dfa87c403aba5c9bc3ee46b28802d7f4250d2fbebd346a8aaed9ee0d433f515b

Sharing

Copy URL Twitter E-mail

General

Target

dfa87c403aba5c9bc3ee46b28802d7f4250d2fbebd346a8aaed9ee0d433f515b
Size

495KB
MD5

1cba9aeaa487d4a026330f3f3b3c881b
SHA1

a6a629cf2bfc255019d23a435a8d1130c98e7750
SHA256

dfa87c403aba5c9bc3ee46b28802d7f4250d2fbebd346a8aaed9ee0d433f515b
SHA512

2197f57491f76806738abc99d2f2c3fa718fb181a44e84add31b68e227e10bc5e71e27886beca02f572f030420fb9715bba8a86435d9defd8504a4f8bcc5a281
SSDEEP

12288:fqR/C5yDyYL1yaRY2HIPJ7fwVzX4FmoEdwSjbgGvG:YC8qQeJdlEdF9vG

Score

N/A

Malware Config

Signatures

Files

dfa87c403aba5c9bc3ee46b28802d7f4250d2fbebd346a8aaed9ee0d433f515b
.exe windows x86

7dde7f692ac7b1c8b9f03baf766d3f86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
EnumUILanguagesA

winspool.drv

GetPrinterDataA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromString

winsta

WinStationQueryInformationW

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
CreateStatusWindowW

user32

SendMessageW
ShowWindow
GetSysColorBrush
DestroyWindow
MonitorFromRect
SetWindowTextW
FindWindowW
RegisterWindowMessageW
SetForegroundWindow
SendDlgItemMessageW
SetWindowPos
CallWindowProcW
GetWindowLongW
CreateWindowExW
SetTimer
CloseWindowStation
DispatchMessageW
MessageBoxW
DefDlgProcW
SystemParametersInfoW
RegisterDeviceNotificationW
SetWindowLongW
TranslateMessage
EndDialog
KillTimer
PostMessageW
wsprintfW
PostQuitMessage
GetMonitorInfoW
GetSystemMetrics
GetClientRect
DefWindowProcW
UnregisterDeviceNotification
LoadImageW
CharNextW
LoadStringW
GetMessageW

setupapi

SetupDiGetDeviceInterfaceAlias
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInterfaceRegKey
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDeviceInfoW
SetupDiOpenDeviceInterfaceW
SetupDiCreateDeviceInfoList
SetupDiOpenDevRegKey

rpcrt4

RpcServerRegisterIfEx
RpcBindingFromStringBindingW
RpcServerUnregisterIf
NdrClientCall2
RpcBindingFree
RpcStringFreeW
RpcImpersonateClient
RpcRevertToSelf
NdrServerCall2
RpcServerInqBindings
RpcBindingToStringBindingW
RpcBindingSetAuthInfoExW
RpcBindingVectorFree
I_RpcBindingInqTransportType
RpcStringBindingParseW

shell32

SHCreateDirectoryExA

ntdll

RtlDeleteResource
NtDuplicateToken
RtlOpenCurrentUser
NtQueryVirtualMemory
_wcsicmp
wcstoul
RtlUnwind
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
NtClose

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 847KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7dde7f692ac7b1c8b9f03baf766d3f86

Headers

File Characteristics

Imports

kernel32

winspool.drv

ole32

winsta

comctl32

user32

setupapi

rpcrt4

shell32

ntdll

Sections

.text Size: 152KB - Virtual size: 152KB

.data Size: 140KB - Virtual size: 847KB

.rdata Size: 25KB - Virtual size: 24KB

.rsrc Size: 171KB - Virtual size: 170KB

.data Size: 5KB - Virtual size: 5KB

.text
Size: 152KB - Virtual size: 152KB

.data
Size: 140KB - Virtual size: 847KB

.rdata
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 171KB - Virtual size: 170KB

.data
Size: 5KB - Virtual size: 5KB