4fd345d22822d20595705e2f2ba5fd4d6bfdb17b723b13774659c3e773924387

Sharing

Copy URL Twitter E-mail

General

Target

4fd345d22822d20595705e2f2ba5fd4d6bfdb17b723b13774659c3e773924387
Size

128KB
MD5

6a8e568578a4636448da39d53bc27f7e
SHA1

70a3cbb16963f352bfbc67d065b6fc285c2977d4
SHA256

4fd345d22822d20595705e2f2ba5fd4d6bfdb17b723b13774659c3e773924387
SHA512

9927d29ae7d77c2aa62ac28d19672021f0eee6c5f44da245264e8d2d99854400ff1e66ec9ce97f57430e3e2c6f213b0133ef70856a35cd77f3f9eef9218c7646
SSDEEP

1536:1G/3WcnO5TtAgLTLmR1oxS5mDbp9zpV2rNbxw0r8Kk9z+92t9Dd4CAz9:1ajOBLmR1oxS8D1NpV2rtxwG8BEUDdC

Score

N/A

Malware Config

Signatures

Files

4fd345d22822d20595705e2f2ba5fd4d6bfdb17b723b13774659c3e773924387
.dll windows x86

6bd10bd872d1c4777d1597410287dd60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
LoadLibraryA
lstrcatA
GetSystemDirectoryA
FreeLibrary
CreateThread
GetProcAddress
LocalAlloc
OutputDebugStringA
lstrlenA
lstrcpyA
FormatMessageA
DisableThreadLibraryCalls
GetModuleFileNameA
GetVersion
LocalFree
GetLastError
RaiseException
LCMapStringW
ExitProcess
MultiByteToWideChar
LCMapStringA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
IsBadCodePtr
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
HeapFree
CloseHandle
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapAlloc
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
SetUnhandledExceptionFilter
GetCPInfo
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
IsBadWritePtr
IsBadReadPtr
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc

user32

UnregisterClassA
ShowWindow
TranslateMessage
SendMessageA
DispatchMessageA
RegisterClassA
GetMessageA
UpdateWindow
wvsprintfA
DefWindowProcA
PostQuitMessage
FindWindowA
LoadCursorA
CreateWindowExA

winspool.drv

OpenPrinterA
GetPrinterA
EnumJobsA
SetJobA

advapi32

RegQueryValueExA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

StartPORMonitor
StopPORMonitor

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bd10bd872d1c4777d1597410287dd60

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 72KB - Virtual size: 71KB

.rsrc Size: 4KB - Virtual size: 992B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 72KB - Virtual size: 71KB

.rsrc
Size: 4KB - Virtual size: 992B

.reloc
Size: 8KB - Virtual size: 4KB