564702079d3f61bf0644b7825134d4460ff65bb860d1ce4d16f4e0ce4f035d1f

Sharing

Copy URL Twitter E-mail

General

Target

564702079d3f61bf0644b7825134d4460ff65bb860d1ce4d16f4e0ce4f035d1f
Size

180KB
MD5

1655e12e2e703e96c262b43fefea044b
SHA1

455a63ff25ed339e19456fc9b0f57510fe0328e7
SHA256

564702079d3f61bf0644b7825134d4460ff65bb860d1ce4d16f4e0ce4f035d1f
SHA512

75e981bee971ccbfddfa29a2fa0be568e4b9b909f965a63915dc3a2b83a232c7a408ba2642432abac0500da31a8cad6f8669721216cde07c61d993ff3785ba64
SSDEEP

3072:XpzP/W3f1o36xnJuI6+zagvvzfGr1t/LmvQyQCcxt8d4v2bOabEhEkKlP3yp0HfN:VP/W3f1zxnUX+zHvvzfGxtDEsEkQk0H5

Score

N/A

Malware Config

Signatures

Files

564702079d3f61bf0644b7825134d4460ff65bb860d1ce4d16f4e0ce4f035d1f
.exe windows x86

a5f64f4f5d2e55ad47675e01b4a601c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
LocalAlloc
GetModuleHandleW
SetLastError
GetModuleFileNameW
GetSystemDirectoryA
GetFileTime
SetFileAttributesW
GetFileAttributesW
Sleep
CopyFileW
GetCurrentThread
FormatMessageW
HeapFree
GetProcessHeap
HeapAlloc
GetVersionExA
FindFirstFileA
LoadLibraryA
HeapSize
GetPrivateProfileStringW
lstrcmpiW
GetPrivateProfileStringA
lstrcmpiA
FlushFileBuffers
GetCurrentProcess
SetStdHandle
InitializeCriticalSection
IsBadCodePtr
IsBadReadPtr
InterlockedExchange
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
IsBadWritePtr
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
OpenProcess
LoadLibraryW
GetProcAddress
FreeLibrary
CreateProcessW
GetTickCount
GetVersionExW
InterlockedDecrement
SetFilePointer
GetLastError
CreateMutexW
WaitForSingleObject
WriteFile
GetTempPathW
CreateFileW
GetFileSize
ReadFile
CreateDirectoryW
GlobalAlloc
GlobalLock
GetTempFileNameW
GlobalUnlock
GlobalHandle
GlobalFree
FindFirstFileW
FindClose
DeleteFileW
CloseHandle
OutputDebugStringA
LocalFree
lstrlenA
InterlockedIncrement
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetFileType
SetHandleCount
GetCommandLineW
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoW
ExitProcess
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
GetCPInfo
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
TerminateProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA

user32

DispatchMessageW
LoadStringW
LoadStringA
KillTimer
SetTimer
SendMessageW
PostQuitMessage
TranslateMessage
GetMessageW
LoadIconW
RegisterClassW
CreateWindowExW
ShowWindow
UpdateWindow
DefWindowProcW

winspool.drv

EnumPrinterDriversW
ClosePrinter
OpenPrinterW
GetPrinterDriverW
OpenPrinterA
GetPrinterDriverA
EnumPrinterDriversA

advapi32

RegQueryValueExA
CopySid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetSecurityDescriptorDacl
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
OpenThreadToken
AllocateAndInitializeSid
FreeSid
EqualSid
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegOpenKeyA
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidW
CreateProcessAsUserW
RegOpenKeyExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

isqjbqs
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a5f64f4f5d2e55ad47675e01b4a601c1

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

shell32

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 32KB - Virtual size: 32KB

isqjbqs Size: - Virtual size: 4KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 32KB - Virtual size: 32KB

isqjbqs
Size: - Virtual size: 4KB