11e82032ae4f892c6a9b2739d9aa42ba472813ebcec7bc9170b26e3434c8b5e2

Sharing

Copy URL Twitter E-mail

General

Target

11e82032ae4f892c6a9b2739d9aa42ba472813ebcec7bc9170b26e3434c8b5e2
Size

724KB
MD5

7a0ec306b800bd6c79de0321dc37287e
SHA1

7d59f183d9f0d844a2853ae89a3295fc81f53d2a
SHA256

11e82032ae4f892c6a9b2739d9aa42ba472813ebcec7bc9170b26e3434c8b5e2
SHA512

cd246bc82a1fd80a79574ce50d4904362a429aabf7baacf88b36583b331467782e844c643cb383065d97b22983a0b36eedbd7f2f05950d4d12284f8f68a9a84c
SSDEEP

12288:PFMS1w4rFP+d2tUD2szl9fLBvxAMHcbJC3nK:agJv+Ss59f1vxAMHcb43K

Score

N/A

Malware Config

Signatures

Files

11e82032ae4f892c6a9b2739d9aa42ba472813ebcec7bc9170b26e3434c8b5e2
.exe windows x86

5f8101dc178e250617f55e316babc4b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

shlwapi

PathFileExistsA

kernel32

CopyFileA
GlobalFree
lstrcpyA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetComputerNameA
DeleteCriticalSection
FormatMessageA
DeleteFileA
GetWindowsDirectoryA
GetCurrentThreadId
GetTickCount
SetFilePointer
GetFileSize
GetLocalTime
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeThread
SetThreadPriority
GetCurrentProcess
GetModuleHandleA
GetVersionExA
ReleaseMutex
OpenMutexA
SetEvent
ResetEvent
CreateEventA
FreeLibrary
GetTempPathA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileW
GetTimeZoneInformation
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
SetConsoleCtrlHandler
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
CreateFileA
OpenEventA
GetConsoleMode
GetConsoleCP
GetFileType
GetStdHandle
SetHandleCount
CloseHandle
Sleep
FindFirstFileA
FindClose
FindResourceA
LoadResource
LockResource
CreateMutexA
GetLastError
lstrcmpiA
CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
OpenProcess
Process32Next
TerminateProcess
WaitForSingleObject
GetModuleFileNameA
SetCurrentDirectoryA
GetProcAddress
LoadLibraryA
HeapReAlloc
VirtualAlloc
FatalAppExitA
VirtualFree
GlobalAlloc
GlobalUnlock
GlobalLock
CreateProcessA
GetSystemDirectoryA
LocalFree
lstrcatA
LocalAlloc
lstrlenA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
GetCommandLineA
HeapAlloc
GetProcessHeap
GetStartupInfoA
ExitThread
CreateThread
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
GetACP
GetOEMCP
HeapSize
HeapDestroy
HeapCreate
WriteFile

user32

RegisterClassA
WaitForInputIdle
DefWindowProcA
SendMessageA
RegisterWindowMessageA
KillTimer
PostQuitMessage
wsprintfA
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowExA
GetWindowRect
CreateMenu
SetMenu
CreatePopupMenu
SetTimer
GetCursorPos
SetForegroundWindow
TrackPopupMenu
AppendMenuA
DestroyMenu
LoadStringA
LoadStringW
LoadIconA
FindWindowA
LoadCursorA
RegisterClassExA
CreateWindowExA
SetMenuDefaultItem

gdi32

GetStockObject

winspool.drv

GetPrinterDataA
OpenPrinterA
GetPrinterDriverDirectoryA
GetPrinterA
DocumentPropertiesA
EnumPrintersA
ClosePrinter

advapi32

RegDeleteKeyA
SetEntriesInAclA
SetKernelObjectSecurity
GetSecurityDescriptorDacl
SetSecurityInfo
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
IsValidSid
GetLengthSid
GetAce
AllocateAndInitializeSid
InitializeSecurityDescriptor
FreeSid
RegEnumValueA
RegEnumKeyExA
RegCreateKeyA
RegDeleteValueA
RegFlushKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

Shell_NotifyIconA

Sections

.text
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5f8101dc178e250617f55e316babc4b8

Headers

File Characteristics

Imports

imm32

shlwapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

Sections

.text Size: 544KB - Virtual size: 543KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 12KB - Virtual size: 40KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 4KB

.nrdata Size: 72KB - Virtual size: 72KB

.text
Size: 544KB - Virtual size: 543KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 12KB - Virtual size: 40KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 4KB

.nrdata
Size: 72KB - Virtual size: 72KB