29aa49890b947462e6d693d58537e7d233622b39759a4a0aa40dab523f6ababe

Sharing

Copy URL

Twitter E-mail

General

Target

29aa49890b947462e6d693d58537e7d233622b39759a4a0aa40dab523f6ababe
Size

164KB
MD5

2d55db7cc71a0186d8926638978d8900
SHA1

39125e4b15bede77e7c5b991b3353f65d6e952e3
SHA256

29aa49890b947462e6d693d58537e7d233622b39759a4a0aa40dab523f6ababe
SHA512

56f4466557c1e30e6e598e714e740e5bba8146728c05de442d439706c3afc3cac8f826a685145ca9b44793680b4a617b3e6e406aa960e1c39974e7698c40224e
SSDEEP

3072:vBGftSK6Q7P66jpeR+30HEgLGxXfo3vlEJ405AyvzQvx8/37OAi6F/pB6Q+AcoT:sFdT5jpR30HEgyXMv+J40+wz5F/yQ+s

Score

N/A

Malware Config

Signatures

Files

29aa49890b947462e6d693d58537e7d233622b39759a4a0aa40dab523f6ababe
.exe windows x86

ed1b695eca366ec8630f8ce54aee1cc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleInputExeNameA
CreateDirectoryExA
GetProcessVersion
SetConsoleCP
SetComputerNameExA
LoadLibraryW
GetVolumeNameForVolumeMountPointW
GetFileSize
GetModuleHandleW
IsValidCodePage
SetConsoleNumberOfCommandsA
GetComputerNameExW
GetCurrentThread
GetCurrentThreadId
RemoveDirectoryW
WritePrivateProfileStructW
SetDefaultCommConfigW
MoveFileWithProgressW

atmlib

ATMGetMenuNameA
ATMEnumFonts
ATMFontAvailable
ATMBeginFontChange
ATMSetFlags
ATMGetPostScriptName
ATMGetOutlineA
ATMXYShowText
ATMEnumMMFontsA
ATMGetNtmFieldsW
ATMGetMenuName
ATMInstallSubstFontA

mapistub

MAPIFreeBuffer
__CPPValidateParameters@8
MapStorageSCode@4
HrGetOneProp@12
ScCopyNotifications@16
MNLS_IsBadStringPtrW@8
UFromSz@4
cmc_query_configuration
MNLS_MultiByteToWideChar@24
GetTnefStreamCodepage@12
WrapCompressedRTFStream
MNLS_CompareStringW@24
MAPIResolveName
MAPILogoff
UNKOBJ_ScAllocateMore@16
MAPISaveMail
MAPIDetails
HrSzFromEntryID@12
UNKOBJ_ScAllocate@12
ScMAPIXFromCMC
cmc_send
MAPIAllocateBuffer
CreateIProp@24
MAPIInitIdle@4
HrThisThreadAdviseSink@8
FDecodeID@12

crtdll

fopen
_mbsicmp
difftime
_execle
_strset
_baseminor_dll
_strdup
_chdir
_mbslwr
_clearfp
_osmajor_dll
??3@YAXPAX@Z
_iob
_ismbcprint
isupper
_timezone_dll
iswpunct
__mb_cur_max_dll
_splitpath
_loaddll
_getw
wcstod
iswalnum
_acmdln_dll
strspn

oleaut32

VarI1FromUI4
VarDiv
VariantCopyInd
VarI2FromUI4
VarUI1FromDec
VarDateFromCy
SafeArrayCopy
BSTR_UserFree
VarDateFromI4

raschap

RasEapGetInfo
RasCpEnumProtocolIds
RasCpGetInfo

hid

HidD_Hello
HidD_GetConfiguration
HidP_SetUsages
HidD_SetNumInputBuffers
HidP_SetScaledUsageValue
HidD_FlushQueue
HidP_GetSpecificButtonCaps
HidP_GetUsageValueArray
HidD_GetSerialNumberString
HidD_GetMsGenreDescriptor
HidD_GetProductString
HidD_GetInputReport

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed1b695eca366ec8630f8ce54aee1cc7

Headers

File Characteristics

Imports

kernel32

atmlib

mapistub

crtdll

oleaut32

raschap

hid

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 32KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 924B

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 924B