5d653a0ff89b8befe8bb493fc9174a31e7bcf8fc859ed041137c165daf631969

Sharing

Copy URL Twitter E-mail

General

Target

5d653a0ff89b8befe8bb493fc9174a31e7bcf8fc859ed041137c165daf631969
Size

367KB
MD5

6cb265a012587daca4d2dd7ab63004ab
SHA1

63649794abd7a9e1051357f3baa6a5f82d93c7f4
SHA256

5d653a0ff89b8befe8bb493fc9174a31e7bcf8fc859ed041137c165daf631969
SHA512

44bc0c1e56532f5aa307ea35d517b6135ac400dc97dea12ccfb5d0f5c6cae84e1dd0a1220cd2da22eb3857d0fc3900aebaba71f4433bbda9e5aeff7478637067
SSDEEP

6144:PuVoNbkwegBQjm5LMznVGN7/xKxbgQ1eTSKjgdIBo4Mg:PhNbkwbBeQEVaZKxbX1MSKVBo

Score

N/A

Malware Config

Signatures

Files

5d653a0ff89b8befe8bb493fc9174a31e7bcf8fc859ed041137c165daf631969
.dll windows x86

566d518429f7fbb22e259ef02bec4598

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
CreateFileA
FlushFileBuffers
ResetEvent
GetConsoleOutputCP
CreateEventW
LeaveCriticalSection
CloseHandle
EnterCriticalSection
UnmapViewOfFile
MapViewOfFile
GetLastError
OpenFileMappingW
WriteConsoleA
SetStdHandle
VirtualQuery
VirtualProtect
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
GetModuleHandleW
LoadLibraryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
HeapFree
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
CreateThread
ExitThread
GetVersionExA
GetCommandLineA
OutputDebugStringW
lstrlenW
GetCurrentThreadId
CreateProcessW
GetCurrentProcess
MulDiv
GetFileSize
GlobalMemoryStatus
GetSystemInfo
FindNextFileW
FindFirstFileW
ReadFile
GetEnvironmentVariableW
FindClose
DeleteFileW
InterlockedCompareExchange
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
CreateFileMappingW
lstrcatW
lstrcpyW
GetTickCount
GetTempFileNameW
GetTempPathW
WriteFile
SetFilePointer
CreateFileW
Sleep
GetPrivateProfileStringW
WaitForSingleObject
GetModuleFileNameW
GetExitCodeThread
GetVersionExW
WaitForMultipleObjects
MultiByteToWideChar
SetEvent
SetLastError
DeleteCriticalSection
InitializeCriticalSection
OpenEventW

user32

FillRect
SetRect
wsprintfW
PostMessageW
MessageBoxW
LoadStringW
wsprintfA

gdi32

GdiPlayEMF
DPtoLP
CreatePenIndirect
GetClipBox
BeginPath
Rectangle
ScaleWindowExtEx
WidenPath
StrokeAndFillPath
ExtSelectClipRgn
StrokePath
IntersectClipRect
FillPath
GetClipRgn
SelectClipPath
SetGraphicsMode
SelectClipRgn
ModifyWorldTransform
SetWorldTransform
GetRegionData
ExtCreatePen
PathToRegion
SetMapMode
GetTextAlign
SetBrushOrgEx
GetGraphicsMode
SetViewportOrgEx
GetMiterLimit
SetWindowOrgEx
GetBkColor
SetViewportExtEx
GetTextColor
SetWindowExtEx
GetBkMode
ResetDCW
GetROP2
GetPolyFillMode
CreateDCW
GetStretchBltMode
GetBrushOrgEx
PlgBlt
MaskBlt
GetWindowOrgEx
GetTextExtentPoint32W
GetViewportExtEx
GetWindowExtEx
StretchBlt
Polyline
EndPath
CreateDIBSection
GetObjectW
GetBitmapBits
GetCharABCWidthsW
GetStockObject
CreateBitmap
GetTextMetricsW
CreateCompatibleDC
GetOutlineTextMetricsW
SelectObject
CreateFontIndirectW
OffsetRgn
CreateBrushIndirect
CreateRectRgn
ExtTextOutW
EnumFontFamiliesW
RemoveFontResourceW
EnumFontsW
AddFontResourceW
CreateScalableFontResourceW
SetTextAlign
LPtoDP
SetMiterLimit
SetROP2
SetPolyFillMode
GetDeviceCaps
DeleteObject
CombineRgn
CreateRectRgnIndirect
RestoreDC
SaveDC
PolyDraw
SetBkMode
SetStretchBltMode
SetColorAdjustment
SetBkColor
SetTextColor
PatBlt
LineTo
MoveToEx
Escape
EndPage
SetICMMode
StartPage
AbortDoc
EndDoc
StartDocW
DeleteDC
CreateICW
ExtEscape
TextOutA

spoolss

GetPrinterDriverDirectoryW
ImpersonatePrinterClient
RevertToPrinterSelf

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegCloseKey
DuplicateTokenEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CreateProcessAsUserW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetTokenInformation
RegOpenKeyExW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

Exports

Exports

ClosePrintProcessor
ControlPrintProcessor
EnumPrintProcessorDatatypesW
GetPrintProcessorCapabilities
InstallPrintProcessor
ModuleInfo
OpenPrintProcessor
PpDisplayMsgOnCurrentSession
PpGetDispatchTbl
PrintDocumentOnPrintProcessor

Sections

.text
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

566d518429f7fbb22e259ef02bec4598

Headers

File Characteristics

Imports

kernel32

user32

gdi32

spoolss

advapi32

wtsapi32

Exports

Exports

Sections

.text Size: 263KB - Virtual size: 262KB

.data Size: 87KB - Virtual size: 105KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 263KB - Virtual size: 262KB

.data
Size: 87KB - Virtual size: 105KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB