2de252ad66a94083717ebaa5f944c609f10a93478583437a7d1cffc35c75f060

Sharing

Copy URL Twitter E-mail

General

Target

2de252ad66a94083717ebaa5f944c609f10a93478583437a7d1cffc35c75f060
Size

581KB
MD5

92a9c9f5d9aea693610b859441a4d6fe
SHA1

1bc3a2fa4e5c22ac9da586265a1938a681e0038e
SHA256

2de252ad66a94083717ebaa5f944c609f10a93478583437a7d1cffc35c75f060
SHA512

587ff74ff627b4f378cc42dee88a88b736a71fd2e32fbad0ad4fddf191f0ddf508b0ddd53e7cd1e8ac5c028eae2d1a061eee3ebaea9868fca95a2370e459e609
SSDEEP

12288:p+nqc3WmboXt6mstjnofQGCJeT/EMhtodPMW4F:p+nq9t6sffUeTBt80F

Score

N/A

Malware Config

Signatures

Files

2de252ad66a94083717ebaa5f944c609f10a93478583437a7d1cffc35c75f060
.exe windows x86

9b83a950634532cae60695d5c1377442

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
MapGenericMask
AccessCheck
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetThreadToken
OpenThreadToken

kernel32

InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
LoadLibraryExW
Sleep
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
CreateThread
CreateEventW
GetCurrentThreadId
SetEvent
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetModuleFileNameW
RtlCaptureStackBackTrace
HeapSetInformation
DeleteTimerQueueEx
RegisterWaitForSingleObject
UnregisterWaitEx
AddVectoredExceptionHandler
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetLastError
FlushFileBuffers
ReadFile
WriteFile
WaitForMultipleObjects
DebugBreak
SetFilePointerEx
CreateFileW
SetFilePointer
SetEndOfFile
GetFileAttributesW
GetSystemDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateSemaphoreW
QueueUserWorkItem
ResetEvent
ReleaseSemaphore
ExitProcess
GetCurrentThread
LocalFree
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
WideCharToMultiByte
InterlockedExchange
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WaitForSingleObject
CloseHandle
InitializeCriticalSectionAndSpinCount
CreateTimerQueue

user32

DispatchMessageW
TranslateMessage
GetMessageW
UnregisterClassA
PostThreadMessageW
CharNextW

msvcrt

_callnewh
??1exception@@UAE@XZ
??0exception@@QAE@XZ
memset
_purecall
__CxxFrameHandler3
wcsncpy_s
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
memcpy_s
free
malloc
_vsnwprintf
_vsnprintf
??1type_info@@UAE@XZ
_except_handler4_common
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
_controlfp
_wcsicmp
wcstoul
??0exception@@QAE@ABQBD@Z
memcpy
memmove_s
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
memchr
localeconv
strcspn
sprintf_s
_strtoi64
_strtoui64
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
setlocale
__crtGetStringTypeW
__crtLCMapStringW
__mb_cur_max
islower
tolower
isspace
abort
isdigit
isalnum
__uncaught_exception
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_ftol2
?terminate@@YAXXZ

oleaut32

SysFreeString
VarUI4FromStr
SysAllocStringLen
GetErrorInfo
VariantCopy
VariantClear
VariantInit
SysAllocString
SetErrorInfo

ole32

CoRevertToSelf
CoInitializeEx
CoImpersonateClient
CoSuspendClassObjects
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoGetObjectContext
IIDFromString
CreateStreamOnHGlobal
CoUninitialize
CoResumeClassObjects
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoTaskMemRealloc
CoRevokeClassObject

winspool.drv

SetJobW
EndDocPrinter
GetPrinterDriverDirectoryW
GetPrinterDataW
OpenPrinterW
GetPrinterW
StartDocPrinterW
EndPagePrinter
StartPagePrinter
ReadPrinter
DocumentPropertiesW
SeekPrinter
WritePrinter
ClosePrinter

ntdll

EtwEventWrite
RtlReportException
EtwEventEnabled
EtwEventUnregister
EtwEventRegister
EtwTraceMessage

prntvpt

ord9
ord4
ord2

xpssvcs

CreateReachPackageReceiver
CreateReachPackageSender

Sections

.text
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b83a950634532cae60695d5c1377442

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

oleaut32

ole32

winspool.drv

ntdll

prntvpt

xpssvcs

Sections

.text Size: 394KB - Virtual size: 393KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 35KB - Virtual size: 34KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 394KB - Virtual size: 393KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 35KB - Virtual size: 34KB

PACK
Size: 144KB - Virtual size: 380KB