2f92c9b1850451c754b5a24047b25095fe1a0ca34050492ddac663be88f676f0

Sharing

Copy URL Twitter E-mail

General

Target

2f92c9b1850451c754b5a24047b25095fe1a0ca34050492ddac663be88f676f0
Size

124KB
MD5

e267f56cd5525f496eb44bb3c12c7910
SHA1

0f46ad8a2a0f3e935a64ec6c914a0fe54fc26eef
SHA256

2f92c9b1850451c754b5a24047b25095fe1a0ca34050492ddac663be88f676f0
SHA512

4611c7ad6a0fa693966830fc972329d7ff41b1113ae9cf03bd09626fb1dc9d22a9a239b8d54574d26ee10273385a5f8c04f7aa513f72ae0c3478e14cf6f2fe0e
SSDEEP

3072:e8Kh3350oafmwl3ClksI2BdwjzRPyq6v/:ezhH5Ufmwl3kY2BdORgv

Score

N/A

Malware Config

Signatures

Files

2f92c9b1850451c754b5a24047b25095fe1a0ca34050492ddac663be88f676f0
.dll windows x86

fd6f465cc3a2c6010ed3d391f7c8194b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomW
GlobalFlags
WriteConsoleOutputAttribute
FindFirstVolumeMountPointW
FreeLibrary
WriteTapemark
LocalLock
AddAtomA
GetConsoleOutputCP
GetVolumePathNameW
Beep
ExitVDM
SetCalendarInfoW
GetNumberOfConsoleMouseButtons
SetMailslotInfo
LocalSize
GetDriveTypeW
SetTimerQueueTimer
GetProfileStringW
LocalAlloc
WriteConsoleInputA
CreateJobObjectW
SetConsoleWindowInfo
MultiByteToWideChar
GetProcAddress
GetConsoleScreenBufferInfo
SleepEx
GetThreadPriority
GetModuleHandleW
LoadLibraryW
GetFullPathNameA
HeapUnlock
CreateTapePartition
SetSystemPowerState
GetConsoleTitleA
OpenEventW
GetCommModemStatus
GetVersion
VerLanguageNameA
TerminateJobObject
SetConsoleNumberOfCommandsA
GetSystemTime
SetCommBreak
SetCurrentDirectoryA
OpenMutexW
GetCurrentDirectoryA
GetCompressedFileSizeW
FlushInstructionCache
GetLocalTime
FindNextFileW
VerLanguageNameW
IsValidLocale
WaitForMultipleObjects
SetUnhandledExceptionFilter
GetCommTimeouts
FindClose
SetConsoleCursor
GetNamedPipeHandleStateA
RegisterWaitForInputIdle
CreateEventA
LoadLibraryA
VirtualAlloc
GetModuleHandleA
GetHandleInformation

user32

UnhookWindowsHookEx
InsertMenuItemW
RealChildWindowFromPoint
ModifyMenuA
FillRect
PeekMessageA
DefWindowProcA
SetWindowContextHelpId
GetWindowPlacement
TranslateAcceleratorW
CreateDialogParamW
EnableWindow
GetClassInfoExW
SetWindowsHookExA
IsCharUpperW
ImpersonateDdeClientWindow
BringWindowToTop
GetClassNameW
GetScrollRange
MsgWaitForMultipleObjects
IsWindowUnicode
GetMenuDefaultItem
SetMenuItemBitmaps
ToAsciiEx
DestroyIcon
CascadeChildWindows
GetMenuItemInfoW
CreateMenu
SetClassLongA
InSendMessageEx
GetMenuContextHelpId
MessageBoxExA
DrawIconEx
GetMenuCheckMarkDimensions
CreateDesktopW
SetCaretPos
GetKBCodePage
ChangeDisplaySettingsA
GetKeyboardLayoutNameW
ChangeMenuW
GetWindowThreadProcessId
TileChildWindows
EndMenu
SetMessageExtraInfo
SetKeyboardState
SetMessageQueue
GetLastActivePopup
DdeConnectList
EndPaint
PostQuitMessage
SetCapture
MessageBoxW
GetForegroundWindow
LoadCursorW
IsRectEmpty
LoadBitmapW
GetDCEx
GetMonitorInfoW
UnionRect
SetWindowsHookW
GetMenuStringA
GetClientRect
EnumWindows
DrawTextW
GetMessageExtraInfo
GetMessageA
DrawTextExW
ToUnicodeEx
CreateMDIWindowA
DdeQueryNextServer
DrawStateA
UnregisterClassA
GetUpdateRect
CharLowerA
CharToOemW

advapi32

LookupPrivilegeDisplayNameW
LookupAccountNameW
GetOverlappedAccessResults
LsaGetRemoteUserName
ReadEventLogA
QueryServiceObjectSecurity
AddAuditAccessObjectAce
LookupPrivilegeNameW
CheckTokenMembership
ImpersonateLoggedOnUser
GetMultipleTrusteeW
ElfBackupEventLogFileW
ObjectDeleteAuditAlarmW
BuildTrusteeWithSidW
GetFileSecurityW
GetServiceDisplayNameW
BuildTrusteeWithNameW
TrusteeAccessToObjectA
LsaClose
I_ScSetServiceBitsA
SystemFunction011
SystemFunction021
EqualPrefixSid
CreateServiceA
LsaLookupNames
GetCurrentHwProfileA
AddAccessDeniedObjectAce
CryptReleaseContext
RegRestoreKeyA
LsaSetSecurityObject
AddAce
QueryServiceLockStatusA
SetTokenInformation
LsaOpenTrustedDomain
LsaSetInformationTrustedDomain
NotifyChangeEventLog
ConvertSidToStringSidW
OpenEventLogA
GetExplicitEntriesFromAclA
RegQueryInfoKeyW
EnumDependentServicesA
IsValidSecurityDescriptor
RegCreateKeyExA
AccessCheckAndAuditAlarmA
ElfReadEventLogW
LookupPrivilegeNameA
QueryRecoveryAgentsOnEncryptedFile
ElfDeregisterEventSource
SetEntriesInAclA
RegOpenKeyExW
AddAuditAccessAceEx
CryptGetHashParam
LsaEnumeratePrivilegesOfAccount
CryptSetProviderW
CryptContextAddRef
SetUserFileEncryptionKey
ElfReportEventA
IsTokenRestricted
RegSetValueExW
SetServiceBits
LookupPrivilegeValueW
GetNamedSecurityInfoExW
LsaGetSystemAccessAccount
LsaRetrievePrivateData
RegQueryValueW
TrusteeAccessToObjectW

opengl32

glVertex3s
glGenLists
glLoadMatrixd
wglCreateContext
glEvalMesh2
glRasterPos3f
glEnableClientState
wglShareLists
glOrtho
wglUseFontBitmapsW
glGetPolygonStipple
wglUseFontBitmapsA
glVertex4s
glRasterPos2d
glReadBuffer
glVertex2dv
glTexCoord1fv
wglDeleteContext
glTexCoord4i
glFinish
glGetIntegerv
glLineWidth
glMultMatrixd
glColor4ubv
glVertex2fv
glTexCoord4iv
glIndexMask
glColor3d
glViewport
wglMakeCurrent
glPointSize
glScissor
glListBase
glEvalCoord2fv
glIndexd
glRasterPos4dv
glLightModeliv

shell32

SHUpdateRecycleBinIcon
ExtractIconW
SHGetDataFromIDListA
DragQueryPoint
StrNCmpA
StrNCmpIW
DragFinish
SHInvokePrinterCommandW
SHGetFileInfoW
StrNCmpIA
DoEnvironmentSubstW
StrRChrW
StrRChrIW
FreeIconList
ExtractAssociatedIconExA
StrRChrA
SHGetPathFromIDListW
ExtractIconA
SHGetDiskFreeSpaceA
StrCmpNIA
DragQueryFileW
CommandLineToArgvW
ShellHookProc
SHAddToRecentDocs
SHFormatDrive
DragAcceptFiles
SHQueryRecycleBinA
CheckEscapesW
SHLoadInProc
StrChrIW
SHFileOperationA
SHBrowseForFolderW
StrStrW
StrCmpNIW
StrNCmpW
InternalExtractIconListA

version

VerFindFileA
GetFileVersionInfoSizeW
VerFindFileW
GetFileVersionInfoW
VerQueryValueA
VerInstallFileA
VerInstallFileW

winspool.drv

AdvancedSetupDialog
EndPagePrinter
ConvertUnicodeDevModeToAnsiDevmode
EnumPrintProcessorDatatypesA
DeletePrinterDataW
OpenPrinterW
SetPrinterDataW
ResetPrinterA
EnumPrintersA
ResetPrinterW
AddPortExA
SplDriverUnloadComplete
ord101
ord102
GetPrinterDataA
EnumPrintProcessorsA
AddPortA
DeleteFormA
OpenPrinterA
SetFormW
StartDocDlgA
ord100
DevicePropertySheets
DeletePrinterDriverExA
DeletePrintProcessorA
DeletePrintProcessorW
PlayGdiScriptOnPrinterIC
ord210
DeletePrintProvidorW
ord203
AddPrintProcessorA
EnumPrinterKeyA
EnumJobsA
EnumPrinterDataW
AddMonitorW
GetFormA
DocumentPropertiesA
AddFormW
ReadPrinter
WritePrinter

msvcrt

_unlink
_fmode
_wexecve
memset
printf
feof
fwprintf
fsetpos
__STRINGTOLD
fputc
_swab
fread
fwrite
fseek
fopen
_mbslwr
fputs
_HUGE
sprintf
_mbscpy
freopen
fclose
_mbscat
ferror
_purecall
ftell
fprintf
ungetwc
_ungetch

Exports

Exports

Bptnb
Ftvdqkbmsw
Omdl
Rirckgejr
Swnzml
Swzwmoay
Ymbpkt
Zgvhufr

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd6f465cc3a2c6010ed3d391f7c8194b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

opengl32

shell32

version

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 52KB - Virtual size: 50KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 52KB - Virtual size: 50KB

.reloc
Size: 8KB - Virtual size: 7KB