43c6a2000cfbe9b8dbe4006ad8df332b8243d774b3d626a27342b6a92cfc7ccc

Sharing

Copy URL

Twitter E-mail

General

Target

43c6a2000cfbe9b8dbe4006ad8df332b8243d774b3d626a27342b6a92cfc7ccc
Size

263KB
MD5

30292c9d6f9b06fb59738502c07a4ec0
SHA1

9d7f4895d2e972626d94c3c930939c0b057ffe34
SHA256

43c6a2000cfbe9b8dbe4006ad8df332b8243d774b3d626a27342b6a92cfc7ccc
SHA512

26de10aa81d16df54f0f8091d385e6c5c9aae86e970a841f254596c750e4eeb3ede9717bd2a99e49ee752ba2554ec43f5f14fc6e34d57439c98d14b5cfa66b57
SSDEEP

6144:QGnvdQ9eg/RDM9gIpgYYrPaZDK90Pqgh:tnxkpn3kDm0P

Score

N/A

Malware Config

Signatures

Files

43c6a2000cfbe9b8dbe4006ad8df332b8243d774b3d626a27342b6a92cfc7ccc
.exe windows x86

61ae2142b7a19e30d0ca6759e616ac85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrRetToStrW

userenv

UnloadUserProfile

shell32

SHGetDesktopFolder
SHGetMalloc

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
GetTokenInformation
EqualSid
RegCloseKey
OpenThreadToken
IsValidSid
OpenProcessToken
CopySid
RegQueryValueExW
RegEnumValueW
GetLengthSid
RegEnumKeyExW

user32

CharUpperBuffW
UnregisterClassA
wsprintfW

kernel32

FormatMessageW
HeapSize
GetDriveTypeW
SetThreadLocale
DeleteCriticalSection
GetSystemTimeAsFileTime
IsDebuggerPresent
GetCurrentThreadId
SetLastError
HeapFree
GetLogicalDrives
GetProcessHeap
FindFirstVolumeMountPointW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
FindVolumeMountPointClose
HeapDestroy
RaiseException
LeaveCriticalSection
CloseHandle
GetThreadLocale
lstrlenW
GetModuleHandleW
FindNextVolumeMountPointW
GetVolumeNameForVolumeMountPointW
EnterCriticalSection
GetACP
ExpandEnvironmentStringsW
HeapReAlloc
GetLogicalDriveStringsW
QueryDosDeviceW
CreateThread
VirtualAllocEx

oleaut32

SafeArrayCreate
SysAllocStringByteLen
LoadRegTypeLi
VariantCopyInd
SysFreeString
VarBstrCmp
VariantClear
VariantInit
SysStringByteLen
SafeArrayGetUBound
SafeArrayDestroy
VariantCopy
SafeArrayLock
SafeArrayCopy
SysStringLen
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayUnlock
SysAllocStringLen
SysAllocString
SafeArrayRedim
VarBstrCat
LoadTypeLi

ole32

CoGetCallContext
CoCreateInstance
CoImpersonateClient
CoRevertToSelf

winspool.drv

OpenPrinterW
AddJobW
DeletePrintProvidorW
FindFirstPrinterChangeNotification
SpoolerPrinterEvent
DocumentPropertySheets
AddJobA
GetPrinterA
AddFormW
EnumJobsA
GetPrinterDriverDirectoryW
PrinterMessageBoxA
DeletePrintProcessorA
EnumPrinterDataW
QueryRemoteFonts
AddPortExW
EnumPrintProcessorDatatypesW
DeletePortW
PlayGdiScriptOnPrinterIC
AddPortW
EnumJobsW
SetPortA
SetPrinterA
DeletePrintProcessorW
FindClosePrinterChangeNotification

kbddv

KbdLayerDescriptor

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DHwAY
Size: 1024B - Virtual size: 962B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xSqaes
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qkclmo
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MFLP
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.OZrwBK
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LGEdYRU
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AIXS
Size: 1024B - Virtual size: 1013B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kcKMIr
Size: 109KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zKfPB
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wnRG
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61ae2142b7a19e30d0ca6759e616ac85

Headers

File Characteristics

Imports

shlwapi

userenv

shell32

advapi32

user32

kernel32

oleaut32

ole32

winspool.drv

kbddv

Sections

.text Size: 20KB - Virtual size: 20KB

.DHwAY Size: 1024B - Virtual size: 962B

.xSqaes Size: 3KB - Virtual size: 2KB

.qkclmo Size: 1KB - Virtual size: 1KB

.MFLP Size: 2KB - Virtual size: 1KB

.OZrwBK Size: 2KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 2KB

.LGEdYRU Size: 3KB - Virtual size: 2KB

.AIXS Size: 1024B - Virtual size: 1013B

.kcKMIr Size: 109KB - Virtual size: 808KB

.data Size: 110KB - Virtual size: 620KB

.rsrc Size: 2KB - Virtual size: 1KB

.zKfPB Size: 2KB - Virtual size: 2KB

.wnRG Size: 1024B - Virtual size: 942B

.text
Size: 20KB - Virtual size: 20KB

.DHwAY
Size: 1024B - Virtual size: 962B

.xSqaes
Size: 3KB - Virtual size: 2KB

.qkclmo
Size: 1KB - Virtual size: 1KB

.MFLP
Size: 2KB - Virtual size: 1KB

.OZrwBK
Size: 2KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 2KB

.LGEdYRU
Size: 3KB - Virtual size: 2KB

.AIXS
Size: 1024B - Virtual size: 1013B

.kcKMIr
Size: 109KB - Virtual size: 808KB

.data
Size: 110KB - Virtual size: 620KB

.rsrc
Size: 2KB - Virtual size: 1KB

.zKfPB
Size: 2KB - Virtual size: 2KB

.wnRG
Size: 1024B - Virtual size: 942B