86de054d7eb49a62d094fca08f131e0c3a9edfd9f74583be70c85f96147fc494

Sharing

Copy URL

Twitter E-mail

General

Target

86de054d7eb49a62d094fca08f131e0c3a9edfd9f74583be70c85f96147fc494
Size

245KB
MD5

0e88f45fcb35755c2405ae2faf571470
SHA1

6a0d8f89b1fb3f373c860ac418f3e9e91fca1611
SHA256

86de054d7eb49a62d094fca08f131e0c3a9edfd9f74583be70c85f96147fc494
SHA512

ee2762570e156a9b99cd3663e629164f5d057eef4400ff74eb2909b1f8d34f955ec548c22aa44ff01a4a0ea700e9e14104e608c484638b47a891a877c5a6fb04
SSDEEP

6144:sfMw3klY9mvDmxINPLWtZ0XJn8SI/we4:asgJxINPitZS8Sd

Score

N/A

Malware Config

Signatures

Files

86de054d7eb49a62d094fca08f131e0c3a9edfd9f74583be70c85f96147fc494
.exe windows x86

59dd96e87985a9e6541f682d885b4064

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
CloseHandle
OpenProcess
LoadLibraryA
CreateProcessW
GetEnvironmentStringsW
GetVersion
GetWindowsDirectoryW
LocalFree
CreateFileMappingW
CreateFileMappingA
OutputDebugStringA
GetTickCount
OutputDebugStringW
CreateThread
CreateNamedPipeW
TerminateThread
GetExitCodeThread
WaitForSingleObject
WriteFile
FlushFileBuffers
HeapFree
HeapAlloc
GetProcessHeap
DisconnectNamedPipe
Sleep
ConnectNamedPipe
PeekNamedPipe
ReadFile
LoadLibraryW
WinExec
CreateFileW
WaitNamedPipeW
IsBadWritePtr
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
DebugBreak
CreateFileA
WriteConsoleW
GetModuleHandleW
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetProcAddress
GetThreadLocale
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
InterlockedDecrement
lstrlenW
lstrlenA
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
RaiseException
GetCurrentThreadId
SetLastError
GetModuleFileNameW
GetVersionExW
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
HeapReAlloc
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetLastError
GetConsoleOutputCP
InterlockedCompareExchange

user32

DefWindowProcW
DestroyWindow
CreateWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SetWindowLongW
GetDesktopWindow
SetMenuItemInfoW
ShowWindow
LoadStringW
GetClassInfoExW
LoadCursorW
wvsprintfW
LoadMenuW
UnregisterClassA
GetMenuItemCount
GetMenuItemInfoW
GetCursorPos
GetSubMenu
SetForegroundWindow
TrackPopupMenuEx
DestroyMenu
GetSystemMetrics
LoadImageW
CallWindowProcW
GetWindowLongW
IsWindow
SetTimer
PostMessageW
PostQuitMessage
RegisterWindowMessageW
CharNextW
RegisterClassExW

winspool.drv

OpenPrinterW
GetPrinterW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
DuplicateTokenEx
GetLengthSid
SetTokenInformation
OpenProcessToken
ImpersonateLoggedOnUser
CreateProcessAsUserW
RevertToSelf
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

shell32

Shell_NotifyIconW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VarUI4FromStr
SysAllocStringLen
SysFreeString

shlwapi

PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathAddBackslashW
StrStrIW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx

gdiplus

GdiplusShutdown
GdiplusStartup

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

59dd96e87985a9e6541f682d885b4064

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 3KB - Virtual size: 2KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 3KB - Virtual size: 2KB

.rmnet
Size: 56KB - Virtual size: 60KB