036613debc7648f2e1b043f2b22bba12ddad639b945f12ba472052fa4a7e83de

Sharing

Copy URL Twitter E-mail

General

Target

036613debc7648f2e1b043f2b22bba12ddad639b945f12ba472052fa4a7e83de
Size

757KB
MD5

863d7b04f1ab89dafb9060a072d8fbae
SHA1

06ad5c355edeb2769f876038b4349d4fece0e2b3
SHA256

036613debc7648f2e1b043f2b22bba12ddad639b945f12ba472052fa4a7e83de
SHA512

8d3cf37d5ff9d549a0ca05836c8a9d7419c2bd4c2830bc47bc8bf67d14404c7ed8d572a880068b53da5d2ed900b2d815c8f78fa4dfa7e2a78a13629666dce677
SSDEEP

12288:2rIq406868sm+JXvcfzKjpc8KFcwhMeyq7vHFkl:2rlMm+hvculJCy

Score

N/A

Malware Config

Signatures

Files

036613debc7648f2e1b043f2b22bba12ddad639b945f12ba472052fa4a7e83de
.exe windows x86

c48797778ce612672e2c2c8f5840c254

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

crypt32

CertAddEncodedCertificateToStore

userenv

GetAllUsersProfileDirectoryW
UnregisterGPNotification
CreateEnvironmentBlock
GetProfileType
EnterCriticalPolicySection
ProcessGroupPolicyCompletedEx
UnloadUserProfile
FreeGPOListW
RsopSetPolicySettingStatus
LeaveCriticalPolicySection
ExpandEnvironmentStringsForUserW
GetAppliedGPOListW
DestroyEnvironmentBlock
GetDefaultUserProfileDirectoryW
DeleteProfileW
RegisterGPNotification
GetProfilesDirectoryW
RefreshPolicy

mscms

InternalGetPS2PreviewCRD
InternalGetPS2ColorRenderingDictionary
CloseColorProfile
TranslateBitmapBits
GetStandardColorSpaceProfileW
OpenColorProfileA
GetColorDirectoryA
TranslateColors
GetColorProfileHeader
GetColorDirectoryW
IsColorProfileValid
InternalGetPS2CSAFromLCS
OpenColorProfileW
GetColorProfileElement
EnumColorProfilesW
UninstallColorProfileW
DeleteColorTransform
EnumColorProfilesA
CreateColorTransformA
InstallColorProfileW
CreateColorTransformW
InternalGetPS2ColorSpaceArray

kernel32

SetConsoleWindowInfo
WriteConsoleInputA
ReleaseMutex
AllocConsole
ReplaceFileW
GetConsoleTitleW
SetDefaultCommConfigW
CreateMutexW
GetFileSizeEx
VirtualAlloc
AreFileApisANSI
CreateSemaphoreW
EnumSystemLocalesA
SetLocalTime
lstrcpynW
GetLastError
OpenFileMappingA
WaitForMultipleObjects

user32

DlgDirListW
SendMessageA
DeleteMenu
SetScrollRange
OemToCharBuffW
VkKeyScanA
MessageBoxIndirectW
GetWindowTextLengthA
ToAsciiEx
DdeInitializeA
GetUpdateRgn
IsDlgButtonChecked
DefWindowProcA

dnsapi

DnsValidateName_W
DnsModifyRecordsInSet_UTF8
DnsNameCompareEx_W
DnsDhcpSrvRegisterInit
DnsQueryConfig
DnsStatusString
DnsValidateName_UTF8
DnsReplaceRecordSetUTF8
DnsRecordListFree
DnsNotifyResolver
DnsDhcpSrvRegisterTerm
DnsNameCompare_W
DnsQuery_UTF8
DnsQuery_W

winspool.drv

FreePrinterNotifyInfo
AddPrinterConnectionW
XcvDataW
AddMonitorW
ConfigurePortW
EnumJobsW
GetJobW
DocumentPropertiesW
EnumFormsW
DeletePrinterDriverW
StartPagePrinter
DeleteMonitorW
GetPrinterDriverW
FlushPrinter
EndPagePrinter
GetPrinterDataW
WritePrinter
EnumPortsW
EnumPrinterDriversA
OpenPrinterW
DeletePrinterDriverExW
AddMonitorA
DeletePrinter
StartDocPrinterW
GetPrintProcessorDirectoryA
SetFormW
AddPrinterDriverExW
EnumPrinterDataW
SetPrinterDataW
AddPrintProcessorW
DeletePrinterConnectionW
DeletePrinterDataExW
FindFirstPrinterChangeNotification

comctl32

ImageList_DragEnter
ImageList_Read
PropertySheetW
ImageList_DragMove
ImageList_Write
ImageList_GetImageCount
ImageList_SetDragCursorImage
ImageList_SetBkColor
DestroyPropertySheetPage
ImageList_Destroy
ImageList_EndDrag
ImageList_GetImageInfo
CreateStatusWindowW
ImageList_AddMasked
CreateStatusWindowA
ImageList_GetDragImage
ImageList_LoadImageW
ImageList_SetOverlayImage
ImageList_Add
ImageList_Draw
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_DragShowNolock
ImageList_GetIconSize
CreatePropertySheetPageW

msvcrt

_isatty
ctime
wcscoll
_errno
__dllonexit
iswalpha
fputwc
getchar
_ltoa
_wcsicmp
exit
_wfreopen
_get_osfhandle
getenv
tolower
atan2
_tzset
_filelengthi64
ldexp
isupper

Sections

.text
Size: 14KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 167KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 394B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c48797778ce612672e2c2c8f5840c254

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

userenv

mscms

kernel32

user32

dnsapi

winspool.drv

comctl32

msvcrt

Sections

.text Size: 14KB - Virtual size: 431KB

.rdata Size: 227KB - Virtual size: 408KB

.rdata Size: 121KB - Virtual size: 322KB

.edata Size: 167KB - Virtual size: 201KB

.rsrc Size: 226KB - Virtual size: 225KB

.reloc Size: 1024B - Virtual size: 394B

.text
Size: 14KB - Virtual size: 431KB

.rdata
Size: 227KB - Virtual size: 408KB

.rdata
Size: 121KB - Virtual size: 322KB

.edata
Size: 167KB - Virtual size: 201KB

.rsrc
Size: 226KB - Virtual size: 225KB

.reloc
Size: 1024B - Virtual size: 394B