RaiseException
LCMapStringA
MultiByteToWideChar
GetLastError
LCMapStringW
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
IsBadWritePtr
TerminateProcess

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 284KB - Virtual size: 918KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7498af57fd57c182d0a776ea672a388b

Headers

File Characteristics

Imports

winspool.drv

kernel32

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 284KB - Virtual size: 918KB

.rsrc Size: 240KB - Virtual size: 238KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 284KB - Virtual size: 918KB

.rsrc
Size: 240KB - Virtual size: 238KB

.reloc
Size: 12KB - Virtual size: 8KB