dd1b18745c62364aee01cb4a71fab508e2ae2d691350b5900da459edcbd627f8

Sharing

Copy URL Twitter E-mail

General

Target

dd1b18745c62364aee01cb4a71fab508e2ae2d691350b5900da459edcbd627f8
Size

73KB
MD5

9009c23dbab94084e4be22d2697ddf5a
SHA1

ca37960fcb8d25a4768832b3e8212bfce3d36fb7
SHA256

dd1b18745c62364aee01cb4a71fab508e2ae2d691350b5900da459edcbd627f8
SHA512

100ff6395cc068003bdbf45389f53bdb73c559cc728bfcf8d5faa153e6435233ca4d56990593e1b794203294a3dd960aebf49216815e3d05783064be5790698e
SSDEEP

1536:Nq/oJvp+6DfkUyd/pLkes/+8sLjZh5C+:lMqfkU3AjZh5C+

Score

N/A

Malware Config

Signatures

Files

dd1b18745c62364aee01cb4a71fab508e2ae2d691350b5900da459edcbd627f8
.exe windows x86

830225506d350e022ac008b0c0f953c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
GetConsoleOutputCP
SetStdHandle
SetFilePointer
GetConsoleMode
CreateFileA
GetModuleFileNameW
GetProcessHeap
HeapAlloc
GetTickCount
OutputDebugStringW
Sleep
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetProcAddress
GetLastError
WriteFile
FlushFileBuffers
CloseHandle
WriteConsoleA
lstrlenW
GetConsoleCP
HeapSize
HeapFree
RtlUnwind
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileAttributesW
GetCommandLineA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RaiseException

winspool.drv

EnumPrintersW
GetPrinterDataW
EnumPortsW
GetPrinterW
XcvDataW
ClosePrinter
OpenPrinterW
SetPrinterDataW

advapi32

RegisterServiceCtrlHandlerW
DeleteService
CreateServiceW
RegCreateKeyW
SetServiceStatus
RegisterEventSourceW
ReportEventW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeregisterEventSource
RegFlushKey
RegEnumValueW
RegDeleteValueW
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
StartServiceCtrlDispatcherW

shell32

ShellExecuteW

shlwapi

StrCmpIW

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

830225506d350e022ac008b0c0f953c3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

advapi32

shell32

shlwapi

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 3KB - Virtual size: 2KB