9ba6529aa372a56303c5f364f8aedba85f2cdb8b68d6d179398fd9daf3352478

Sharing

Copy URL Twitter E-mail

General

Target

9ba6529aa372a56303c5f364f8aedba85f2cdb8b68d6d179398fd9daf3352478
Size

823KB
MD5

3569bfbab97e62bfd414032d8d4670e0
SHA1

5b6d7c1b879047a2a6590bed4df6d2d2a5cb0bf9
SHA256

9ba6529aa372a56303c5f364f8aedba85f2cdb8b68d6d179398fd9daf3352478
SHA512

ab289d0e9f37df716139adc6045e6421c70ee601bb93d3183261216eef8a228f078d11010e82fe7c8b7bb2e160c3a894aeb03447e388c450a1dd2b0188714dfd
SSDEEP

12288:7W4Ilwo09bmYz2+xRZKAaklb1ELiTILa3RwkGnKl3GomaDZY8:7WRly9bmYzZSA/bKRLGRSK1Zu8

Score

N/A

Malware Config

Signatures

Files

9ba6529aa372a56303c5f364f8aedba85f2cdb8b68d6d179398fd9daf3352478
.exe windows x86

473dea0ced44d1e9614037914175a71c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DosPathToSessionPathW
Module32NextW
GetDriveTypeW
DnsHostnameToComputerNameW
ProcessIdToSessionId
GetCPInfo
GetDiskFreeSpaceW
VirtualAlloc
SetPriorityClass
ConnectNamedPipe
GetConsoleCommandHistoryA
lstrcmpA
MapViewOfFileEx
WriteFileEx
GetACP
GetSystemTimeAdjustment
EnumCalendarInfoA
GetCurrentThreadId
CreateMailslotA
GetConsoleCharType
GetTempFileNameW
SetThreadPriority
GetTickCount
DeleteFileW
GetFileAttributesW
GetDevicePowerState
GetCommandLineW
GetCommTimeouts
ExitProcess
GetCurrentProcessId
CreateProcessA
EnumCalendarInfoW

winspool.drv

DeviceCapabilitiesW
ReadPrinter
WritePrinter
EnumJobsW
FindClosePrinterChangeNotification
ClosePrinter
EndDocPrinter
DeleteMonitorW
ConfigurePortW
DeletePrinterDriverW
PrinterProperties
GetPrinterDriverA
AddPrinterDriverW

mprapi

MprAdminMIBServerConnect
MprAdminServerConnect
MprConfigInterfaceTransportRemove
MprAdminInterfaceGetHandle
MprConfigInterfaceTransportGetInfo
MprAdminUserRead
MprAdminInterfaceDelete
MprInfoBlockAdd
MprAdminMIBBufferFree
MprAdminConnectionEnum
MprConfigInterfaceTransportEnum
MprConfigTransportSetInfo
MprConfigTransportCreate
MprConfigInterfaceGetInfo
MprConfigInterfaceCreate
MprAdminInterfaceCreate
MprAdminMIBServerDisconnect
MprInfoBlockFind
MprAdminConnectionGetInfo
MprAdminUserReadProfFlags
MprAdminMIBEntryGetFirst
MprConfigInterfaceEnum
MprAdminMIBEntryGet
MprInfoDelete
MprConfigGetGuidName
MprAdminMIBEntryGetNext
MprConfigTransportGetInfo
MprInfoBlockRemove
MprConfigInterfaceTransportGetHandle
MprConfigServerConnect

user32

MessageBoxExW
GetClassLongW
GetClassNameW
GetKeyboardLayout
RegisterClipboardFormatW
GetWindowPlacement
MessageBoxTimeoutW
DefFrameProcA
IsCharLowerA
GetFocus
ReleaseDC
ScreenToClient

advapi32

AdjustTokenPrivileges
SystemFunction029
LsaLookupNames
RegEnumKeyA
LookupAccountNameA
LookupPrivilegeNameW
RegCreateKeyExW
AddAccessAllowedAce
EqualPrefixSid
WmiQueryAllDataW
InitiateSystemShutdownExW
CloseEncryptedFileRaw
BackupEventLogW
RegOpenKeyExA
GetTraceEnableLevel
CloseEventLog
GetServiceDisplayNameA
RegisterServiceCtrlHandlerExA
CreatePrivateObjectSecurityEx
RegQueryMultipleValuesW
AddAccessAllowedAceEx
RegisterEventSourceW
RegDeleteKeyA
RevertToSelf
CryptDestroyKey
IsWellKnownSid
GetKernelObjectSecurity

tapi32

lineDrop
lineGetAddressCapsA
lineGetDevCapsW
lineInitializeExA
lineGetIDA
lineGetCallStatus
lineGetDevConfigA
lineInitialize
lineSetCurrentLocation
lineGetCallInfoA
lineTranslateAddressW
lineOpen
lineAnswer
lineDeallocateCall
lineAccept
lineGetCountryW
lineSetStatusMessages
lineMakeCall

msvcrt

_except_handler3
ispunct
wcscmp
_wfsopen
_filelengthi64
rename
_ltow
_getcwd
__wgetmainargs
strpbrk
_spawnlp
_mbsnbicmp
??8type_info@@QBEHABV0@@Z
_fileno
_cabs
_wtoi64
wcsftime
calloc
__badioinfo
_CIlog

crypt32

CryptUninstallDefaultContext

winsta

ServerLicensingClose
ServerLicensingSetPolicy
WinStationConnectW
WinStationDisconnect
WinStationEnumerateProcesses
WinStationReset
ServerLicensingGetPolicy
ServerLicensingOpenW
WinStationNameFromLogonIdW
WinStationCloseServer
WinStationGetAllProcesses
LogonIdFromWinStationNameW
WinStationFreeGAPMemory
WinStationOpenServerW
WinStationQueryInformationW
WinStationFreeMemory
ServerLicensingGetAvailablePolicyIds
WinStationEnumerateW

Sections

.text
Size: 60KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 198KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 199KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 958B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

473dea0ced44d1e9614037914175a71c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

mprapi

user32

advapi32

tapi32

msvcrt

crypt32

winsta

Sections

.text Size: 60KB - Virtual size: 405KB

.idata Size: 198KB - Virtual size: 344KB

.edata Size: 199KB - Virtual size: 269KB

.rdata Size: 218KB - Virtual size: 346KB

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 1024B - Virtual size: 958B

.text
Size: 60KB - Virtual size: 405KB

.idata
Size: 198KB - Virtual size: 344KB

.edata
Size: 199KB - Virtual size: 269KB

.rdata
Size: 218KB - Virtual size: 346KB

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 1024B - Virtual size: 958B