ddf344c0494777f98b3f4d5657e696b047bfd5c32387b5962f59b2ca5474263a

Sharing

Copy URL

Twitter E-mail

General

Target

ddf344c0494777f98b3f4d5657e696b047bfd5c32387b5962f59b2ca5474263a
Size

71KB
MD5

55cf167a2ef268307056654c244dca2c
SHA1

0635bf457b8b1fa95286008f1ed9e0c30d30f586
SHA256

ddf344c0494777f98b3f4d5657e696b047bfd5c32387b5962f59b2ca5474263a
SHA512

66c0ae8a71109d2795aa5b1fea47c7841da862ea7246eff5ef0d546abf1a08f39849aefd113dc133c641cc06323b9047fbd2f5ed0c4628368eeba61b28daeaf5
SSDEEP

1536:RMhPj/tPmv0h4MDQAgcDZ5LUAjiQZypOFsOuGNkPTcqPLPNe:Emv02NAgcHLbOQZKOpu6w4aPNe

Score

N/A

Malware Config

Signatures

Files

ddf344c0494777f98b3f4d5657e696b047bfd5c32387b5962f59b2ca5474263a
.zip
E-ZPass.exe
.exe windows x86

72c93e79ef105545d74694c0793bc15d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_UP_SYSTEM_ONLY

Imports

kernel32

InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
HeapCreate
GetModuleFileNameW
GetStdHandle
WriteFile
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
RtlUnwind
HeapSize
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapReAlloc
GetCurrentProcessId
LoadLibraryW
IsBadReadPtr
GetProcessHeap
GetModuleHandleW
GetModuleHandleA
ExitProcess
GetProcAddress
SetLastError
GetLastError
CreateProcessA
Sleep
EncodePointer
IsProcessorFeaturePresent

user32

MapVirtualKeyW
RealChildWindowFromPoint
MapDialogRect
SendDlgItemMessageA
GetMessageTime
TranslateAcceleratorW
WinHelpW
EndDeferWindowPos
FindWindowA
DestroyMenu
GetWindowDC
IsChild
UnregisterClassW
CheckMenuItem
EnumDisplayMonitors
RegisterClipboardFormatW
BeginDeferWindowPos
GetKeyNameTextW
FindWindowExW
AppendMenuA
ShowOwnedPopups
IsZoomed
GetLastActivePopup
SetMenuItemBitmaps
CopyImage
AttachThreadInput
GetMenuStringW
FindWindowExA
FindWindowW
GetMenuCheckMarkDimensions
GetClassLongW
GetForegroundWindow
SetWindowContextHelpId
IsDialogMessageW
IntersectRect
BringWindowToTop
GetClassNameW
SendDlgItemMessageW
SetLayeredWindowAttributes

winspool.drv

EnumPrintersA
WritePrinter
EndDocPrinter
OpenPrinterA
ClosePrinter
StartPagePrinter
StartDocPrinterA
EndPagePrinter

wininet

ResumeSuspendedDownload

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72c93e79ef105545d74694c0793bc15d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

wininet

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 11KB - Virtual size: 14KB

.rsrc Size: 25KB - Virtual size: 24KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 11KB - Virtual size: 14KB

.rsrc
Size: 25KB - Virtual size: 24KB