ec437b9e78ee71711f7e269a86876787d6ebaed6420a49e83a35feed8d466d09

Sharing

Copy URL

Twitter E-mail

General

Target

ec437b9e78ee71711f7e269a86876787d6ebaed6420a49e83a35feed8d466d09
Size

107KB
MD5

71d8347f63596c76341f98750b9a5f10
SHA1

3ef88be30e3f8ffac5ea9513bd16c151f80aeac1
SHA256

ec437b9e78ee71711f7e269a86876787d6ebaed6420a49e83a35feed8d466d09
SHA512

0480e3cdce7915667ba66d5d3f6447b2c9842caa5c22293f143a825a5affade2a340d69bdb1478e10889d633f870eef1bb81e26ef18a3b48219c86ae7ebd390f
SSDEEP

1536:cxonBjzp5cU4s/GgC5OCYNwVCUzfSG4HCPA5jfS2MjZu2XT5VZ7d76SspkjY:O6BJ5cfOC8Q6/p5jqfFVZ9/Sk

Score

N/A

Malware Config

Signatures

Files

ec437b9e78ee71711f7e269a86876787d6ebaed6420a49e83a35feed8d466d09
.exe windows x86

88cc3acc4458356b42c9d7dfd2b8366c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetNextDlgGroupItem
SetWindowPlacement
CreateDialogIndirectParamA
GetLastActivePopup
GetClientRect
GetWindowTextA
BringWindowToTop
GetWindow
DialogBoxParamA
ChildWindowFromPoint
DeferWindowPos
CreateWindowExA

advapi32

OpenProcessToken
AccessCheck
RegisterEventSourceW
BackupEventLogA
OpenEventLogW

shlwapi

StrIsIntlEqualA
PathAppendW
ChrCmpIW
PathCombineW
SHRegWriteUSValueA
PathSkipRootA
StrFormatByteSizeA
StrCpyNW
PathMakePrettyW
PathUnquoteSpacesA
PathCompactPathW
PathFindFileNameA
StrToIntW

kernel32

GetProcessHeap
SetEndOfFile
GetStringTypeW
CreateFileW
HeapReAlloc
LoadLibraryW
HeapSize
LCMapStringW
EnterCriticalSection
IsProcessorFeaturePresent
WriteConsoleW
CreateFileA
CloseHandle
SetStdHandle
HeapAlloc
GetCurrentDirectoryW
IsValidCodePage
GetOEMCP
GetACP
GetProfileSectionA
GetPrivateProfileIntA
GetProfileStringA
GetModuleHandleA
GetProcAddress
VirtualAlloc
GetCPInfo
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
GetModuleHandleW
FlushFileBuffers
ReadFile
MultiByteToWideChar
HeapCreate
GetConsoleMode
GetConsoleCP
GetLastError
GetFullPathNameA
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
GetDriveTypeW
SetFilePointer
RtlUnwind
WriteFile
WideCharToMultiByte

winspool.drv

AddPrintProcessorW
AbortPrinter
DeletePrinterDriverExA
AddPrinterDriverA
EnumPrintProcessorsA
DeleteFormA
EnumPrintersA
ClosePrinter
AddPrintProcessorA

secur32

EncryptMessage
CompleteAuthToken
DeleteSecurityContext
DecryptMessage
MakeSignature
VerifySignature
AcceptSecurityContext
ExportSecurityContext
FreeCredentialsHandle
ApplyControlToken

wsnmp32

ord600
ord300
ord502
ord504
ord603

mapi32

ord81

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88cc3acc4458356b42c9d7dfd2b8366c

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

shlwapi

kernel32

winspool.drv

secur32

wsnmp32

mapi32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 7KB - Virtual size: 18KB

.rsrc Size: 39KB - Virtual size: 39KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 7KB - Virtual size: 18KB

.rsrc
Size: 39KB - Virtual size: 39KB