432f582d59d8cfef043d0155b250f0f0b7bdf020d9cc684e93719aba32c87608

Sharing

Copy URL

Twitter E-mail

General

Target

432f582d59d8cfef043d0155b250f0f0b7bdf020d9cc684e93719aba32c87608
Size

316KB
MD5

6fc121f0b95f264d7202364eade47447
SHA1

56190c1918d04e2f26fcfc9871b8956612e98c58
SHA256

432f582d59d8cfef043d0155b250f0f0b7bdf020d9cc684e93719aba32c87608
SHA512

e78ea2cda22bdd3c135518b3e8ca9ce614016c1abf41fd5d416f5722ac0f07bf600c63b599459dc3d3f77731f947a974c3054c6f1c6561803ca4df021a0755de
SSDEEP

6144:N2MBCgCH4K+yzoi91NaDEHlC99TGlY6lnqWs6mVBiQ7Rs:MMwgRI1NaDaADEY646a

Score

N/A

Malware Config

Signatures

Files

432f582d59d8cfef043d0155b250f0f0b7bdf020d9cc684e93719aba32c87608
.dll windows x86

1358a67fd40ce5f74a4c5a67b474874e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

EngStretchBltROP
EngStrokePath
EngStretchBlt
EngFillPath
EngDeletePath
CLIPOBJ_ppoGetPath
EngStrokeAndFillPath
EngUnicodeToMultiByteN
EngGetCurrentCodePage
FONTOBJ_pifi
FONTOBJ_cGetGlyphs
STROBJ_bEnum
STROBJ_vEnumStart
XFORMOBJ_bApplyXform
FONTOBJ_pxoGetXform
PATHOBJ_bEnum
PATHOBJ_vEnumStart
XFORMOBJ_iGetXform
EngBitBlt
EngEraseSurface
FONTOBJ_pvTrueTypeFontFile
STROBJ_dwGetCodePage
EngComputeGlyphSet
EngGetPrinterDataFileName
EngCreateSemaphore
EngDeleteSemaphore
EngCreatePalette
EngDeletePalette
EngAssociateSurface
EngCreateDeviceSurface
EngDeleteSurface
EngMultiByteToUnicodeN
EngReleaseSemaphore
EngAcquireSemaphore
BRUSHOBJ_pvGetRbrush
XLATEOBJ_iXlate
BRUSHOBJ_pvAllocRbrush
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
EngWideCharToMultiByte
EngMultiByteToWideChar
XLATEOBJ_cGetPalette

kernel32

TlsAlloc
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
FreeLibrary
GetProcAddress
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
CreateFileW
GetEnvironmentVariableW
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
SetLastError
MulDiv
GlobalAlloc
GlobalFree
GetACP
GetOEMCP
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
ExitProcess
InterlockedDecrement
InterlockedIncrement
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetLastError
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
CloseHandle
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
WriteFile
SetFilePointer
GetLocaleInfoA
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
LoadLibraryA
RaiseException
GetLocaleInfoW

advapi32

RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW

winspool.drv

GetPrinterW
GetPrinterDriverW
GetPrinterDataW

Exports

Exports

DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1358a67fd40ce5f74a4c5a67b474874e

Headers

File Characteristics

Imports

gdi32

kernel32

advapi32

winspool.drv

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 191KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 100KB - Virtual size: 104KB

.rsrc Size: 4KB - Virtual size: 960B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 100KB - Virtual size: 104KB

.rsrc
Size: 4KB - Virtual size: 960B

.reloc
Size: 8KB - Virtual size: 6KB