bca19d0d552f2a3344325c0e084b64db33fa872d2765f7711f88e9303f7aaf88

Sharing

Copy URL

Twitter E-mail

General

Target

bca19d0d552f2a3344325c0e084b64db33fa872d2765f7711f88e9303f7aaf88
Size

120KB
MD5

6a285f3c0de92b0aaaaed65d4df823f9
SHA1

88b8bc174bf960fefd6bf699f80dd87ed73038b6
SHA256

bca19d0d552f2a3344325c0e084b64db33fa872d2765f7711f88e9303f7aaf88
SHA512

ec06894a951c16af0e4fb1a9a0cb5fd4797a8bb473119cd7c5a44216c4ce250f4e5a01515aab38282abc5c8041cc527f68bf550dd30ea11e499e0acaa85cb5a4
SSDEEP

3072:c7WY0piX9kazEQjkxSWKXZQ8rhmvWEAo5T:cJXnzET8QkoN

Score

N/A

Malware Config

Signatures

Files

bca19d0d552f2a3344325c0e084b64db33fa872d2765f7711f88e9303f7aaf88
.dll windows x86

96822cdef4d0965e6a05b50ae3b339a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetTapeParameters
GetLargestConsoleWindowSize
VirtualQuery
SetVolumeMountPointW
VerLanguageNameW
GetSystemTimeAsFileTime
IsBadStringPtrA
FatalAppExitW
QueryDosDeviceA
GlobalReAlloc
SetFilePointerEx
SetPriorityClass
GetLocalTime
GetVolumePathNameA
GetHandleInformation
EnumDateFormatsExA
GetShortPathNameA
SetEvent
_hread
GetCommMask
DuplicateConsoleHandle
SetConsoleOutputCP
FreeConsole
GetVersionExW
IsBadStringPtrW
GetVersion
TransmitCommChar
CancelWaitableTimer
ReadConsoleOutputCharacterW
GetVolumePathNameW
LoadLibraryW
GetConsoleAliasesA
AssignProcessToJobObject
HeapAlloc
GetTickCount
SetThreadPriority
Process32NextW
WriteFile
FindFirstFileExA
GetConsoleTitleA
TlsAlloc
ChangeTimerQueueTimer
GetTapeParameters
GetLongPathNameW
GetProfileIntA
CallNamedPipeA
WriteConsoleInputVDMW
FreeLibrary
GetConsoleInputExeNameA
IsBadCodePtr
DuplicateHandle
GetFullPathNameW
WriteConsoleOutputW
EnumResourceNamesW
GetSystemTime
FlushInstructionCache
OpenConsoleW
LoadLibraryA
VerLanguageNameA
IsValidLocale
GetModuleHandleA
VirtualAlloc
FindNextFileW
GetProcAddress

advapi32

SystemFunction013
InitiateSystemShutdownW
ConvertSidToStringSidW
ObjectCloseAuditAlarmW
SetSecurityDescriptorDacl
LsaCreateTrustedDomain
GetUserNameW
CryptExportKey
SetEntriesInAccessListA
CloseServiceHandle
LsaEnumerateTrustedDomains
SetKernelObjectSecurity
LsaLookupNames
BuildTrusteeWithSidW
CreateServiceW
AreAnyAccessesGranted
OpenBackupEventLogW
AreAllAccessesGranted
TrusteeAccessToObjectW
RegCreateKeyW
GetSidLengthRequired
GetMultipleTrusteeOperationW
RegReplaceKeyW
GetNamedSecurityInfoExW
SetSecurityDescriptorOwner
SetServiceObjectSecurity
LsaICLookupSids
AddAce
GetMultipleTrusteeW
DecryptFileA
SystemFunction007
SystemFunction001
BuildImpersonateTrusteeA
AccessCheckAndAuditAlarmA
LogonUserW
RegOverridePredefKey
CryptDestroyHash
CreateServiceA
ObjectDeleteAuditAlarmA
LsaEnumeratePrivileges
CryptEnumProvidersA
InitiateSystemShutdownA
LsaDelete
LookupAccountSidW
LsaEnumerateTrustedDomainsEx

shell32

StrRStrA
ExtractAssociatedIconExA
SHAppBarMessage
StrCmpNIA
StrCmpNA
SHGetSpecialFolderLocation
DuplicateIcon
ShellAboutW
SHQueryRecycleBinA
DragQueryPoint
RegenerateUserEnvironment
SheGetDirA
SHGetSpecialFolderPathW
StrRChrIA
Shell_NotifyIconW
SHGetDataFromIDListA
SHFileOperationW
SHBrowseForFolderA
SheChangeDirExW
StrRStrIA
DoEnvironmentSubstW
StrStrA
ShellHookProc
ExtractIconExA
DragQueryFileAorW
ShellAboutA
SheChangeDirA
CheckEscapesW
ExtractIconW
SHEmptyRecycleBinW
StrNCmpIW
SHAddToRecentDocs
Shell_NotifyIconA
SHLoadInProc
DragFinish
SHGetFileInfoA
StrRStrIW
StrNCmpA
SHUpdateRecycleBinIcon
StrRStrW
StrChrIA
ord179
ExtractIconA
SHChangeNotify
StrNCmpIA
InternalExtractIconListA
SheSetCurDrive
DragQueryFileA
DoEnvironmentSubstA
SHFreeNameMappings
StrCmpNIW
SHGetPathFromIDListA
FreeIconList
SHGetSettings
SHEmptyRecycleBinA
SHGetSpecialFolderPathA
StrChrA
SHFileOperationA
DragAcceptFiles
StrRChrW
StrStrIA
WOWShellExecute
ExtractAssociatedIconExW
CommandLineToArgvW
StrChrIW
StrStrW
SHInvokePrinterCommandA
SHGetDesktopFolder
StrChrW
SHGetFileInfoW
ord180
SHGetMalloc
FindExecutableA
SHGetInstanceExplorer
ExtractIconExW
StrStrIW
SHFormatDrive
StrNCmpW
SHQueryRecycleBinW
SHGetDataFromIDListW
ExtractAssociatedIconA
ExtractAssociatedIconW
SHInvokePrinterCommandW
FindExecutableW
SHGetPathFromIDListW
DragQueryFileW
SHGetDiskFreeSpaceA
InternalExtractIconListW

shlwapi

PathMakeSystemFolderA
StrSpnA
StrFromTimeIntervalW
SHDeleteEmptyKeyW
PathIsDirectoryW
PathCreateFromUrlA
PathAppendA
UrlGetPartW
PathCanonicalizeA
StrNCatW
PathIsPrefixW
PathIsUNCServerW
SHRegEnumUSKeyA
PathRemoveArgsA
SHSetValueW
SHRegWriteUSValueA
StrIsIntlEqualA
StrPBrkA
PathIsContentTypeW
PathFindNextComponentA
PathCompactPathExA
PathAddBackslashA
StrFromTimeIntervalA
PathMakeSystemFolderW
UrlIsW

version

VerInstallFileW
VerFindFileA
GetFileVersionInfoSizeA
VerInstallFileA
GetFileVersionInfoSizeW
VerFindFileW
GetFileVersionInfoW

winspool.drv

SetJobW
GetPrinterDriverW
AddFormA
OpenPrinterA
ord210
DeletePrinterConnectionW
CommitSpoolData
DocumentPropertiesA
PrinterMessageBoxW
ord213
SplDriverUnloadComplete
EnumPrinterKeyA
ord202
StartDocPrinterA
SetPrinterDataExW
AddPrinterConnectionW
ReadPrinter
AddPortExW
StartDocDlgW
SpoolerPrinterEvent
AddPrintProcessorW
AdvancedSetupDialog
EnumPortsA
FindNextPrinterChangeNotification
AddPortA
PlayGdiScriptOnPrinterIC
GetPrinterDataA
ConvertUnicodeDevModeToAnsiDevmode
EnumPrintProcessorDatatypesA
EnumFormsA
GetSpoolFileHandle
DevQueryPrintEx
GetPrinterDriverDirectoryW
DeleteMonitorA
ConvertAnsiDevModeToUnicodeDevmode

msvcrt

_mbsspn
_mbsnbcat
_mbsnicoll
_mbsnbset
sqrt
swscanf
fclose
_CItan
labs
ftell
_unlink
memset
_mbsnbcnt
_getdcwd
_close
_local_unwind2
_wexecvpe
strpbrk
__p__tzname
iswpunct
__badioinfo
__p__mbcasemap
_winminor
_CItanh
__p___wargv
_ismbckata
_CIlog10
_tzset
feof
_fdopen
_wopen
_chsize
fopen
_mbstok
_getsystime
_dup2
_popen
_adj_fdiv_m32i
_wfindfirsti64
fprintf
_seh_longjmp_unwind
_XcptFilter
isgraph
perror
strtol
_j0
isalnum
_mbsbtype
__p__mbctype
strncpy
strrchr
_wstrtime
fread
_execlpe
_heapused
iswlower
_pipe
strcmp
_wctime
_strtime
__winitenv
tanh
printf
_wunlink
_wfullpath
_chmod
__p__commode
fwprintf
acos
_findfirsti64
_wfopen
fseek
_ismbcprint
_cgets
ferror
atan
wcsstr
_chkesp
_execl
_wfdopen
_strdate
_wmkdir
fputc
swprintf
fwrite
rewind
toupper
__lconv_init
sprintf
fputs
fsetpos
difftime
_tolower
longjmp

Exports

Exports

Bnbayvrdnm
Nkekic

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96822cdef4d0965e6a05b50ae3b339a1

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

version

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 52KB - Virtual size: 48KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 52KB - Virtual size: 48KB

.reloc
Size: 8KB - Virtual size: 6KB