5657f31274c034f2945f6b72f9e3e6a2e25b8036046dc45a9cd4188e290aaecc

Sharing

Copy URL

Twitter E-mail

General

Target

5657f31274c034f2945f6b72f9e3e6a2e25b8036046dc45a9cd4188e290aaecc
Size

771KB
MD5

d3ba2f4e508c642352d6d93896388143
SHA1

5a16647b7d2769e436f906666dbacf417513727a
SHA256

5657f31274c034f2945f6b72f9e3e6a2e25b8036046dc45a9cd4188e290aaecc
SHA512

b950644a40f51719214c867abc7772b4412f994ca21ac3707d2ea662c5474cb98c3b1c2761c965b6686a74a28695ed80493defc500b91ef92e4d0864c1e3ab61
SSDEEP

24576:NHTktpMeMxHvF0hNPqifk3yPSd4JWweBB:V02bxN0hN01d

Score

N/A

Malware Config

Signatures

Files

5657f31274c034f2945f6b72f9e3e6a2e25b8036046dc45a9cd4188e290aaecc
.exe windows x86

14d2e9d09e4a3ae098e68add4c97331a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

crypt32

CryptSIPRemoveSignedDataMsg

advapi32

RegNotifyChangeKeyValue
GetTraceLoggerHandle
GetKernelObjectSecurity
RegSetValueW
OpenSCManagerW
LsaLookupNames
WmiExecuteMethodW
IsValidAcl
RegQueryValueExW
FreeSid
LsaOpenSecret
CloseEventLog
CryptSignHashW
GetLengthSid
RegCreateKeyExW
WmiReceiveNotificationsW
LsaOpenPolicy
RegReplaceKeyA
RemoveUsersFromEncryptedFile
RegQueryMultipleValuesW

setupapi

SetupInstallFromInfSectionW
SetupGetTargetPathW
CM_Free_Res_Des_Handle
SetupOpenAppendInfFileW
SetupDecompressOrCopyFileW
SetupDiGetDeviceRegistryPropertyW
SetupLogErrorW
SetupDiCreateDeviceInterfaceRegKeyW
CM_Get_Device_IDW
SetupCloseInfFile
SetupQuerySourceListW
SetupCloseLog
SetupDiGetDriverInstallParamsW
SetupDiGetSelectedDevice
CM_Get_DevNode_Status_Ex
SetupDiRegisterDeviceInfo
SetupDiOpenClassRegKey
CM_Disconnect_Machine
SetupDiGetSelectedDriverW
SetupDiSetSelectedDriverA
SetupGetLineByIndexW
CM_Get_Device_ID_List_SizeW
SetupDiGetDeviceInstanceIdW
SetupGetLineTextW
SetupDiGetDeviceInstallParamsA
CM_Get_Res_Des_Data_Ex
SetupDiEnumDeviceInfo
pSetupMalloc
CM_Connect_MachineW

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_SetOverlayImage
ImageList_GetImageCount
ImageList_DragLeave
ImageList_SetBkColor
CreatePropertySheetPageW
ImageList_Read
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_LoadImageA
InitCommonControls
ImageList_SetIconSize
ImageList_DragEnter
ImageList_Write
ImageList_SetDragCursorImage
PropertySheetA
ImageList_Draw
ImageList_GetDragImage

shlwapi

HashData
AssocQueryStringW
PathUndecorateA
StrDupW
UrlCanonicalizeA
StrCmpNA
SHGetValueW
SHCreateStreamOnFileEx
PathFileExistsA
StrPBrkW
SHDeleteValueA
PathCanonicalizeW
PathParseIconLocationW
SHQueryValueExW
SHRegDuplicateHKey
StrToIntExW
SHSetValueA
PathAppendW
SHCreateStreamOnFileW
StrChrNW
UrlCombineW
wvnsprintfW

winspool.drv

DeletePrinterDriverW
AddPrinterDriverW
DeviceCapabilitiesA
StartPagePrinter
OpenPrinterW
SetPrinterDataExW
StartDocPrinterW
EndPagePrinter
AddMonitorA
EndDocPrinter
ClosePrinter
GetPrinterDriverDirectoryA
WritePrinter
FlushPrinter
GetPrinterW
FindClosePrinterChangeNotification
EnumMonitorsA
XcvDataW
DocumentPropertySheets
EnumPrintProcessorsW

msvcrt

fputc
_cabs
_access
modf
difftime
fgetc
_mbsspn
_getdrives
memmove
atoi
tmpnam
_iob
_isnan
gmtime
_snprintf
_mbsrchr
_ismbblead
_wtempnam
isalpha
strcat
_mbsicmp
_initterm

kernel32

GetConsoleCharType
TryEnterCriticalSection
SetLocalTime
IsBadStringPtrA
WriteProcessMemory
OpenProcess
GetProcessAffinityMask
FillConsoleOutputCharacterA
GetCurrentThreadId
GetLastError
GetSystemDirectoryW
PeekConsoleInputW
WritePrivateProfileStructA
GetDevicePowerState
EndUpdateResourceW
RegisterWaitForSingleObject
GetCommandLineW
VirtualFreeEx
GetCurrentProcessId
GetStringTypeExW
GetConsoleCommandHistoryA
AddAtomW
WaitNamedPipeA
SetTermsrvAppInstallMode
CreateEventA
GetProcessHeap
GetQueuedCompletionStatus
GlobalMemoryStatus
InterlockedExchange
VirtualAlloc
ExpandEnvironmentStringsW
CreateMailslotA
GlobalAddAtomA
RemoveDirectoryW
HeapUnlock
CreateNamedPipeW
GetDiskFreeSpaceW

Sections

.text
Size: 88KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 620KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14d2e9d09e4a3ae098e68add4c97331a

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

advapi32

setupapi

comctl32

shlwapi

winspool.drv

msvcrt

kernel32

Sections

.text Size: 88KB - Virtual size: 379KB

.data Size: 620KB - Virtual size: 911KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 88KB - Virtual size: 379KB

.data
Size: 620KB - Virtual size: 911KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 2KB - Virtual size: 1KB