4d04404d3d0db1416784847d3e3d762160fed7b3da4b13b470351b49ce07d01b

Sharing

Copy URL Twitter E-mail

General

Target

4d04404d3d0db1416784847d3e3d762160fed7b3da4b13b470351b49ce07d01b
Size

636KB
MD5

4c36c8074e60a7723888a7704264c350
SHA1

0a9b8020ffbbed23049505daec1764a68f29d7eb
SHA256

4d04404d3d0db1416784847d3e3d762160fed7b3da4b13b470351b49ce07d01b
SHA512

bf61a5a8c34be99648c8604a462207010d4de6c1b4bc065b1a53305144406c6dfe47e9959dd5a89c8b8836c224e26afb71c54f22e825a39b66c5a6bb4cff2a2e
SSDEEP

12288:rTc/eAxrQ+vYhI92kKaRsUd3C5hxS6Z8Vu1xT:cWp+v1dRJdCrZ8EH

Score

N/A

Malware Config

Signatures

Files

4d04404d3d0db1416784847d3e3d762160fed7b3da4b13b470351b49ce07d01b
.exe windows x86

4617ebc76eb8dfa9b0e00ae29be4d01c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidLocale
GetModuleHandleA
GetVersion
VirtualAlloc
DebugBreak
VerLanguageNameA
VirtualProtectEx
LocalUnlock
VerLanguageNameW
LoadLibraryA
GetHandleInformation
GetLocalTime
GetProcAddress
VDMOperationStarted
GetSystemTime
ReleaseMutex
FreeLibrary

version

VerInstallFileA
GetFileVersionInfoSizeW
VerFindFileW
VerInstallFileW
VerQueryValueA
VerFindFileA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

joy32Message
PlaySoundW
joyReleaseCapture
midiStreamOpen
mciGetDeviceIDA
PlaySoundA
midiOutUnprepareHeader
WOW32ResolveMultiMediaHandle
midiOutCacheDrumPatches
waveInAddBuffer
mxd32Message
waveOutGetID
midiOutReset
timeGetTime
mciGetDriverData
midiOutMessage
mmsystemGetVersion
mmioInstallIOProcW
mci32Message
midiOutGetDevCapsW
CloseDriver

winspool.drv

DeletePrinterConnectionW
GetSpoolFileHandle
ConfigurePortA
ord101
ord213
PlayGdiScriptOnPrinterIC
DocumentPropertiesA
SpoolerDevQueryPrintW
FindClosePrinterChangeNotification
AddPrinterDriverExA
AddPrintProcessorA
DeletePrinterDriverExA
DeletePrinterIC
GetPrinterW
ord208
AddFormA
OpenPrinterA
GetFormW
CloseSpoolFileHandle
SpoolerPrinterEvent
EnumJobsA
StartDocDlgA
ord212
PrinterProperties
AddPortA
ConnectToPrinterDlg
ADVANCEDSETUPDIALOG
EnumPrinterDataA
ConfigurePortW
WritePrinter
DeletePrinterDriverW
AddPrintProvidorW
SetFormA

msvcrt

_mbccpy
_mbsncmp
__p__mbctype
_unlink
_eof
fputc
__p__osver
fwprintf
fscanf
_mbsncoll
memset
sprintf
_i64tow
_c_exit
_j1
fseek
fwrite
memchr
fputwc
fopen
ferror
__p___mb_cur_max
fprintf
_wcsset
fclose
fsetpos
_ismbbpunct
ftell
fputs
printf
feof
_Getdays
fread

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4617ebc76eb8dfa9b0e00ae29be4d01c

Headers

File Characteristics

Imports

kernel32

version

winmm

winspool.drv

msvcrt

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 580KB - Virtual size: 579KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 580KB - Virtual size: 579KB