743c40ce4d7ba56f56da92dda05ddfb8be4c48041cafa251223b2f9957123845

Sharing

Copy URL Twitter E-mail

General

Target

743c40ce4d7ba56f56da92dda05ddfb8be4c48041cafa251223b2f9957123845
Size

806KB
MD5

b4deb2df4cc6c4da25891f6fa80bf97d
SHA1

46b03b5a680d4fafbfae3b4e85e2cd8d357ce2da
SHA256

743c40ce4d7ba56f56da92dda05ddfb8be4c48041cafa251223b2f9957123845
SHA512

149bd947486d5aa4ecd762be5fb1066117d87d5ad5f2bab1eadb8a425ed838b2df133b925b38db7aa9682efba2d90ec3de16539c59a686ee73b4ea43b59382b3
SSDEEP

24576:KlOxa4A6JiEN0I3/zBL55Jglei+vrwFPJH:KAE41/d55GlCvr2PJ

Score

N/A

Malware Config

Signatures

Files

743c40ce4d7ba56f56da92dda05ddfb8be4c48041cafa251223b2f9957123845
.exe windows x86

ce54818742e52be5704f70a6cad3064e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mscms

OpenColorProfileW
EnumColorProfilesW
TranslateColors
InternalGetPS2PreviewCRD
InstallColorProfileW
TranslateBitmapBits
EnumColorProfilesA
GetColorProfileHeader
GetColorDirectoryW
InternalGetPS2ColorRenderingDictionary
IsColorProfileValid
InternalGetPS2CSAFromLCS
UninstallColorProfileW
CreateColorTransformW
GetStandardColorSpaceProfileW
GetColorProfileElement
CloseColorProfile
CreateColorTransformA

winspool.drv

EnumFormsW
DeleteMonitorW
DeletePrinterDriverW
EnumFormsA
DeletePortW
GetPrinterA
EnumPrintersA
AddPrinterW
AddPrintProcessorW
EnumPrinterDataW
DeletePrinterDriverExW
FlushPrinter
EndPagePrinter
FindFirstPrinterChangeNotification
FindClosePrinterChangeNotification
GetFormW
WritePrinter
FreePrinterNotifyInfo
DeletePrinter
FindNextPrinterChangeNotification
AddMonitorA
GetPrinterDataA
DocumentPropertiesA
GetPrinterDriverW
XcvDataW
GetPrinterDriverA
SetJobA
EnumMonitorsW
ClosePrinter

msvcrt

mbtowc
_isctype
wcstombs
_mbspbrk
atoi
_mkdir
_controlfp
iswalnum
_wstrtime
_c_exit
_getdrives
wcstoul
_wcsdup
_itow
_fdopen
isspace
rand
_wgetcwd
_XcptFilter
srand
getchar
_mbsicmp
tmpnam

imm32

ImmGetImeMenuItemsW
ImmGetHotKey
ImmConfigureIMEW
ImmGetCompositionFontW
ImmDestroyContext
ImmSetCompositionStringW
ImmEnumRegisterWordW
ImmGetDefaultIMEWnd
ImmGetOpenStatus
ImmLockIMCC
ImmUnlockIMCC
ImmSetOpenStatus
ImmAssociateContext
ImmCreateContext
ImmReleaseContext
ImmGetCandidateListW
ImmIsIME
ImmLockIMC
ImmNotifyIME
ImmGetProperty
ImmSetConversionStatus

crypt32

CertGetNameStringW

kernel32

CreateFileW
GetDriveTypeW
SetConsoleCursorInfo
AddAtomA
GetConsoleTitleW
GetVolumePathNameA
OpenWaitableTimerW
GetAtomNameW
GetCommModemStatus
SetEnvironmentVariableA
BindIoCompletionCallback
IsDBCSLeadByteEx
SetTimerQueueTimer
ProcessIdToSessionId
FindFirstFileExW
lstrcatA
RtlZeroMemory
GetTempFileNameW
GetLocaleInfoA
GetModuleHandleW
ReadFile
WaitForMultipleObjects
SetConsoleScreenBufferSize
GetProfileStringA
SetVolumeLabelA
ExpandEnvironmentStringsW
CreateTimerQueueTimer
GetUserDefaultLCID
GlobalDeleteAtom
RtlUnwind
_lcreat
TlsFree
ConnectNamedPipe
GetProfileSectionA
Sleep
OpenMutexW
VirtualAlloc
GetFileType

advapi32

OpenEncryptedFileRawW
LsaQueryInformationPolicy
IsValidSid
SystemFunction006
CloseTrace
GetUserNameW
AbortSystemShutdownA
RegSetValueW
RegSetValueExW
CryptDestroyHash
RevertToSelf
LsaFreeMemory
AccessCheck
GetSidSubAuthorityCount
CryptDestroyKey
SetNamedSecurityInfoW
LsaDelete
SystemFunction009
InitializeAcl
CreateServiceW
GetTokenInformation
OpenBackupEventLogW
ImpersonateSelf
QueryServiceStatus
RegCreateKeyExW
CryptCreateHash
GetTraceEnableFlags
CreateWellKnownSid
ClearEventLogW
CloseServiceHandle
ConvertStringSidToSidW
RegQueryValueA
RegisterTraceGuidsA

Sections

.data
Size: 512B - Virtual size: 369B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 37KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 461KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 212KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce54818742e52be5704f70a6cad3064e

Headers

DLL Characteristics

File Characteristics

Imports

mscms

winspool.drv

msvcrt

imm32

crypt32

kernel32

advapi32

Sections

.data Size: 512B - Virtual size: 369B

.rdata Size: 1024B - Virtual size: 672B

.text Size: 37KB - Virtual size: 362KB

.data Size: 461KB - Virtual size: 613KB

.idata Size: 212KB - Virtual size: 384KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 512B - Virtual size: 236B

.data
Size: 512B - Virtual size: 369B

.rdata
Size: 1024B - Virtual size: 672B

.text
Size: 37KB - Virtual size: 362KB

.data
Size: 461KB - Virtual size: 613KB

.idata
Size: 212KB - Virtual size: 384KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 512B - Virtual size: 236B