9b1c4caac9df02f6be5dc893adc739376c28589c61fbe3d37963bd4356746178

Sharing

Copy URL

Twitter E-mail

General

Target

9b1c4caac9df02f6be5dc893adc739376c28589c61fbe3d37963bd4356746178
Size

268KB
MD5

96c7184c4bd2a7ce90a931c52d7f436d
SHA1

061c5312e1153e2dc653b9340e19c34e39ffc0b9
SHA256

9b1c4caac9df02f6be5dc893adc739376c28589c61fbe3d37963bd4356746178
SHA512

75ffe21fca3addcdf7637c160a3a8c11c8982cf907d67eb2b6a4e294e3ad0554e65015e59e7857b666c0b26735107df80778fa32acbb549f0471c5c7f444bc28
SSDEEP

6144:eNemI8XFSiCFskjL5sssnssssssssssssssssssssssssssnKb1dbL4/i+OH7k3n:ekmr+TX6b8A3e9X6

Score

N/A

Malware Config

Signatures

Files

9b1c4caac9df02f6be5dc893adc739376c28589c61fbe3d37963bd4356746178
.exe windows x86

376b54e5bbe8a31fbe34c4b5b61a4c56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcMgmtWaitServerListen
RpcServerUnregisterIf
RpcServerRegisterIf
RpcServerListen
NdrServerContextMarshall
I_RpcGetBuffer
NDRSContextUnmarshall
RpcRaiseException
RpcServerUseProtseqEpW
NdrConformantVaryingArrayUnmarshall
NdrConformantVaryingArrayBufferSize
NdrConformantVaryingArrayMarshall
RpcMgmtStopServerListening
NdrPointerFree
NdrServerContextUnmarshall
NdrServerInitializeNew
NdrConvert
NdrConformantStringUnmarshall

rpcns4

RpcNsBindingUnexportW

kernel32

lstrlenA
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryA
GetLastError
GetVersionExW
DeleteFileW
CloseHandle
ReadFile
GetFileSize
CreateFileW
SetEvent
WaitForSingleObject
CreateEventW
SetConsoleCtrlHandler
LocalFree
FormatMessageW
GetModuleFileNameW
Sleep
ExitProcess
GetVersionExA
InterlockedIncrement
FindFirstFileW
LoadLibraryW
FindFirstFileA
HeapFree
GetProcessHeap
HeapSize
HeapAlloc
GetPrivateProfileStringW
lstrcmpiW
GetPrivateProfileStringA
lstrcmpiA
IsBadWritePtr
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapReAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
InterlockedDecrement
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
SetFilePointer
IsBadReadPtr
IsBadCodePtr
InitializeCriticalSection
SetStdHandle
FlushFileBuffers
FindClose
RtlUnwind
RaiseException
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetStartupInfoW
TlsFree
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType

winspool.drv

ClosePrinter
GetPrinterDriverA
OpenPrinterW
OpenPrinterA
GetPrinterDriverW
EnumPrinterDriversW
EnumPrinterDriversA

advapi32

EnumDependentServicesW
StartServiceCtrlDispatcherW
DeleteService
ControlService
QueryServiceStatus
StartServiceW
CreateServiceW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegisterServiceCtrlHandlerW
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
SetServiceStatus
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

376b54e5bbe8a31fbe34c4b5b61a4c56

Headers

File Characteristics

Imports

rpcrt4

rpcns4

kernel32

winspool.drv

advapi32

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 888B

.text Size: 168KB - Virtual size: 168KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 888B

.text
Size: 168KB - Virtual size: 168KB