f2264ed3893b768c31ffe120897859444561805f6ef1b2aac5a9c668fa12d87f

Sharing

Copy URL

Twitter E-mail

General

Target

f2264ed3893b768c31ffe120897859444561805f6ef1b2aac5a9c668fa12d87f
Size

408KB
MD5

6657433b49ba1b2db8fa70a4d0bca5f0
SHA1

c61b081a610174d4a01ed054e2a02957892ec2c4
SHA256

f2264ed3893b768c31ffe120897859444561805f6ef1b2aac5a9c668fa12d87f
SHA512

ab00bb0b83242be9e6fdf47ed8c99efcbbec165efed72319bba9549bfe32cd55f60640fc42f82ba5baa1fc8625719041393e83d943ecb581cc7606d53e070857
SSDEEP

12288:CTPiCjKlBkDaBuJRRZDc44lVUvkLJgdQ:CxjKl6DaBURXc4KqsWQ

Score

N/A

Malware Config

Signatures

Files

f2264ed3893b768c31ffe120897859444561805f6ef1b2aac5a9c668fa12d87f
.exe windows x86

8d1cfa31fda02b647053b5168dc331b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetBinaryTypeA
GetQueuedCompletionStatus

comctl32

CreateStatusWindowW
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

ntdll

RtlAcquireResourceShared
RtlAcquireResourceExclusive
NtDuplicateToken
RtlUnwind
RtlInitializeResource
RtlDeleteResource
_wcsicmp
NtClose
RtlOpenCurrentUser
RtlReleaseResource
wcstoul
NtQueryVirtualMemory

setupapi

SetupDiGetDeviceInterfaceAlias
SetupDiOpenDeviceInterfaceW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiCreateDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceRegKey
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromString

shell32

DragQueryFileA

winspool.drv

StartDocDlgA
GetPrinterDriverW

rpcrt4

RpcRevertToSelf
NdrClientCall2
RpcStringBindingParseW
RpcStringFreeW
RpcBindingVectorFree
I_RpcBindingInqTransportType
RpcBindingToStringBindingW
RpcBindingFromStringBindingW
RpcServerUnregisterIf
NdrServerCall2
RpcServerInqBindings
RpcBindingSetAuthInfoExW
RpcServerRegisterIfEx
RpcImpersonateClient
RpcBindingFree

user32

EndDialog
SetWindowPos
SetWindowTextW
DestroyWindow
ShowWindow
DefDlgProcA
MessageBoxW
GetMonitorInfoW
SendDlgItemMessageW
RegisterWindowMessageW
SetDlgItemTextW
GetClientRect
DefWindowProcW
PostMessageW
wsprintfW
MonitorFromRect
LoadStringW
RegisterDeviceNotificationW
SendMessageW
PostQuitMessage
FindWindowW
KillTimer
SetTimer
TranslateMessage
LoadImageW
UnregisterDeviceNotification
GetSystemMetrics
LoadBitmapW
GetSysColorBrush
SystemParametersInfoW
SetWindowLongW
CreateWindowExW
CharNextW
CloseWindowStation
DispatchMessageW
GetMessageW
CallWindowProcW
SetForegroundWindow
GetWindowLongW

winsta

WinStationQueryInformationW

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d1cfa31fda02b647053b5168dc331b8

Headers

File Characteristics

Imports

kernel32

comctl32

ntdll

setupapi

ole32

shell32

winspool.drv

rpcrt4

user32

winsta

Sections

.text Size: 138KB - Virtual size: 137KB

.data Size: 134KB - Virtual size: 609KB

.rdata Size: 25KB - Virtual size: 25KB

.rsrc Size: 109KB - Virtual size: 109KB

.text
Size: 138KB - Virtual size: 137KB

.data
Size: 134KB - Virtual size: 609KB

.rdata
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 109KB - Virtual size: 109KB