b5c8aba045924b1666c98bdad2e5c44fe401eb635c7870ddf7aadc694f068d83

Sharing

Copy URL Twitter E-mail

General

Target

b5c8aba045924b1666c98bdad2e5c44fe401eb635c7870ddf7aadc694f068d83
Size

137KB
MD5

5fd7faa6be03062853a01b24ae7688a0
SHA1

e5b7140f4feb282a57b73b9d245a335c3f478385
SHA256

b5c8aba045924b1666c98bdad2e5c44fe401eb635c7870ddf7aadc694f068d83
SHA512

b1bdbcea90eed58ac9a1f5b84cfeb5634f4dd148d452ea243755f31a368167680f03e0bd226ef5f03d8d6b74998c287c484c0aed6823a8f36325b682c434eae0
SSDEEP

1536:I593hez5eMeXgcfIR7qudXk6eQ7cfRVfsWjcde2d+8NFgNZkmVn2IYtDni:ILKuQcfQ72muyFTFgfxU

Score

N/A

Malware Config

Signatures

Files

b5c8aba045924b1666c98bdad2e5c44fe401eb635c7870ddf7aadc694f068d83
.exe windows x86

45455591999b48966d18b3f29f5a06a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
GetModuleHandleW
GetPrivateProfileStringW
GetSystemDirectoryW
CopyFileW
GetModuleFileNameW
lstrcmpW
GetLastError
GetProcAddress
GetSystemInfo
GetUserDefaultUILanguage
CreateFileW
FlushFileBuffers
HeapSize
HeapReAlloc
WriteConsoleW
SetStdHandle
RtlUnwind
LoadLibraryExW
LCMapStringW
GetStringTypeW
SetFilePointerEx
lstrlenW
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCurrentThreadId
SetLastError
WideCharToMultiByte
MultiByteToWideChar
GetConsoleMode
OutputDebugStringW
GetCPInfo
GetOEMCP
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineW
EncodePointer
DecodePointer
GetProcessHeap
IsValidCodePage
GetACP
CloseHandle

user32

wvsprintfA
wsprintfW
wsprintfA
wvsprintfW
DispatchMessageW
MoveWindow
CopyRect
SetWindowTextW
UnregisterDeviceNotification
EnableWindow
UpdateWindow
GetWindowRect
GetMessageW
PostQuitMessage
GetParent
GetClientRect
TranslateMessage
OffsetRect
GetWindowTextW
GetDlgItem
RegisterDeviceNotificationW
EndDialog
GetDesktopWindow
SetWindowPos
ShowWindow
CreateDialogParamW
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
SendMessageW

winspool.drv

AddPrinterDriverW
EnumPrintersW
AddPrinterW
GetPrinterDriverDirectoryW
XcvDataW
EnumPortsW
OpenPrinterW
ConfigurePortW
ClosePrinter

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

shlwapi

PathRemoveFileSpecW
StrChrW
PathFileExistsW
StrStrW
StrCmpW

comctl32

ord17

version

VerInstallFileW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qerxwme
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

45455591999b48966d18b3f29f5a06a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

setupapi

shlwapi

comctl32

version

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 20KB - Virtual size: 31KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 31KB - Virtual size: 32KB

qerxwme Size: - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 20KB - Virtual size: 31KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 31KB - Virtual size: 32KB

qerxwme
Size: - Virtual size: 4KB