1da34189bedc6539efc394d896dc939fb8fc03c4d030ec1b30d48da0c8324682

Sharing

Copy URL

Twitter E-mail

General

Target

1da34189bedc6539efc394d896dc939fb8fc03c4d030ec1b30d48da0c8324682
Size

868KB
MD5

a3b0a854270d88d97f701d2210251e90
SHA1

0226b598cd61eeaeb0e47ff63adbffd15e915420
SHA256

1da34189bedc6539efc394d896dc939fb8fc03c4d030ec1b30d48da0c8324682
SHA512

f9ecc3b732785e6c725e848eb51a569f4a8a04448f33e9a7d680e88926db5e7803baeb1a32a4442618829d96b5dadf6f5f735c30289908a0718fa3931ce6fedd
SSDEEP

24576:2H8gupFODg+h3AE0UPQ9I4QsB2K7IuB8V3+7:2tupFWg+p0UI9I4zhBBC+

Score

N/A

Malware Config

Signatures

Files

1da34189bedc6539efc394d896dc939fb8fc03c4d030ec1b30d48da0c8324682
.exe windows x86

767e991e9040f4978cce3e33aea73d87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetSystemTime
FreeLibraryAndExitThread
RemoveDirectoryA
CancelTimerQueueTimer
CreateMailslotW
ChangeTimerQueueTimer
CloseHandle
WriteProfileStringA
IsValidCodePage
GetExitCodeThread
GetModuleHandleW
ReadDirectoryChangesW
GetPrivateProfileSectionNamesW
QueryInformationJobObject
SetFileAttributesW
UnregisterWait
HeapCreate
SetFileAttributesA
LoadLibraryW
CallNamedPipeA
GetProfileIntA
WriteProfileSectionA
DeleteTimerQueue
InterlockedFlushSList
GetLastError
DeleteFileA
GetShortPathNameA
ConsoleMenuControl
CreateNamedPipeA
GetCommandLineA
SetCurrentDirectoryA
GetTempPathW

msrating

RatingCustomSetUserOptions
RatingCustomSetDefaultBureau
RatingCustomCrackData
RatingObtainQuery
RatingCheckUserAccess
RatingFreeDetails
RatingCustomInit
ClickedOnRAT
RatingCustomAddRatingHelper

user32

EndDialog

t2embed

TTGetEmbeddingType
TTEmbedFontEx
_TTIsEmbeddingEnabledForFacename@8
TTLoadEmbeddedFont
TTGetNewFontName
TTEmbedFont
TTDeleteEmbeddedFont
_TTEmbedFontFromFileA@52
TTEmbedFontFromFileA
TTIsEmbeddingEnabled
_TTEmbedFont@44
_TTGetEmbeddedFontInfo@28
TTGetEmbeddedFontInfo
_TTEnableEmbeddingForFacename@8
_TTIsEmbeddingEnabled@8
TTCharToUnicode
TTIsEmbeddingEnabledForFacename
TTRunValidationTestsEx
TTRunValidationTests
_TTGetEmbeddingType@8
_TTCharToUnicode@24
_TTLoadEmbeddedFont@40
_TTRunValidationTests@8
TTEnableEmbeddingForFacename
_TTDeleteEmbeddedFont@12

gdi32

GetTextCharsetInfo
XLATEOBJ_piVector
RemoveFontMemResourceEx
ExtEscape
GetKerningPairsA
GdiConvertMetaFilePict
GdiAlphaBlend
CreatePolygonRgn
XFORMOBJ_iGetXform
GdiPlayScript
EnumFontFamiliesExW
GdiAddGlsRecord

msvcrt

towlower
_getch
__set_app_type
_cwprintf
_chdrive
exit
__p___argc
_y0
_rmdir
__crtCompareStringW
_environ
_set_SSE2_enable
??8type_info@@QBEHABV0@@Z
wcstol
_execl
__p__fmode
_ultoa
_wctime64
__p__commode
__getmainargs
$I10_OUTPUT

Sections

.text
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 174KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

767e991e9040f4978cce3e33aea73d87

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msrating

user32

t2embed

gdi32

msvcrt

Sections

.text Size: 386KB - Virtual size: 385KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 174KB - Virtual size: 1.7MB

.rsrc Size: 184KB - Virtual size: 183KB

.reloc Size: 1024B - Virtual size: 868B

.text
Size: 386KB - Virtual size: 385KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 174KB - Virtual size: 1.7MB

.rsrc
Size: 184KB - Virtual size: 183KB

.reloc
Size: 1024B - Virtual size: 868B