0cfed2c412c4420fc3b972959b5fe0765757274c28f3efb4b7ee58b9b62598b3

General

Target

0cfed2c412c4420fc3b972959b5fe0765757274c28f3efb4b7ee58b9b62598b3
Size

525KB
MD5

96cb9e577b6106935a647d7e9bbc0820
SHA1

27e0c7442e5e5f32b7b147fdeb0578eadb469813
SHA256

0cfed2c412c4420fc3b972959b5fe0765757274c28f3efb4b7ee58b9b62598b3
SHA512

2f815e17e1cfacccd7621f0bff302ac61d0112a1565cc434f8c1ec5d332b15e532564a35954647ac4d6a13700bef8e94547080889e523c9c6e63168843f64082
SSDEEP

12288:1lH89W5w3kVFgV1a4FJWZSO4O/QhyQwqdOm4GTGRsF7hC:1lbS3k4fbWZ2O/zQvdJTGmFA

Score

N/A

Malware Config

Signatures

Files

0cfed2c412c4420fc3b972959b5fe0765757274c28f3efb4b7ee58b9b62598b3
.exe windows x86

50ef5a67056042eb720badc450188c69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

winspool.drv

SetJobW
AbortPrinter
DeletePrinterConnectionW
GetPrinterW
GetJobW
EnumJobsA

usp10

ScriptStringOut
ScriptStringCPtoX
ScriptString_pLogAttr
ScriptString_pcOutChars

setupapi

SetupQueueCopyW
SetupGetLineByIndexA
SetupCommitFileQueueA
SetupCopyOEMInfW
SetupFindNextLine
SetupCloseFileQueue
SetupDiLoadClassIcon
SetupDeleteErrorA

ntdsapi

DsWriteAccountSpnW

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 493KB - Virtual size: 798KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50ef5a67056042eb720badc450188c69

Headers

File Characteristics

Imports

kernel32

winspool.drv

usp10

setupapi

ntdsapi

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 493KB - Virtual size: 798KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 493KB - Virtual size: 798KB

.rsrc
Size: 6KB - Virtual size: 6KB