c3d904444979e8b3639834279f4823a386e913d7a7a883d73908d1078fed9c2a

General

Target

c3d904444979e8b3639834279f4823a386e913d7a7a883d73908d1078fed9c2a
Size

340KB
MD5

12b7308a7d98e2e161ec07c111169f8c
SHA1

39124669b595fa5e5a670cc15dafbd900e2de0c9
SHA256

c3d904444979e8b3639834279f4823a386e913d7a7a883d73908d1078fed9c2a
SHA512

bf75873e39f8d2c130c0d5847b3b676678e1d6e1a92e869b01e90d5e9f72c0815f77abf76640774f7a23c20b7e49bd4c9bdcff65984f00e98e27289358ac3ccf
SSDEEP

6144:7PYlm98XAdURNSJ7cGkb6jNzoWSloRhvAhKJdH0Gn6T5Lj:TUmiXAd2SRc+mShvAhKJ5l6lL

Score

N/A

Malware Config

Signatures

Files

c3d904444979e8b3639834279f4823a386e913d7a7a883d73908d1078fed9c2a
.exe windows x86

44999f8fcbdd22924e96aefc037e69a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyA
OpenEventLogW

kernel32

VirtualAllocEx
Sleep
GetProcAddress
GetModuleHandleA
GetPrivateProfileIntA
GetModuleHandleW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetLastError
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
MultiByteToWideChar
ReadFile
ExitProcess
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleW
SetStdHandle
FlushFileBuffers
IsProcessorFeaturePresent
HeapFree
CloseHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
CreateFileW
GetStringTypeW
HeapAlloc
HeapReAlloc
SetEndOfFile
GetProcessHeap
LCMapStringW
HeapSize

comdlg32

ReplaceTextA
PageSetupDlgW
GetSaveFileNameA
ReplaceTextW
PrintDlgW
FindTextW
FindTextA
GetSaveFileNameW

Sections

.qozmal
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 242KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44999f8fcbdd22924e96aefc037e69a1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

comdlg32

Sections

.qozmal Size: 82KB - Virtual size: 81KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 242KB - Virtual size: 269KB

.rsrc Size: 512B - Virtual size: 16B

.qozmal
Size: 82KB - Virtual size: 81KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 242KB - Virtual size: 269KB

.rsrc
Size: 512B - Virtual size: 16B