f826f6ce81d0783a7c030c5e9548aa1551ccbeda31aaced0d8fa55d991814463

Sharing

Copy URL Twitter E-mail

General

Target

f826f6ce81d0783a7c030c5e9548aa1551ccbeda31aaced0d8fa55d991814463
Size

1.0MB
MD5

7d1ac2cce645e0c5f82d2abf32b48228
SHA1

9021f9fed43f6c0fb0b3e1c67cd4e3790fc28a10
SHA256

f826f6ce81d0783a7c030c5e9548aa1551ccbeda31aaced0d8fa55d991814463
SHA512

948b5c5630a53a43c2f419266b39e6aa9b36a566e0c5fee92db17ab1f1a4d7a5cf12c1f1960e1f14464a46f768acaf14a217a12197eb2f44efd044e6878d6090
SSDEEP

24576:BzW2eL6Ul2TmpmtZIkqPPjjgDGGXAsJ5rIEZiKNHMZNAiWUl:BzW2eLZ5kZIkALcDGGXL5sErMXA

Score

N/A

Malware Config

Signatures

Files

f826f6ce81d0783a7c030c5e9548aa1551ccbeda31aaced0d8fa55d991814463
.exe windows x86

747d00d104aa6ef15c908759bd5bc7a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

FindNextVolumeMountPointW
SetFilePointer
SetWaitableTimer
Thread32First
SetConsoleOS2OemFormat
SetComputerNameA
OpenSemaphoreW
GetCurrentDirectoryW
RemoveDirectoryW
SetVolumeLabelA
GetPrivateProfileStringA
VirtualAlloc
DeleteTimerQueueEx
GetTimeFormatA
CommConfigDialogW
GetWriteWatch
UnlockFileEx
FindAtomA
CreateNamedPipeA
WaitForMultipleObjects
SearchPathW
GetStringTypeW
IsBadWritePtr
GetSystemDirectoryW
CancelWaitableTimer
Module32FirstW
Toolhelp32ReadProcessMemory
WaitForSingleObject
OutputDebugStringA
SetProcessShutdownParameters
GetEnvironmentVariableW
SetHandleCount
VirtualFreeEx
CreateToolhelp32Snapshot

crypt32

CertFreeCertificateContext

oleaut32

SafeArrayGetUBound
VariantClear
VariantChangeType
SysFreeString
GetErrorInfo
SysStringLen
SysReAllocStringLen
SafeArrayCreate
VariantChangeTypeEx
SafeArrayGetLBound
VariantCopy
VariantCopyInd
VariantInit
SysAllocStringByteLen
SysAllocStringLen

tapi32

lineOpenW
lineGetAddressCapsA
lineGetCallStatus
lineInitialize
lineOpen
tapiGetLocationInfoW
lineConfigDialogW
lineTranslateAddressW
lineNegotiateAPIVersion
lineShutdown
lineGetDevCaps
lineSetStatusMessages
lineDrop
lineTranslateDialogW
lineConfigDialog

advapi32

InitializeSecurityDescriptor
ControlTraceW
LsaOpenSecret
GetKernelObjectSecurity
RegRestoreKeyW
GetSecurityDescriptorLength
ObjectCloseAuditAlarmW
StartTraceW
EnumServicesStatusA
RegisterServiceCtrlHandlerExA
GetSidSubAuthority
RegOpenKeyW
CryptContextAddRef
CloseEventLog
RegGetKeySecurity
LsaLookupPrivilegeValue
DeleteAce
ClearEventLogW
CreateWellKnownSid
SetServiceObjectSecurity
ImpersonateAnonymousToken
DuplicateTokenEx
LockServiceDatabase
WmiExecuteMethodW
LsaOpenAccount
RegisterServiceCtrlHandlerA
LsaFreeMemory

winspool.drv

OpenPrinterA
ClosePrinter
AbortPrinter
EnumJobsW
GetPrinterDataW
FindNextPrinterChangeNotification
EnumMonitorsA
GetPrinterW
EnumPrintProcessorDatatypesW
StartDocPrinterW
SetPrinterDataExW
DocumentPropertySheets
GetPrintProcessorDirectoryW
DeletePrinter
EndPagePrinter
ReadPrinter
GetFormW
AddPrinterConnectionW
DeletePrinterDriverW
DeviceCapabilitiesW
EndDocPrinter
GetJobW
AddPrinterDriverExW
DeletePrinterConnectionW
AddFormW
GetPrinterDriverW
GetPrinterDriverDirectoryW

msacm32

acmStreamUnprepareHeader
acmDriverEnum
acmFormatTagDetailsW
acmStreamPrepareHeader
acmStreamOpen
acmDriverClose
acmFormatDetailsW
acmMetrics
acmStreamConvert
acmDriverOpen
acmFormatChooseW
acmStreamSize
acmGetVersion

msvcrt

_HUGE
__argc
_statusfp
_mbsnicmp
?set_terminate@@YAP6AXXZP6AXXZ@Z
fread
wcsrchr
_chsize
__p__commode
?_set_new_mode@@YAHH@Z
??0bad_cast@@QAE@ABV0@@Z
_strnicmp
wcschr
_mkdir
_wgetcwd
_pclose
_isnan
ctime

Sections

.text
Size: 122KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 201KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 116KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 348KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 116KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

747d00d104aa6ef15c908759bd5bc7a6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

oleaut32

tapi32

advapi32

winspool.drv

msacm32

msvcrt

Sections

.text Size: 122KB - Virtual size: 619KB

.bss Size: 201KB - Virtual size: 337KB

.rdata Size: 116KB - Virtual size: 125KB

.rdata Size: 348KB - Virtual size: 620KB

INIT Size: 116KB - Virtual size: 193KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 122KB - Virtual size: 619KB

.bss
Size: 201KB - Virtual size: 337KB

.rdata
Size: 116KB - Virtual size: 125KB

.rdata
Size: 348KB - Virtual size: 620KB

INIT
Size: 116KB - Virtual size: 193KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 3KB - Virtual size: 2KB