0f6bc53347bfeaa2cd6989d65c9f05c7fe2274c4c897aa90abbace26593dc0a5

Sharing

Copy URL

Twitter E-mail

General

Target

0f6bc53347bfeaa2cd6989d65c9f05c7fe2274c4c897aa90abbace26593dc0a5
Size

786KB
MD5

437b417f72e1d06e472b2c971cd93e40
SHA1

7c8bc52ff9b8e1553f35dc10af08110245532d7d
SHA256

0f6bc53347bfeaa2cd6989d65c9f05c7fe2274c4c897aa90abbace26593dc0a5
SHA512

78563dc46d74de44e6fd01fd99d0d98fea29f4c62f21a6976acd51f5a64528f8f86ef4dbe33edf3e6dd1e28abacf3d93e77c0a063af816f5c1e2b594aba6b149
SSDEEP

12288:0rXPoMk8MLYfV2yzBcwjwgUC43sC7lyiMoGG5JRMCWZowTUcPWDlj3:0jP9kO2yzBvwjx3s0BMoGGvROZoCS

Score

N/A

Malware Config

Signatures

Files

0f6bc53347bfeaa2cd6989d65c9f05c7fe2274c4c897aa90abbace26593dc0a5
.exe windows x86

e8f69acc0bab3fe862f0e08f7086d0e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

userenv

LoadUserProfileW
ProcessGroupPolicyCompletedEx
UnloadUserProfile
EnterCriticalPolicySection
GetUserProfileDirectoryA
GetProfilesDirectoryW
GetUserProfileDirectoryW
GetProfileType
LeaveCriticalPolicySection
DestroyEnvironmentBlock
RsopSetPolicySettingStatus
CreateEnvironmentBlock
GetDefaultUserProfileDirectoryW
UnregisterGPNotification
GetAppliedGPOListW
RefreshPolicy
ExpandEnvironmentStringsForUserW
ForceSyncFgPolicy
DeleteProfileW
RsopResetPolicySettingStatus
FreeGPOListW
RegisterGPNotification
ProcessGroupPolicyCompleted
GetAllUsersProfileDirectoryW

kernel32

OutputDebugStringA
ExitThread
InterlockedExchangeAdd
FindCloseChangeNotification
DisableThreadLibraryCalls
Sleep
FlushInstructionCache
ReplaceFileA
GetLocalTime
GetFileTime
VirtualFree
SetTermsrvAppInstallMode
DefineDosDeviceW
GlobalFlags
GetCurrencyFormatA
ExitProcess
SetConsoleScreenBufferSize
GetCommTimeouts
VirtualAlloc
GetEnvironmentVariableA
GetCompressedFileSizeA
TlsFree

shell32

SHAddToRecentDocs
ShellExecuteW
ExtractAssociatedIconW
SHGetSpecialFolderPathW
SHChangeNotifySuspendResume
SHGetMalloc
Shell_NotifyIconA
ExtractIconA
SHBrowseForFolderA
FindExecutableA
SHGetPathFromIDListA
DuplicateIcon
ShellAboutW
ExtractIconExA
ShellExecuteExW
SHGetInstanceExplorer
ShellAboutA
DragFinish
Shell_NotifyIconW
ShellExecuteExA
SHGetSettings
SHGetFolderLocation
SheChangeDirExW
ExtractAssociatedIconExW
SHGetDesktopFolder
SHGetPathFromIDListW
DragQueryFileA
SHAppBarMessage

msvcrt

sprintf
_wgetcwd
_CIlog10
_wstrtime
wcstol
_wfindnext
raise
atol
_chmod
isspace
_itoa
_CIatan2
?what@exception@@UBEPBDXZ
_write
_splitpath
__p__commode
modf
??2@YAPAXI@Z
getenv
_wpopen
mbtowc
qsort
??0exception@@QAE@XZ
_exit
_adjust_fdiv
?terminate@@YAXXZ
toupper

comctl32

ImageList_Draw
ImageList_EndDrag
CreatePropertySheetPageA
ImageList_DragLeave
InitCommonControls
ImageList_Remove
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
CreateStatusWindowW
CreateStatusWindowA
ImageList_SetDragCursorImage

crypt32

CryptMsgVerifyCountersignatureEncoded

advapi32

SetEntriesInAclW
GetTraceEnableLevel
SetTokenInformation
DeleteAce
CryptDestroyKey
AccessCheckByType
QueryAllTracesW
SystemFunction007
SetSecurityDescriptorGroup
RegFlushKey
AbortSystemShutdownA
GetSecurityDescriptorOwner
AreAllAccessesGranted
GetKernelObjectSecurity
RegQueryValueExA
AccessCheck
GetSecurityDescriptorSacl
OpenProcessToken
CryptSetProvParam
InitializeSecurityDescriptor
DuplicateToken
GetSidSubAuthority
CryptDestroyHash
I_ScSetServiceBitsW
RegDeleteValueW
ImpersonateNamedPipeClient

winspool.drv

EnumPrinterDriversW
XcvDataW
GetFormW
EnumPrinterDriversA
DeleteFormW
DeletePrinterDriverExW
DeletePrinterDriverW
SetFormW
StartPagePrinter
GetPrinterDriverW
DocumentPropertiesW
FreePrinterNotifyInfo
ClosePrinter

imagehlp

ImageUnload
ImageNtHeader
SymInitialize
ImageDirectoryEntryToData
ImageLoad
SymSetOptions
ImageRvaToVa
EnumerateLoadedModules64
ImageGetCertificateData
ImageRvaToSection
CheckSumMappedFile
ImageEnumerateCertificates

Sections

.text
Size: 27KB - Virtual size: 483KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 598KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8f69acc0bab3fe862f0e08f7086d0e1

Headers

DLL Characteristics

File Characteristics

Imports

userenv

kernel32

shell32

msvcrt

comctl32

crypt32

advapi32

winspool.drv

imagehlp

Sections

.text Size: 27KB - Virtual size: 483KB

.rdata Size: 598KB - Virtual size: 1.0MB

.rsrc Size: 159KB - Virtual size: 159KB

.reloc Size: 512B - Virtual size: 278B

.text
Size: 27KB - Virtual size: 483KB

.rdata
Size: 598KB - Virtual size: 1.0MB

.rsrc
Size: 159KB - Virtual size: 159KB

.reloc
Size: 512B - Virtual size: 278B