7a5dbd02f4e3995d33af0f0f4d09c76e7a12e3d8ef903ecb873a161bb905b231

Sharing

Copy URL Twitter E-mail

General

Target

7a5dbd02f4e3995d33af0f0f4d09c76e7a12e3d8ef903ecb873a161bb905b231
Size

823KB
MD5

6b2aca0918b9bbee1ad42a9b3b4fb816
SHA1

cbe559a396c16d4816da2b20c89a841b36ac31b8
SHA256

7a5dbd02f4e3995d33af0f0f4d09c76e7a12e3d8ef903ecb873a161bb905b231
SHA512

50602edc94af35c2cfada970985a537c7be31d8921035002552f407c911676e7e9890012ea84d8fc683c8d12d0b7850ad451d6c9f4a07d2cff687bf827f129f0
SSDEEP

12288:sW4Ilwo09bmYz2+xRZKAaklb1ELiTILa3RwkGnKl3GomaDZY8:sWRly9bmYzZSA/bKRLGRSK1Zu8

Score

N/A

Malware Config

Signatures

Files

7a5dbd02f4e3995d33af0f0f4d09c76e7a12e3d8ef903ecb873a161bb905b231
.exe windows x86

473dea0ced44d1e9614037914175a71c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DosPathToSessionPathW
Module32NextW
GetDriveTypeW
DnsHostnameToComputerNameW
ProcessIdToSessionId
GetCPInfo
GetDiskFreeSpaceW
VirtualAlloc
SetPriorityClass
ConnectNamedPipe
GetConsoleCommandHistoryA
lstrcmpA
MapViewOfFileEx
WriteFileEx
GetACP
GetSystemTimeAdjustment
EnumCalendarInfoA
GetCurrentThreadId
CreateMailslotA
GetConsoleCharType
GetTempFileNameW
SetThreadPriority
GetTickCount
DeleteFileW
GetFileAttributesW
GetDevicePowerState
GetCommandLineW
GetCommTimeouts
ExitProcess
GetCurrentProcessId
CreateProcessA
EnumCalendarInfoW

winspool.drv

DeviceCapabilitiesW
ReadPrinter
WritePrinter
EnumJobsW
FindClosePrinterChangeNotification
ClosePrinter
EndDocPrinter
DeleteMonitorW
ConfigurePortW
DeletePrinterDriverW
PrinterProperties
GetPrinterDriverA
AddPrinterDriverW

mprapi

MprAdminMIBServerConnect
MprAdminServerConnect
MprConfigInterfaceTransportRemove
MprAdminInterfaceGetHandle
MprConfigInterfaceTransportGetInfo
MprAdminUserRead
MprAdminInterfaceDelete
MprInfoBlockAdd
MprAdminMIBBufferFree
MprAdminConnectionEnum
MprConfigInterfaceTransportEnum
MprConfigTransportSetInfo
MprConfigTransportCreate
MprConfigInterfaceGetInfo
MprConfigInterfaceCreate
MprAdminInterfaceCreate
MprAdminMIBServerDisconnect
MprInfoBlockFind
MprAdminConnectionGetInfo
MprAdminUserReadProfFlags
MprAdminMIBEntryGetFirst
MprConfigInterfaceEnum
MprAdminMIBEntryGet
MprInfoDelete
MprConfigGetGuidName
MprAdminMIBEntryGetNext
MprConfigTransportGetInfo
MprInfoBlockRemove
MprConfigInterfaceTransportGetHandle
MprConfigServerConnect

user32

MessageBoxExW
GetClassLongW
GetClassNameW
GetKeyboardLayout
RegisterClipboardFormatW
GetWindowPlacement
MessageBoxTimeoutW
DefFrameProcA
IsCharLowerA
GetFocus
ReleaseDC
ScreenToClient

advapi32

AdjustTokenPrivileges
SystemFunction029
LsaLookupNames
RegEnumKeyA
LookupAccountNameA
LookupPrivilegeNameW
RegCreateKeyExW
AddAccessAllowedAce
EqualPrefixSid
WmiQueryAllDataW
InitiateSystemShutdownExW
CloseEncryptedFileRaw
BackupEventLogW
RegOpenKeyExA
GetTraceEnableLevel
CloseEventLog
GetServiceDisplayNameA
RegisterServiceCtrlHandlerExA
CreatePrivateObjectSecurityEx
RegQueryMultipleValuesW
AddAccessAllowedAceEx
RegisterEventSourceW
RegDeleteKeyA
RevertToSelf
CryptDestroyKey
IsWellKnownSid
GetKernelObjectSecurity

tapi32

lineDrop
lineGetAddressCapsA
lineGetDevCapsW
lineInitializeExA
lineGetIDA
lineGetCallStatus
lineGetDevConfigA
lineInitialize
lineSetCurrentLocation
lineGetCallInfoA
lineTranslateAddressW
lineOpen
lineAnswer
lineDeallocateCall
lineAccept
lineGetCountryW
lineSetStatusMessages
lineMakeCall

msvcrt

_except_handler3
ispunct
wcscmp
_wfsopen
_filelengthi64
rename
_ltow
_getcwd
__wgetmainargs
strpbrk
_spawnlp
_mbsnbicmp
??8type_info@@QBEHABV0@@Z
_fileno
_cabs
_wtoi64
wcsftime
calloc
__badioinfo
_CIlog

crypt32

CryptUninstallDefaultContext

winsta

ServerLicensingClose
ServerLicensingSetPolicy
WinStationConnectW
WinStationDisconnect
WinStationEnumerateProcesses
WinStationReset
ServerLicensingGetPolicy
ServerLicensingOpenW
WinStationNameFromLogonIdW
WinStationCloseServer
WinStationGetAllProcesses
LogonIdFromWinStationNameW
WinStationFreeGAPMemory
WinStationOpenServerW
WinStationQueryInformationW
WinStationFreeMemory
ServerLicensingGetAvailablePolicyIds
WinStationEnumerateW

Sections

.text
Size: 60KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 198KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 199KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 958B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

473dea0ced44d1e9614037914175a71c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

mprapi

user32

advapi32

tapi32

msvcrt

crypt32

winsta

Sections

.text Size: 60KB - Virtual size: 405KB

.idata Size: 198KB - Virtual size: 344KB

.edata Size: 199KB - Virtual size: 269KB

.rdata Size: 218KB - Virtual size: 346KB

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 1024B - Virtual size: 958B

.text
Size: 60KB - Virtual size: 405KB

.idata
Size: 198KB - Virtual size: 344KB

.edata
Size: 199KB - Virtual size: 269KB

.rdata
Size: 218KB - Virtual size: 346KB

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 1024B - Virtual size: 958B