2952a20290e163a1d44a7f05107d51975cd6340e94e21e906469cd6d93aa72d4

General

Target

2952a20290e163a1d44a7f05107d51975cd6340e94e21e906469cd6d93aa72d4
Size

781KB
MD5

289af0ef6aa6db167b031fde63b73e46
SHA1

1474523cc163703978d52801888b7fad91be8202
SHA256

2952a20290e163a1d44a7f05107d51975cd6340e94e21e906469cd6d93aa72d4
SHA512

81a479487b219bfdfbe713380a2b08f2a234f565301cdf33b797506f04d1aec410c52a0c6bc7b3151e56cd836857acfc022c7630f3a4c2804b3e3fd8d26dfd37
SSDEEP

24576:BURS2H73w/icSgIRn4vfjvGo26kmoN//:BF2MqAIRn4jL26kmw/

Score

N/A

Malware Config

Signatures

Files

2952a20290e163a1d44a7f05107d51975cd6340e94e21e906469cd6d93aa72d4
.exe windows x86

3a4f8dfb523947dbfdff479b9f9749da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winspool.drv

GetPrinterW
SetPrinterDataW
StartPagePrinter
EnumFormsA
DeletePrinterDataW
StartDocPrinterW
GetPrinterA
DocumentPropertiesW

netapi32

NetUnregisterDomainNameChangeNotification
NetLocalGroupDelMembers
NetShareAdd
NetShareDelSticky
NetAlertRaiseEx
NetpIsRemote
NetShareDel
I_NetServerSetServiceBitsEx
NetUserAdd
NetServerEnum
NetRemoteTOD

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceLoggerHandle
GetSidSubAuthority
SystemFunction004
AddAuditAccessAceEx
CloseEncryptedFileRaw
RegSetValueExW
RegUnLoadKeyA
DeregisterEventSource
SystemFunction041
LsaQueryTrustedDomainInfoByName
WmiExecuteMethodW
BuildExplicitAccessWithNameW
RegQueryInfoKeyA
SystemFunction027
ConvertSidToStringSidW
GetKernelObjectSecurity
ImpersonateNamedPipeClient
LsaQueryInformationPolicy
SystemFunction006
IsTokenRestricted
GetSecurityDescriptorOwner
RegFlushKey

kernel32

FindCloseChangeNotification
CreateRemoteThread
VirtualAlloc
FoldStringA
GetModuleFileNameW
GetDefaultCommConfigW
WriteProfileStringW
GetCalendarInfoA
GetVolumePathNameA
WaitForMultipleObjects
EnumResourceLanguagesW
GetComputerNameA
FormatMessageW
PeekNamedPipe
GetDevicePowerState
GetTempFileNameA
ContinueDebugEvent

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 602KB - Virtual size: 965KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a4f8dfb523947dbfdff479b9f9749da

Headers

File Characteristics

Imports

winspool.drv

netapi32

advapi32

kernel32

Sections

.text Size: 5KB - Virtual size: 5KB

DATA Size: 602KB - Virtual size: 965KB

.rsrc Size: 172KB - Virtual size: 171KB

.reloc Size: 512B - Virtual size: 48B

.text
Size: 5KB - Virtual size: 5KB

DATA
Size: 602KB - Virtual size: 965KB

.rsrc
Size: 172KB - Virtual size: 171KB

.reloc
Size: 512B - Virtual size: 48B