1e3149d0b5abcd1d88327a94add9ff8751143c707e1f6fb4d18b2fd843993a3c

Sharing

Copy URL Twitter E-mail

General

Target

1e3149d0b5abcd1d88327a94add9ff8751143c707e1f6fb4d18b2fd843993a3c
Size

827KB
MD5

fdd636506355b89bacb8b911218423cb
SHA1

d2ea85e04d24474e593828aab791aa70fd85a558
SHA256

1e3149d0b5abcd1d88327a94add9ff8751143c707e1f6fb4d18b2fd843993a3c
SHA512

8b7a9c2f3887ca6694c497887d0d3b78c2b29533c319aca049ad3c74c17d7338d02a464f91aba8fecbf3a7a6fc2dc54745bb122a20e7ab5b6f203f4e193ab0dd
SSDEEP

24576:JUfA31nOu8PGnCXGiqtNcv35iwcTsAehtj1DZgON+OXg:JUY3JLnsOK4sRxlgZyg

Score

N/A

Malware Config

Signatures

Files

1e3149d0b5abcd1d88327a94add9ff8751143c707e1f6fb4d18b2fd843993a3c
.exe windows x86

13dbf6037673e8527bc0c7c2445fcb8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
GetModuleHandleA
InterlockedPushEntrySList
VirtualFreeEx
EnumResourceTypesW
LoadLibraryA
GetCalendarInfoA
IsWow64Process
GetConsoleDisplayMode
SetHandleInformation
CloseConsoleHandle
DeleteTimerQueueEx
WriteConsoleOutputW
VerifyVersionInfoA
FindFirstVolumeW
SetLocaleInfoW
SetConsoleInputExeNameA
OutputDebugStringW
EnumLanguageGroupLocalesA
GetFullPathNameA
EnumSystemCodePagesA
GetCommModemStatus
GetACP
GetLongPathNameA
ScrollConsoleScreenBufferA
GetSystemDefaultLCID
VirtualAlloc
GetStartupInfoA
SetFirmwareEnvironmentVariableW
SetLastConsoleEventActive
RtlCaptureContext
OpenEventW
SetThreadPriorityBoost
ExitProcess
SetCommState
RemoveDirectoryW

wininet

InternetCrackUrlW
InternetFindNextFileA
GetUrlCacheHeaderData
HttpQueryInfoW
InternetQueryFortezzaStatus
InternetDialA
FtpGetFileSize
FindNextUrlCacheEntryA
GetUrlCacheConfigInfoW
GopherGetAttributeA
InternetAutodialHangup
FtpCreateDirectoryA
SetUrlCacheEntryInfoW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
LoadUrlCacheContent
InternetGetConnectedStateEx
InternetCanonicalizeUrlA
SetUrlCacheEntryGroupA
GopherOpenFileA
InternetWriteFile
FtpCommandW
InternetDialW
UnlockUrlCacheEntryFileW
InternetGetConnectedState
ShowSecurityInfo
FtpCreateDirectoryW
DeleteUrlCacheContainerA
InternetFindNextFileW
GopherFindFirstFileW

wintrust

DriverInitializePolicy
CryptCATCDFOpen
SoftpubCleanup
WVTAsn1SpcSpOpusInfoEncode
GenericChainFinalProv
SoftpubDefCertInit
mssip32DllRegisterServer
mssip32DllUnregisterServer
WVTAsn1SpcSigInfoEncode
OfficeCleanupPolicy
CryptCATCDFEnumMembersByCDFTag
WintrustGetRegPolicyFlags
TrustFreeDecode
WTHelperGetFileHash
CryptCATCDFClose
SoftpubAuthenticode
SoftpubLoadDefUsageCallData
CryptCATVerifyMember
CryptCATAdminEnumCatalogFromHash
WTHelperGetFileName
CryptCATAdminCalcHashFromFileHandle
SoftpubCheckCert
WintrustAddActionID
WTHelperProvDataFromStateData
WVTAsn1SpcMinimalCriteriaInfoEncode
WVTAsn1SpcSpOpusInfoDecode
CryptSIPRemoveSignedDataMsg
WTHelperGetProvCertFromChain

winmm

midiInAddBuffer
waveOutSetVolume
joyGetDevCapsA
joyGetDevCapsW
mmTaskYield
mciGetDeviceIDFromElementIDW
mmioAdvance
mciFreeCommandResource
mmTaskSignal
midiInPrepareHeader
midiInStop
joyGetPos
mixerGetControlDetailsW
mciGetYieldProc
sndPlaySoundW
auxGetNumDevs
waveOutGetDevCapsW
auxGetDevCapsW
joyGetThreshold
mciSendStringW
mmioOpenW
mmioWrite
PlaySound
mciDriverNotify
timeGetDevCaps
mciLoadCommandResource
timeSetEvent
joy32Message
waveOutClose
mixerClose
mixerGetDevCapsA
waveInOpen
mmGetCurrentTask
midiStreamPause

printui

bFolderGetPrinter
DllMain
bPrinterSetup
bFolderEnumPrinters
bFolderRefresh
UnregisterPrintNotify
RegisterPrintNotify
vPrinterPropPages
DocumentPropertiesWrap
vServerPropPages
vDocumentDefaults
PrintUIEntryW
ShowErrorMessageSC
PrinterPropPageProvider
PrintNotifyTray_Init
ConnectToPrinterDlg
PnPInterface
ConstructPrinterFriendlyName
ShowErrorMessageHR
PrintNotifyTray_Exit
vQueueCreate

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13dbf6037673e8527bc0c7c2445fcb8a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wininet

wintrust

winmm

printui

Sections

.text Size: 390KB - Virtual size: 390KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 180KB - Virtual size: 1.5MB

.rsrc Size: 132KB - Virtual size: 131KB

.reloc Size: 1024B - Virtual size: 916B

.text
Size: 390KB - Virtual size: 390KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 180KB - Virtual size: 1.5MB

.rsrc
Size: 132KB - Virtual size: 131KB

.reloc
Size: 1024B - Virtual size: 916B