78bb1cf7d570bebf5eeafde5bef72215da86f7099dc6f0a5e3f66e3d914fe79d

Sharing

Copy URL

Twitter E-mail

General

Target

78bb1cf7d570bebf5eeafde5bef72215da86f7099dc6f0a5e3f66e3d914fe79d
Size

793KB
MD5

8509a347ed0a6d9f49b1ca8187a695ba
SHA1

b3b83b65933257f95cf946cbb81416c3e75fd704
SHA256

78bb1cf7d570bebf5eeafde5bef72215da86f7099dc6f0a5e3f66e3d914fe79d
SHA512

0693e0b282744f6304401b240b13c14c544ab203384b32913e8024bbf3d7780bb1f237a1b0c5d5d7c5a6c0b5f4c47d2b4575df4314b70b6ca407ca72767d1055
SSDEEP

12288:n3HYJH4K6KZaoeP8yYmorqrBAwHOcdr0lGLKBdyjveGPrCajByIjLlOAKZKU:OR6K1M2gB0lGLbZNtySlpKZ

Score

N/A

Malware Config

Signatures

Files

78bb1cf7d570bebf5eeafde5bef72215da86f7099dc6f0a5e3f66e3d914fe79d
.exe windows x86

bbf00f21f76440f4560e2a515592d772

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

strpbrk
_heapset
_mbsnbset
wcsstr
_onexit
_mbsinc
__pxcptinfoptrs
_except_handler2
_vsnprintf
swscanf
abort
_wcsnicmp
_ismbcprint
getchar
bsearch

kernel32

OutputDebugStringA
FileTimeToSystemTime
ZombifyActCtx
ExitProcess
GetSystemTimeAsFileTime
VirtualAlloc
DebugBreakProcess
GlobalFree
PrepareTape
CreateDirectoryW
DeleteFileW
GetEnvironmentStringsW
SetLocalPrimaryComputerNameA
IsDebuggerPresent
RegisterWowBaseHandlers
IsValidLocale
LocalFlags
Process32NextW
LoadLibraryA
DeleteTimerQueue
InitializeCriticalSection
FileTimeToDosDateTime
EnumResourceNamesW
SignalObjectAndWait
FoldStringW
SetLastError
SetVolumeLabelW
WaitNamedPipeW

netapi32

NetReplExportDirAdd
NetDfsSetInfo
NetMessageBufferSend
NetRemoteComputerSupports
NetAlertRaise
NetRegisterDomainNameChangeNotification
I_NetLogonUasLogon
NetDfsGetInfo
NlBindingSetAuthInfo
NetWkstaGetInfo
NetpOpenConfigData
NetApiBufferAllocate
I_NetLogonControl
NetGroupAdd
NetDfsMove
NetpGetConfigValue
NetpAllocFtinfoEntry
DsRoleCancel
NetFileClose
NetFileGetInfo
NetLocalGroupSetMembers
DsGetDcSiteCoverageW
NetpMergeFtinfo

atmlib

ATMGetFontPaths
ATMRemoveSubstFontW
ATMBBoxBaseXYShowText
ATMFontAvailableW
ATMGetVersion
ATMEnumMMFonts
ATMGetGlyphListA
ATMXYShowTextW
ATMAddFont
ATMProperlyLoaded
ATMEnumMMFontsA
ATMXYShowTextA
ATMRemoveFontA
ATMGetMenuNameW
ATMGetBuildStr
ATMGetOutline
ATMFontStatusW
ATMEnumFontsW
ATMMakePSS

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbf00f21f76440f4560e2a515592d772

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

kernel32

netapi32

atmlib

Sections

.text Size: 214KB - Virtual size: 213KB

.rdata Size: 258KB - Virtual size: 258KB

.data Size: 316KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 214KB - Virtual size: 213KB

.rdata
Size: 258KB - Virtual size: 258KB

.data
Size: 316KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB