97968e19ce678270f6e0a053a0dfe07bd740fe3d563dad8bc04f3df9ee31b13b

General

Target

97968e19ce678270f6e0a053a0dfe07bd740fe3d563dad8bc04f3df9ee31b13b
Size

63KB
MD5

ac8ae23881a0b5feeb67ab6f1fa73493
SHA1

93f2effcb58e9d26425d57b91261a96ea9a32040
SHA256

97968e19ce678270f6e0a053a0dfe07bd740fe3d563dad8bc04f3df9ee31b13b
SHA512

1dc3fad370b31f7df9b158d520867105c47e5172d5115d01deaa6505c643dba495b413a63c3f903b8576ccc1a0f05fcb0bfc7fd1e1d94eaa287faf382acb0500
SSDEEP

768:U2qKJ9NFvyhrmvjssDFuZMYfoMkPI7jzGTYfI3eO9uBRrX/T29Wv7Px0RtS+F:nEmvbCgHAzfQ3e2IlPE6Piv

Score

N/A

Malware Config

Signatures

Files

97968e19ce678270f6e0a053a0dfe07bd740fe3d563dad8bc04f3df9ee31b13b
.exe windows x86

707d3fc7acdd0ac9669198a468d743ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwAllocateVirtualMemory
NtAllocateVirtualMemory
vsprintf
memset
memcpy

kernel32

GetLastError
GetProcAddress
OutputDebugStringA
lstrcatA
CreateThread
lstrcpyA
GetProcessHeap
WaitForSingleObject
HeapAlloc
SetErrorMode
ExitProcess
lstrlenA
lstrcpyW

user32

KillTimer
GetMessageW
SetTimer
EndPaint
TranslateMessage
RegisterClassExW
ShowWindow
GetActiveWindow
CreateWindowExW
UpdateWindow
ValidateRect
DefWindowProcW
DispatchMessageW
BeginPaint
MessageBoxW

gdi32

CreatePen
Ellipse
Rectangle
SelectObject
CreateFontIndirectA
SetTextColor
LineTo
TextOutW

comctl32

ord17

powrprof

GetActivePwrScheme
IsPwrHibernateAllowed
GetPwrCapabilities

wintrust

WintrustGetRegPolicyFlags

imagehlp

ImageEnumerateCertificates

winmm

mciSendStringA

winspool.drv

OpenPrinterA
WritePrinter
StartPagePrinter
StartDocPrinterW
ord201
ClosePrinter
EndDocPrinter
EndPagePrinter

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

707d3fc7acdd0ac9669198a468d743ef

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

gdi32

comctl32

powrprof

wintrust

imagehlp

winmm

winspool.drv

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 512B - Virtual size: 1KB

.tls Size: 512B - Virtual size: 24B

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 512B - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 24B