5a8d6c483077278534fec277c9a663c336e26e3a645ff4ce57de7976fb823c02

Sharing

Copy URL Twitter E-mail

General

Target

5a8d6c483077278534fec277c9a663c336e26e3a645ff4ce57de7976fb823c02
Size

116KB
MD5

b36187a5a1d8bc8d7ee8f0a1ea13b9c3
SHA1

136bbd47f44a337d714ab7ecdc5fc719c977b84b
SHA256

5a8d6c483077278534fec277c9a663c336e26e3a645ff4ce57de7976fb823c02
SHA512

e1b262107ce6b4dafcbf82c97ac80c47c00883c5875c94187e4d4c3c392e5bf7cfc7d634764e15823d8e7bebecb257bc11b5b1b5213d0c69bef1237d4778fd8a
SSDEEP

3072:Pv65YDyxa4B5UGocb6fO3pRmrz28iU/Hl4p:Pv659x3B5xoEEApRmryhU/Fo

Score

N/A

Malware Config

Signatures

Files

5a8d6c483077278534fec277c9a663c336e26e3a645ff4ce57de7976fb823c02
.dll windows x86

5d32a4d2de7fe75bac3211ede3572590

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
Beep
FreeLibrary
FindFirstFileExW
GetProcessWorkingSetSize
SetFileApisToANSI
GetStartupInfoA
GetConsoleTitleW
TransmitCommChar
ClearCommBreak
GetSystemTime
InterlockedIncrement
ReplaceFile
DefineDosDeviceW
GetThreadPriority
GetHandleInformation
EnumCalendarInfoW
EnumTimeFormatsW
GlobalFindAtomA
GetCPInfoExA
GetLogicalDriveStringsW
GetVolumePathNameW
GetNamedPipeHandleStateW
EnumResourceNamesA
ReadConsoleOutputCharacterW
LocalReAlloc
GetVolumePathNameA
SetMailslotInfo
BuildCommDCBA
EnumCalendarInfoExA
SetConsoleMode
HeapLock
GetVolumeInformationA
SetCriticalSectionSpinCount
GetLocalTime
InvalidateConsoleDIBits
FindCloseChangeNotification
GetPrivateProfileIntW
ReadConsoleA
DeviceIoControl
FindAtomW
FreeResource
IsProcessorFeaturePresent
SetFileAttributesW
SetEnvironmentVariableW
ResetEvent
VirtualAlloc
GetFileAttributesW
CreateFileMappingA
DeleteCriticalSection
VirtualProtectEx
GetComputerNameA
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsW
SetThreadLocale
IsValidLocale
FillConsoleOutputCharacterW
GlobalAlloc
IsBadHugeWritePtr
PeekNamedPipe
FindNextVolumeW
ReadConsoleInputExA
TlsSetValue
IsValidCodePage
lstrcatW
TransactNamedPipe
RequestWakeupLatency
SetPriorityClass
GetModuleHandleA
GetVersion
WritePrivateProfileSectionW

gdi32

GetClipBox
GetEnhMetaFileA
CreateDCA
SetICMProfileA
GetCharacterPlacementW
CreateEllipticRgn
SetMetaRgn
GetBitmapDimensionEx
CreateCompatibleDC
SetICMMode
StretchDIBits
GetAspectRatioFilterEx
CreateFontW
CreateEnhMetaFileA
CombineRgn
GetStockObject
Escape
GetICMProfileW
IntersectClipRect
CreateDIBitmap
CloseFigure
ExtFloodFill
EndPath
GetCharABCWidthsI
PolyBezierTo
SetPixelFormat
DeleteDC
ResetDCW
GdiGetBatchLimit
SetDIBits
EudcLoadLinkW
CreateCompatibleBitmap
UpdateColors
GetRasterizerCaps
CopyEnhMetaFileW
GetBitmapBits
CreatePenIndirect
CombineTransform
GetViewportExtEx
TranslateCharsetInfo
CopyMetaFileW
ResizePalette
GetObjectA
PolyTextOutW
CreateFontIndirectW
Polygon
GetDCBrushColor
SetArcDirection
SelectObject
CloseMetaFile

advapi32

LookupPrivilegeDisplayNameA
AccessCheckByTypeResultListAndAuditAlarmW
GetSecurityDescriptorGroup
I_ScSetServiceBitsW
ElfNumberOfRecords
PrivilegeCheck
ConvertSidToStringSidW
CryptEnumProvidersW
LookupPrivilegeDisplayNameW
EqualSid
SystemFunction015
SetSecurityDescriptorOwner
ConvertSecurityDescriptorToStringSecurityDescriptorA
LsaQueryDomainInformationPolicy
ElfRegisterEventSourceW
CreatePrivateObjectSecurity
ConvertSecurityDescriptorToAccessNamedA
RegDeleteValueA
QueryServiceObjectSecurity
ElfOldestRecord
CryptDestroyHash
GetMultipleTrusteeA
CloseEventLog
ConvertSecurityDescriptorToAccessNamedW
CryptImportKey
ObjectDeleteAuditAlarmW
SystemFunction020
SetNamedSecurityInfoExA
CheckTokenMembership
ConvertAccessToSecurityDescriptorW
AddAccessAllowedAce
RegOpenKeyW
CryptContextAddRef
OpenEventLogW
SetUserFileEncryptionKey
GetTrusteeFormW
ImpersonateNamedPipeClient
ObjectOpenAuditAlarmW
QueryServiceConfig2A
DecryptFileW
EnumDependentServicesA
RegQueryValueA
CryptEncrypt

shell32

StrCmpNIA

shlwapi

PathIsUNCW
UrlUnescapeA
UrlCombineA
SHDeleteValueW
SHRegOpenUSKeyA
ChrCmpIW
UrlApplySchemeA
PathIsContentTypeA
SHRegEnumUSValueA
PathFindExtensionA
SHDeleteKeyW
StrDupA
PathGetDriveNumberA
PathIsSystemFolderW
UrlCanonicalizeW
PathSkipRootW
SHRegDeleteEmptyUSKeyA
PathMatchSpecA
PathGetCharTypeW
PathIsURLA
UrlCompareA
StrNCatW
StrFormatByteSizeA
SHRegWriteUSValueW
PathIsUNCA
PathAddBackslashA
SHRegGetBoolUSValueA
UrlUnescapeW
UrlHashA

version

VerFindFileW
VerQueryValueW
GetFileVersionInfoA
VerInstallFileA
VerInstallFileW

winspool.drv

DeletePrinterConnectionA
SetJobA
StartDocDlgW
EnumPrintersA
AdvancedDocumentPropertiesA
DevQueryPrintEx
DeletePrinter
DevicePropertySheets
EndDocPrinter
DocumentPropertiesA
AddMonitorA
ord209
SetPrinterDataW
GetJobW
ExtDeviceMode
GetPrinterA
ord212
AdvancedSetupDialog
AddPrinterDriverExA
DeletePrinterKeyW
AdvancedDocumentPropertiesW
AddPrinterConnectionA
DeviceCapabilitiesA
AddJobA
SetFormW
OpenPrinterA
ord204

msvcrt

sprintf
_mbsnbcoll
_mbscoll
_mbsnbicoll
_mbscspn
fclose
fprintf
_msize
_spawnlp
_atodbl
fopen
_mbsninc
fabs
_wmakepath
_osver
fread
_unlink
fwprintf
fwrite
_mbsnicmp
fputc
iswgraph
iswlower
feof
memset
strstr
wcsspn
_wchdir
wcstok
fseek
_mbsdec
_wremove
printf
_adj_fdivr_m16i
_tolower
_wfdopen
fputs
ftell
_safe_fdivr
_fpreset
_mbsrchr
_wcsdup
fsetpos
difftime
ferror
_putch
vfprintf
_ui64tow
_setsystime

Exports

Exports

Ciqnk
Henzbezjz
Kakexk
Kgehrvtf
Lbnou
Mgksivk
Poyqyut
Ssubgsybpc
Tsnuvdu
Uxnuldylpu

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d32a4d2de7fe75bac3211ede3572590

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

shell32

shlwapi

version

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 52KB - Virtual size: 48KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 52KB - Virtual size: 48KB

.reloc
Size: 8KB - Virtual size: 5KB