44eaa89e65be3c3a6e994c8e49441f5cf6525c9a50929d295b00e01f636771d5

Sharing

Copy URL Twitter E-mail

General

Target

44eaa89e65be3c3a6e994c8e49441f5cf6525c9a50929d295b00e01f636771d5
Size

372KB
MD5

651a060ccdc0c85e719774cf8ec8b020
SHA1

efb575b78d172ce0532eca95a4e5c1bf62d5e8b2
SHA256

44eaa89e65be3c3a6e994c8e49441f5cf6525c9a50929d295b00e01f636771d5
SHA512

e6dfc99e6c0c16f13a25669c681197c43688516fabd27756a4ecb6ab458aa4ddcd6c984fce4b7d021d398bbab50d8100bc1fe039aa82d6ae86176d30baff4988
SSDEEP

6144:gvwtU+XZyvxommIFzooQ7/HNmvx0tX7RjaaR2RFncaDuBkln+xMHSYQP7FBr5:gv+ZyvxomjO/HNmOX7Va2ychG5+EShz5

Score

N/A

Malware Config

Signatures

Files

44eaa89e65be3c3a6e994c8e49441f5cf6525c9a50929d295b00e01f636771d5
.dll windows x86

809837adc67967d9962b01324e5eb078

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
_vsnprintf
memchr
strrchr
_onexit
_lock
__dllonexit
_unlock
_mbsstr
_mbsnbicmp
toupper
atoi
_ismbcdigit
fclose
fopen
memmove
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
malloc
_callnewh
free
?what@exception@@UBEPBDXZ
_mbsupr
_errno
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
memcpy

kernel32

VirtualAlloc
OpenMutexA
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
GetPrivateProfileSectionNamesA
lstrcmpA
MultiByteToWideChar
LocalFree
LocalAlloc
InitializeCriticalSection
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemDirectoryA
lstrlenA
GetSystemInfo
GetVersionExA
GetCurrentThreadId
GetCurrentProcessId
SetFilePointer
WriteFile
SetEndOfFile
CreateFileA
CreateMutexA
ReleaseMutex
InitializeCriticalSectionAndSpinCount
GetProcAddress
SetLastError
FreeLibrary
lstrcmpiA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
WaitForSingleObject
SetEvent
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetTickCount
DeleteCriticalSection
WaitForMultipleObjects
CreateThread
CreateEventA
WideCharToMultiByte
LoadLibraryA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExA

user32

CharUpperA

winspool.drv

GetPrinterDriverA
OpenPrinterW
ClosePrinter
GetPrinterDataA
GetPrinterA
EndDocPrinter
EndPagePrinter
StartPagePrinter
StartDocPrinterA
OpenPrinterA

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

EBPD4_Close
EBPD4_GetPacketSize
EBPD4_OpenUTF16
EBPD4_OpenUTF8
EBPD4_Read
EBPD4_Write

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

809837adc67967d9962b01324e5eb078

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

user32

winspool.drv

ole32

version

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 70KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 290KB - Virtual size: 290KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 71KB - Virtual size: 70KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 290KB - Virtual size: 290KB

.reloc
Size: 5KB - Virtual size: 5KB