ac612b833200f8e3017d59aa120da05521a839f7057d315259a83a870861d1a7

Sharing

Copy URL Twitter E-mail

General

Target

ac612b833200f8e3017d59aa120da05521a839f7057d315259a83a870861d1a7
Size

80KB
MD5

62268c53d2ef275cb7eefe43779c9ea1
SHA1

c527e772a23060107aa1bbbfb1276cc54ef59cbd
SHA256

ac612b833200f8e3017d59aa120da05521a839f7057d315259a83a870861d1a7
SHA512

73050254014fff886ee93f4056fafe07730c9dc5c8f12872d5473d569f864b7b50ea9fab9fd1abd3f3c3d666092d299e348afe213602a04ff4bb3931fe17d678
SSDEEP

1536:4WU0HKpZTIZC1oU3W/tie1+U1L02AWl+h0uQuRSvjt:FUCFU1oU3WIeEQLJSLgvj

Score

N/A

Malware Config

Signatures

Files

ac612b833200f8e3017d59aa120da05521a839f7057d315259a83a870861d1a7
.exe windows x86

baa8e0522a79e4ff298ea48d7226fd0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oledlg

ord1
ord7
ord8
ord9

comctl32

CreateToolbarEx
ord15
ord14

shlwapi

StrChrIW
StrRStrIW
StrCSpnA

kernel32

GetModuleHandleA
GetProcAddress
GetEnvironmentStrings
GetEnvironmentVariableA
GetACP
GetStdHandle
CreateSemaphoreA
ReleaseSemaphore
SuspendThread
LocalLock
LocalReAlloc
VirtualAlloc
TlsGetValue
TlsSetValue
LocalHandle
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetFileType
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetCurrentThreadId
TlsAlloc
SetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
HeapAlloc
SetFilePointer
GetCPInfo
GetOEMCP
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

winspool.drv

GetJobW
EnumPrinterDriversA
DeletePrinterDriverA
AddPrinterConnectionA
SetPrinterW
ClosePrinter
DeletePrinterDataA
SetJobW
SetJobA
GetPrinterDriverA
AbortPrinter
GetJobA
AddPrinterDriverExW
EnumPrintersA

secur32

CompleteAuthToken
ApplyControlToken
VerifySignature
AcceptSecurityContext
MakeSignature
DeleteSecurityContext
ExportSecurityContext
EncryptMessage
DecryptMessage
FreeCredentialsHandle

uxtheme

GetThemeSysInt

usp10

ScriptCPtoX
ScriptString_pcOutChars
ScriptFreeCache
ScriptShape
ScriptStringAnalyse
ScriptJustify
ScriptItemize

wsnmp32

ord604
ord105
ord400
ord103

activeds

ord6
ord4
ord16
ord5
ord19
ord12
ord23
ord18
ord9
ord15
ord17
ord7
ord14
ord3

cryptui

CryptUIWizImport
CryptUIDlgViewContext
CryptUIWizExport
CryptUIWizDigitalSign

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

baa8e0522a79e4ff298ea48d7226fd0c

Headers

File Characteristics

Imports

oledlg

comctl32

shlwapi

kernel32

winspool.drv

secur32

uxtheme

usp10

wsnmp32

activeds

cryptui

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 2KB - Virtual size: 2KB