376917abbd2643581b22e79120889069dc7f45ee9417795b3de337e2058ac37d

Sharing

Copy URL Twitter E-mail

General

Target

376917abbd2643581b22e79120889069dc7f45ee9417795b3de337e2058ac37d
Size

219KB
MD5

61d750141641056a2e4662345a95ef02
SHA1

5a670f700a0975e251f7beb88dcb4def0b7e40db
SHA256

376917abbd2643581b22e79120889069dc7f45ee9417795b3de337e2058ac37d
SHA512

87e185e79811f1e11daf7dd7890f4296001a50b61ba68d651f1cabd1dd2e4a77a7e305ac20de291f7f42d43e9b042349b409ccdd298cab2830f5f9a83afa350c
SSDEEP

6144:GBgA+zZvxtBCD1mAzisV6y3WME3Rz7vPH9t763:7Ht0ZtzV6y+PXI

Score

N/A

Malware Config

Signatures

Files

376917abbd2643581b22e79120889069dc7f45ee9417795b3de337e2058ac37d
.exe windows x86

b9745a666dfa971374ba394963e55e86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

AddFormA
AddJobA
AddMonitorA
AddPrinterDriverExA
AddPrinterDriverA
DeletePortA
DeletePrintProcessorA
DeletePrintProvidorA
DeletePrinter
DeletePrinterConnectionA
DeletePrinterDataExA
DeletePrinterDataA
EndPagePrinter
EnumFormsA
EnumJobsA
EnumMonitorsA
EnumPortsA
EnumPrintProcessorDatatypesA
EnumPrintersA
FindClosePrinterChangeNotification
FlushPrinter
GetFormA
GetJobA
GetPrintProcessorDirectoryA
GetPrinterDataExA
GetPrinterDataA
PrinterMessageBoxA
ReadPrinter
ResetPrinterA
ScheduleJob
SetFormA
WritePrinter
XcvDataW

kernel32

DecodePointer
HeapSize
HeapReAlloc
IsProcessorFeaturePresent
RtlUnwind
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
HeapAlloc
Sleep
HeapFree
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
SetTapeParameters
VirtualProtect
GetSystemDirectoryA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetLastError
GetCurrentThread
GetProcAddress
CompareStringW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
ExitProcess
WriteFile

Exports

Exports

MotherName

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9745a666dfa971374ba394963e55e86

Headers

DLL Characteristics

File Characteristics

Imports

winspool.drv

kernel32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 91KB - Virtual size: 147KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 91KB - Virtual size: 147KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB