d45137dd5a6c0e7fb0290837fcfdcc9c6721ca7d488e61dfd2d553661b8345c1

Sharing

Copy URL Twitter E-mail

General

Target

d45137dd5a6c0e7fb0290837fcfdcc9c6721ca7d488e61dfd2d553661b8345c1
Size

600KB
MD5

009443658a2a50b5d8809cff57f431ca
SHA1

302c39f03518adcbecd660e9c29eafc9f3b91b26
SHA256

d45137dd5a6c0e7fb0290837fcfdcc9c6721ca7d488e61dfd2d553661b8345c1
SHA512

c745e3e4342959a3d9dec35d18da00f2263f63828b5f4dccc31e2bc32719def425111b40556528dd5a3756b2b029e2ccfd032a7b43b58393a13819c0c2733bfc
SSDEEP

12288:OL8Ue3KWxFKE/qYNUkelHycygJ5i07wX39KLWK9:9DpLb/q64h3bh+39Ra

Score

N/A

Malware Config

Signatures

Files

d45137dd5a6c0e7fb0290837fcfdcc9c6721ca7d488e61dfd2d553661b8345c1
.exe windows x86

f06925608b59fd7bb1a4d026e5f1b1cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasExesW
LoadLibraryA
GetVersion
VirtualAlloc
Module32Next
WriteProfileSectionA
CreateToolhelp32Snapshot
GetLocalTime
TryEnterCriticalSection
OpenProcess
GetConsoleMode
SleepEx
ExpungeConsoleCommandHistoryW
GlobalSize
GetDefaultCommConfigW
VerLanguageNameW
SetInformationJobObject
SetProcessShutdownParameters
SetTapePosition
HeapSize
RaiseException
CloseProfileUserMapping
CreatePipe
GetHandleInformation
CreateMailslotW
SetConsoleCursorInfo
SetConsoleActiveScreenBuffer
GetStringTypeA
GlobalHandle
GetConsoleCommandHistoryA
GetDiskFreeSpaceW
ReplaceFile
EnumSystemCodePagesA
GetStartupInfoA
GetPrivateProfileIntA
GetBinaryTypeA
AddConsoleAliasA
GetSystemTime
OpenFileMappingA
EnumTimeFormatsW
GetModuleHandleA
GetCurrentProcessId
HeapReAlloc
WritePrivateProfileSectionW
BeginUpdateResourceA
MoveFileExW
OpenJobObjectA
InitializeCriticalSection
CreateEventA
SetConsoleMaximumWindowSize
FlushConsoleInputBuffer
EnumDateFormatsExW
WritePrivateProfileStructW
GetTempFileNameA
IsValidLocale
CmdBatNotification
GetProcAddress
EnumResourceLanguagesW
lstrcatW
ReadFileScatter
GlobalCompact

user32

ToUnicodeEx
GetShellWindow
CharLowerBuffW
ChangeMenuA
OemToCharBuffW
ScrollDC
ModifyMenuW
GetMessageTime
GetNextDlgGroupItem
ShowScrollBar
DragDetect
GetScrollInfo
DefFrameProcW
CreateDialogIndirectParamW
GetTabbedTextExtentA
GetProcessDefaultLayout
DestroyCursor
SetKeyboardState
SetWindowsHookExW
SetProcessDefaultLayout
DdeConnectList
GetOpenClipboardWindow
LoadBitmapW
SetWindowTextW
TrackMouseEvent
DlgDirListComboBoxA
DdeDisconnectList
GetScrollBarInfo
GetLastInputInfo
PostMessageW
EnumWindowStationsW
EndMenu
DialogBoxParamW
SendMessageCallbackA
EndDialog
ClipCursor
RealGetWindowClassW
EnumWindows
RegisterClassA
GetMessageA
ShowWindow
SetWindowTextA
RealChildWindowFromPoint
EnumClipboardFormats
BringWindowToTop
LoadIconW
AppendMenuW
IsDialogMessageW

gdi32

FloodFill
ModifyWorldTransform
GetEnhMetaFilePixelFormat
SetViewportOrgEx
PlayEnhMetaFileRecord
GetGlyphOutlineA
SelectBrushLocal
LineTo
GetClipBox
ExtTextOutA
GdiEndPageEMF
GdiResetDCEMF
SetWindowExtEx
SetDeviceGammaRamp
GetDeviceGammaRamp
GetMetaFileBitsEx
GetICMProfileA
GetCharWidthA
GetArcDirection
GdiGetSpoolFileHandle
TextOutW
CopyMetaFileA
CreateEllipticRgn
GetTextExtentPointW
EnumObjects
GetNearestPaletteIndex
CreateDIBPatternBrush
SwapBuffers
CreateRectRgn
CreateDCW
CreateRoundRectRgn

advapi32

GetNamedSecurityInfoExW
SystemFunction025
LsaQueryTrustedDomainInfoByName
LookupAccountSidW
FreeSid
SystemFunction018
GetTrusteeNameA
SystemFunction012
DecryptFileA
GetSecurityDescriptorOwner
LsaQueryTrustedDomainInfo
ElfBackupEventLogFileW
CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetFileSecurityW
GetSidLengthRequired
SetFileSecurityA
OpenSCManagerW
ElfClearEventLogFileA
CryptAcquireContextW
SetServiceStatus
CryptSetProvParam
SystemFunction028
CryptCreateHash
ImpersonateSelf
AreAnyAccessesGranted
LsaOpenPolicy
GetSecurityInfo
I_ScSetServiceBitsW
RegSaveKeyW
LsaQuerySecurityObject
CryptGenKey
OpenBackupEventLogA
SystemFunction032
RegRestoreKeyW
ImpersonateLoggedOnUser
LsaOpenAccount
SetEntriesInAccessListA
CloseEventLog
BuildSecurityDescriptorA
GetNamedSecurityInfoA
GetEffectiveRightsFromAclW
SetNamedSecurityInfoExA
DecryptFileW
LsaSetSecurityObject
LookupAccountNameW
GetCurrentHwProfileA
RegCloseKey
LookupSecurityDescriptorPartsA
BuildExplicitAccessWithNameA
ConvertSecurityDescriptorToAccessNamedW
DeleteAce
SetKernelObjectSecurity
GetMultipleTrusteeOperationW
SystemFunction005
ElfOpenBackupEventLogW
GetMultipleTrusteeA
StartServiceW
OpenEventLogA
GetAuditedPermissionsFromAclA
SystemFunction008
CryptGetKeyParam
GetKernelObjectSecurity
PrivilegedServiceAuditAlarmW
SystemFunction016
CryptDeriveKey
CryptVerifySignatureA
LogonUserA
GetExplicitEntriesFromAclA
AreAllAccessesGranted
InitializeSid
GetSecurityDescriptorControl
SetEntriesInAccessListW
LsaOpenTrustedDomain
LsaSetInformationPolicy
ElfRegisterEventSourceW
IsTextUnicode
CreateProcessAsUserA
GetAccessPermissionsForObjectW
GetTrusteeNameW
SetSecurityDescriptorGroup
FileEncryptionStatusW
QueryServiceStatus
SystemFunction029
ElfCloseEventLog
ElfClearEventLogFileW
CryptSetProviderW
LockServiceDatabase
SystemFunction015
RegisterServiceCtrlHandlerA

winmm

mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
mmioCreateChunk
joySetThreshold
aux32Message
sndPlaySoundA
waveInGetDevCapsW
midiConnect
mciGetErrorStringW
mmTaskBlock
midiOutLongMsg
mixerGetDevCapsA
joyGetThreshold
mmioInstallIOProcW
OpenDriver
waveOutPause
auxSetVolume
joyGetPos
mciGetDeviceIDA
mmioAscend
mciSendStringW
timeBeginPeriod
mciGetErrorStringA
midiInGetDevCapsA
CloseDriver
mixerGetLineControlsW
joyConfigChanged
waveInStop
waveInGetDevCapsA
NotifyCallbackData
midiOutGetErrorTextW
waveOutReset
waveInGetPosition
waveOutGetErrorTextA
joyGetPosEx
auxGetDevCapsA
waveInMessage
mmioSendMessage
mixerGetLineInfoW
waveInGetErrorTextA
mxd32Message
mod32Message
mciGetYieldProc
mci32Message
midiOutGetDevCapsW
sndPlaySoundW
mixerGetNumDevs
mmioGetInfo
midiOutGetDevCapsA
DriverCallback
wod32Message
midiOutSetVolume
mmioStringToFOURCCA
mixerGetLineInfoA
waveOutGetPitch
mmTaskCreate
mmioFlush
mixerGetLineControlsA
midiOutCacheDrumPatches
PlaySoundA
mmTaskSignal
waveOutBreakLoop
waveOutUnprepareHeader
mciGetDeviceIDFromElementIDA
SendDriverMessage
waveOutSetVolume
waveOutPrepareHeader
mciGetDriverData
midiInMessage
waveOutGetPlaybackRate
mciDriverYield
mixerGetControlDetailsA
timeGetDevCaps
midiInGetErrorTextA
midiOutShortMsg
midiInStop
waveOutMessage
midiInGetDevCapsW
tid32Message
mciFreeCommandResource
joyGetNumDevs
midiOutGetVolume
waveInClose
midiInPrepareHeader
timeGetSystemTime
midiStreamPause
midiStreamOpen
waveOutGetErrorTextW
midiOutClose
midiOutReset
midiInReset
timeEndPeriod
mciSetDriverData
waveOutRestart
mixerOpen
mixerGetControlDetailsW

winspool.drv

DeletePrinterConnectionW
EndDocPrinter
SpoolerPrinterEvent
DocumentEvent
DocumentPropertiesW
ord214
ord103
SetPortA
DeletePrintProvidorW
EnumJobsA
ConnectToPrinterDlg
SetFormA
GetPrinterDriverDirectoryW
DeletePrinterDriverA
DeletePrinterDataExW
AddPortExW
DeletePrinterDriverExW
AddPortA
GetPrinterDataA
PrinterProperties
SplDriverUnloadComplete
AddPrinterW
AddPrintProcessorA
CloseSpoolFileHandle
EnumFormsW
EnumPrinterKeyW
AbortPrinter
AddFormW
SetJobA
SetPrinterDataW
AddMonitorW
GetPrinterDataExA
ord201
AddPrinterA
DEVICECAPABILITIES
ord256
ord207
QueryColorProfile
EnumPrinterDataW
EnumPrintProcessorDatatypesA
DeletePrinterDataExA
DevQueryPrint
DeletePrinterKeyA
GetPrinterDataW
ord202
ConfigurePortA
EnumFormsA
GetFormW
DeletePrinterDataA
DeletePrintProcessorW
DeleteFormA
DeviceCapabilitiesW
DeletePrinterConnectionA
StartDocPrinterA
EnumPrintProcessorsA
SeekPrinter
FindFirstPrinterChangeNotification
SetPrinterDataExW
ResetPrinterA
ord102
AddPrintProvidorA
WritePrinter
AddPrintProcessorW
EnumPrintersA
ReadPrinter
ord205
EnumMonitorsA
EndPagePrinter
EXTDEVICEMODE
AdvancedSetupDialog
SetPortW
AddFormA
AddPrinterConnectionA
DEVICEMODE
AddJobA
DeletePrinter
EnumPrintersW
GetSpoolFileHandle
AddPrinterDriverW
AdvancedDocumentPropertiesA
ord101
ord213
WaitForPrinterChange
CreatePrinterIC
SetJobW
AddPrinterDriverA
EnumPrintProcessorsW
ADVANCEDSETUPDIALOG
SetFormW
PrinterMessageBoxA
DeleteMonitorA
AddPortExA
GetPrinterDriverDirectoryA
DocumentPropertySheets
CommitSpoolData
SetPrinterW
ord209
ConvertAnsiDevModeToUnicodeDevmode
ConvertUnicodeDevModeToAnsiDevmode

msvcrt

__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_mbslen
_mbsspn
_mbsnbicmp
_mbsnicmp
_mbclen
_fileinfo
_wfreopen
strcspn
fsetpos
_wspawnv
wcscmp
_mbsnbcoll
fwprintf
_wsplitpath
_setmode
_cgets
_fgetwchar
_utime
_execvpe
_wcsupr
ftell
_fmode
__p___winitenv
fprintf
ldiv
_mbsncpy
isalnum
_unlink
_mbsnbcnt
_purecall
sin
_wcreat
_ismbstrail
_mbctype
_ismbcdigit
_lock
_wpgmptr
ferror
_loaddll
exp
strncmp
atexit
_set_sbh_threshold
fseek
_spawnl
_beginthread
ungetwc
_creat
_mbsstr
_rmdir
printf
tanh
atan2
_adj_fprem1
wcscat
_toupper
strspn
$I10_OUTPUT
qsort
clock
_wspawnlpe
_wstati64
_wmkdir
__STRINGTOLD
feof
_cexit
_inp
strtok
_EH_prolog
iswalnum
_i64tow
_chmod
_wcmdln
malloc
perror
fputs
_amsg_exit
_ungetch
_onexit
_CIsin
_wcsncoll
_getdcwd
iswcntrl
_wexecl
_open
_heapset
_gcvt
_mbctombb
getenv
fread
getwc
_read
memset
_tell
_lrotl
__p__winminor
_chdir
sprintf
fclose
_expand
_chgsign
__p__winmajor
_ismbbprint
_pclose
fabs
_adj_fdivr_m32
fwrite
atan
fputc
fopen

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 540KB - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f06925608b59fd7bb1a4d026e5f1b1cc

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

winmm

winspool.drv

msvcrt

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 540KB - Virtual size: 539KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 540KB - Virtual size: 539KB