38020280f7e96a83ffbeb13a56abff2eed75e708fd6b0a0f712d9638b1703cfc

Sharing

Copy URL Twitter E-mail

General

Target

38020280f7e96a83ffbeb13a56abff2eed75e708fd6b0a0f712d9638b1703cfc
Size

143KB
MD5

832ed9487497543f36639c5458e71ef0
SHA1

9ddb6f1c30a725dacdf152a76f4e35ce10853bba
SHA256

38020280f7e96a83ffbeb13a56abff2eed75e708fd6b0a0f712d9638b1703cfc
SHA512

6098f460dfd946ca05646cae97f16470a8e0be0029e8ba00be517d7ecf91a95d03ff171b48b910224c4ff5e9c2043859e855cb32a1d6b236b1cddfad793246bb
SSDEEP

3072:/6ByxPt+mVv/tACcGyHPk7Lg7MpqVpWsZsgwlNRV6Hi/lFEII:/6IlrVtgMEzwZYC/7a

Score

N/A

Malware Config

Signatures

Files

38020280f7e96a83ffbeb13a56abff2eed75e708fd6b0a0f712d9638b1703cfc
.exe windows x86

b771a17e2a94cac6f684a78fea2c96c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wpgmptr
_searchenv
__p__commode
putc
_wmkdir
ldiv
_commit
_splitpath
?set_terminate@@YAP6AXXZP6AXXZ@Z
_callnewh
_sopen
_set_error_mode
__getmainargs
_ismbcsymbol
__set_app_type
exit
_wfsopen
strrchr

lpk

LpkDllInitialize
LpkExtTextOut
LpkUseGDIWidthCache
LpkGetTextExtentExPoint
LpkPSMTextOut
LpkGetCharacterPlacement
ftsWordBreak
LpkEditControl
LpkTabbedTextOut
LpkDrawTextEx
LpkInitialize

kernel32

SetFilePointerEx
CreateToolhelp32Snapshot
DuplicateHandle
LoadLibraryA
EnumSystemLocalesA
GetStartupInfoW
SetVolumeLabelA
GetConsoleKeyboardLayoutNameA
HeapQueryInformation
RequestWakeupLatency
ConvertFiberToThread
InterlockedDecrement
WriteProfileStringA
GetACP

imagehlp

SymGetModuleInfoW
ImageGetDigestStream
FindFileInSearchPath
FindFileInPath
FindDebugInfoFileEx
SymEnumerateSymbols64
ImagehlpApiVersionEx
SymInitialize
SymEnumerateModules
ImageLoad
GetImageUnusedHeaderBytes
SymSetSearchPath
SymRegisterFunctionEntryCallback64
SymMatchFileName
SymGetLineFromName64
BindImageEx
RemovePrivateCvSymbolicEx

tcpmonui

??1CTcpMibABC@@UAE@XZ
??4CTcpMibABC@@QAEAAV0@ABV0@@Z
??_7CPortABC@@6B@
??_7CTcpMibABC@@6B@
??4CPortABC@@QAEAAV0@ABV0@@Z
??0CPortABC@@QAE@ABV0@@Z
??0CPortABC@@QAE@XZ
??1CPortABC@@UAE@XZ
InitializePrintMonitorUI
LocalConfigurePortUI
?Read@CPortABC@@UAEKQAXPAEKPAK@Z
??0CTcpMibABC@@QAE@ABV0@@Z
??0CTcpMibABC@@QAE@XZ
LocalAddPortUI

mssip32

CryptSIPGetSignedDataMsg
CryptSIPVerifyIndirectData
CryptSIPRemoveSignedDataMsg
CryptSIPPutSignedDataMsg
CryptSIPCreateIndirectData
CryptSIPGetInfo
CryptSIPGetRegWorkingFlags

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b771a17e2a94cac6f684a78fea2c96c6

Headers

File Characteristics

Imports

msvcrt

lpk

kernel32

imagehlp

tcpmonui

mssip32

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB