5a309ac62c78c563b4ee09901bac05968947086006dc18422652241aa27147cb

Sharing

Copy URL Twitter E-mail

General

Target

5a309ac62c78c563b4ee09901bac05968947086006dc18422652241aa27147cb
Size

592KB
MD5

0c90139137205469c38178dc68a46e4b
SHA1

d26741dac5b7ee7f9312f34a664c3b2bc0cd18a6
SHA256

5a309ac62c78c563b4ee09901bac05968947086006dc18422652241aa27147cb
SHA512

5c2c69ea522f663c68de86ce94a8af97ca769ddfb4cef2268a896dabbd968b2ee66ffda7d431d49ee195d745cafbe88b65a510ccdab82b875cb2954ce6608cc6
SSDEEP

12288:EUQtTSnpqWMlIOCHFwi4m3UnOXgmXFl/JMgM+xHUU:TqSnpqliiO13RMggU

Score

N/A

Malware Config

Signatures

Files

5a309ac62c78c563b4ee09901bac05968947086006dc18422652241aa27147cb
.exe windows x86

d065054a778d934e484415bd3ebcdf09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
VirtualAlloc
GetModuleHandleA
IsValidLocale
OpenEventA
AllocConsole
Heap32Next
CancelIo
IsBadHugeReadPtr
SetConsoleInputExeNameA
GetProcAddress
PeekConsoleInputW
GetVersionExA
LoadLibraryA
GetSystemTime
UnlockFile
CreateSemaphoreA
DuplicateHandle
GetFileAttributesA
ExitProcess
GetTimeFormatA
UnlockFileEx
FindFirstVolumeMountPointW
FreeLibrary
GetHandleInformation
GetFileAttributesW
GetLocalTime
DefineDosDeviceA
IsBadHugeWritePtr
InitializeCriticalSectionAndSpinCount
GetFileSize
SetLocalTime
EnumResourceTypesA
EnumResourceNamesW
GlobalGetAtomNameA
GetCommModemStatus
GetPrivateProfileIntW

shell32

StrRChrIA
StrStrIA

shlwapi

PathRemoveArgsA
PathCanonicalizeA
PathIsPrefixA
PathFindFileNameW
UrlGetLocationW
StrSpnA
SHRegSetUSValueW
SHGetValueA
SHRegCreateUSKeyW
UrlGetPartA
PathIsPrefixW
PathAppendA
SHRegWriteUSValueA
UrlIsA
PathFileExistsW
StrIsIntlEqualW
SHRegWriteUSValueW
PathIsSameRootW
ChrCmpIA
PathStripToRootA
PathFindOnPathW
PathUnmakeSystemFolderA
SHDeleteEmptyKeyA

winspool.drv

CommitSpoolData
ord208
DocumentPropertySheets
ADVANCEDSETUPDIALOG
EnumMonitorsA
PlayGdiScriptOnPrinterIC
StartDocDlgW
DeletePrinterDataA
ord213
DeletePrinterIC
OpenPrinterA
ord215
DeletePrinterConnectionW
ord201
GetFormW
SetPrinterDataW
EnumPrinterDataExA
DocumentPropertiesA
ord102
DeviceMode
DeletePrintProvidorW
SetFormW
SpoolerPrinterEvent
ReadPrinter
EnumPortsA
StartDocPrinterA
EndDocPrinter
CloseSpoolFileHandle
AddPrintProvidorA
AddPrintProcessorA
AddPrintProcessorW
DevQueryPrint
GetPrinterDriverDirectoryW
DeleteMonitorW
SetJobA

msvcrt

rewind
_wstat
ferror
fseek
fclose
fopen
ftell
fprintf
fputc
sprintf
memset
fputs
fsetpos
fwrite
_strrev
feof
fwprintf
fread
_unlink
strcmp
printf

Sections

.text
Size: 576KB - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d065054a778d934e484415bd3ebcdf09

Headers

File Characteristics

Imports

kernel32

shell32

shlwapi

winspool.drv

msvcrt

Sections

.text Size: 576KB - Virtual size: 574KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 7KB

.text
Size: 576KB - Virtual size: 574KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 7KB