0fdd1bbfebdfe874f8b56e265cc83b7de562760ae38ca60524ed7a2feb010f87

Sharing

Copy URL Twitter E-mail

General

Target

0fdd1bbfebdfe874f8b56e265cc83b7de562760ae38ca60524ed7a2feb010f87
Size

132KB
MD5

3a3f7ec719021ea3aa60c2d066283949
SHA1

05d385901545d12e0fa12467d5685ccd58647108
SHA256

0fdd1bbfebdfe874f8b56e265cc83b7de562760ae38ca60524ed7a2feb010f87
SHA512

e713680bbfe200afbd0a7ac0de34ab9de223cace490a7a160c729867a38ca539a36fa967aebf35fa86393c2589635ee9a0fef9499df600a3c886a53972c80984
SSDEEP

3072:sUP4BL7+JozjMzmHCWXZtlegeX1KSh8aN1:pPYf+JoPMzmia2gY1Kha/

Score

N/A

Malware Config

Signatures

Files

0fdd1bbfebdfe874f8b56e265cc83b7de562760ae38ca60524ed7a2feb010f87
.exe windows x86

f1fa026066bc53338e43966f3ed2762d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
GetTempFileNameW
CopyFileW
ResetEvent
FindFirstChangeNotificationW
DeleteFileW
WaitForMultipleObjects
InterlockedCompareExchange
InterlockedIncrement
GetVolumeInformationW
GetSystemTime
QueryPerformanceCounter
GetLocalTime
MoveFileExW
CreateFileW
GetModuleHandleW
GetDateFormatW
LoadResource
WaitForSingleObject
GetCurrentProcess
LoadLibraryW
WriteConsoleW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
ReadFile
SetEndOfFile
VirtualQuery
InterlockedExchange
RtlUnwind
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetTimeZoneInformation
WideCharToMultiByte
CreateFileA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
HeapFree
HeapReAlloc
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
FindFirstFileA
FindNextFileA
GetVersionExA
CloseHandle
WriteFile
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSize
SetStdHandle
FlushFileBuffers
LCMapStringW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW

ole32

CoTaskMemAlloc
CoUninitialize
CoSuspendClassObjects
StgCreateDocfile
CoInitialize
OleCreate
CoTaskMemFree

ws2_32

WSAConnect
WSACreateEvent
WSAGetOverlappedResult
getservbyport
WSAWaitForMultipleEvents
WSACloseEvent
socket
setsockopt
getservbyname
getprotobynumber
WSASocketW

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f1fa026066bc53338e43966f3ed2762d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

ole32

ws2_32

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 193KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 193KB

.rsrc
Size: 36KB - Virtual size: 36KB