4c6f05c61075e3471b8a83cfd3aefed3ca1dfa2112a278a965ba423f2e9695f5

Sharing

Copy URL Twitter E-mail

General

Target

4c6f05c61075e3471b8a83cfd3aefed3ca1dfa2112a278a965ba423f2e9695f5
Size

825KB
MD5

133ca5d6e025359fde03e8fc7a23e869
SHA1

9638ea8ad8847e8f5e0b2d791f03023869f9ff0b
SHA256

4c6f05c61075e3471b8a83cfd3aefed3ca1dfa2112a278a965ba423f2e9695f5
SHA512

f6b887e7fba768e3ac8667f65257143fc991286b61446c5ea04c4a37fc5d0bfb52b1f679f703ca0db165e7ae1365666a3573685ff2328a3d8aa42622c6a1fda9
SSDEEP

12288:DdnXA8Ww+amtB2cFP+xmFGeWCbymmbyiPNutJAJuFpIGWYksYz5n4G:Jn/+amtB27xmFWCWtbyi8KuFp6

Score

N/A

Malware Config

Signatures

Files

4c6f05c61075e3471b8a83cfd3aefed3ca1dfa2112a278a965ba423f2e9695f5
.exe windows x86

29361818a3e593f83e1e2b08d3af446a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetNamedPipeHandleState
LoadLibraryW
SetConsolePalette
LeaveCriticalSection
IsBadStringPtrW
GetLocaleInfoW
GetProcessAffinityMask
UnregisterConsoleIME
DelayLoadFailureHook
SetClientTimeZoneInformation
FindActCtxSectionStringW
QueryDepthSList
FreeResource
GetPrivateProfileSectionW
QueryPerformanceCounter
WriteFileEx
GetModuleHandleW
LZDone
CancelDeviceWakeupRequest
GetCurrentThread
FindFirstVolumeA

ntdll

NtAdjustGroupsToken
RtlIsDosDeviceName_U
ZwSetVolumeInformationFile
ZwQueryInformationThread
NtSetBootOptions
NtStartProfile
NtQueryTimerResolution
NtWaitForKeyedEvent
NtOpenObjectAuditAlarm
ZwIsSystemResumeAutomatic
ZwFlushBuffersFile
qsort
ZwPrivilegeCheck
ZwSaveKeyEx

usp10

ScriptLayout
ScriptString_pSize
ScriptApplyDigitSubstitution
ScriptCPtoX
ScriptStringGetOrder
UspAllocCache
ScriptCacheGetHeight
ScriptItemize
ScriptTextOut
ScriptXtoCP
ScriptFreeCache
ScriptStringCPtoX
ScriptStringGetLogicalWidths
ScriptString_pLogAttr
ScriptStringAnalyse
ScriptGetCMap
ScriptBreak
ScriptPlace
ScriptGetProperties

softpub

SoftpubLoadMessage
SoftpubDefCertInit
SoftpubInitialize
DriverInitializePolicy
SoftpubCleanup
DllRegisterServer
SoftpubAuthenticode
HTTPSCertificateTrust
OpenPersonalTrustDBDialog
SoftpubLoadDefUsageCallData
AddPersonalTrustDBPages

gdi32

MaskBlt
OffsetRgn
GdiSwapBuffers
FillRgn
SetBoundsRect
DdEntry56
FONTOBJ_pQueryGlyphAttrs
AbortDoc
GdiEntry8
CreateEllipticRgnIndirect
GetHFONT
GdiGetDevmodeForPage
WidenPath
GetTextExtentPointA
GdiFullscreenControl
GetEnhMetaFileDescriptionA
EngStretchBlt
DdEntry9
Polygon
EnumFontFamiliesW

samlib

SamiSetDSRMPassword
SamiSetDSRMPasswordOWF
SamGetGroupsForUser
SamiSetBootKeyInformation
SamEnumerateAliasesInDomain
SamConnect
SamCreateUser2InDomain
SamOpenDomain
SamEnumerateGroupsInDomain
SamiLmChangePasswordUser
SamSetInformationUser
SamChangePasswordUser2
SamLookupDomainInSamServer

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29361818a3e593f83e1e2b08d3af446a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

usp10

softpub

gdi32

samlib

Sections

.text Size: 371KB - Virtual size: 371KB

.rdata Size: 105KB - Virtual size: 105KB

.data Size: 181KB - Virtual size: 1.6MB

.rsrc Size: 165KB - Virtual size: 165KB

.reloc Size: 1024B - Virtual size: 816B

.text
Size: 371KB - Virtual size: 371KB

.rdata
Size: 105KB - Virtual size: 105KB

.data
Size: 181KB - Virtual size: 1.6MB

.rsrc
Size: 165KB - Virtual size: 165KB

.reloc
Size: 1024B - Virtual size: 816B