c9b5196ddad7e0282cfb592d4b1c2fce2ee313bbfa0dbe517428ff62f7810534

Sharing

Copy URL

Twitter E-mail

General

Target

c9b5196ddad7e0282cfb592d4b1c2fce2ee313bbfa0dbe517428ff62f7810534
Size

132KB
MD5

f88b4eaca8417bb355d076357b1bed8a
SHA1

03183029184a8f6044fcae6b1add9a4404cbbdf2
SHA256

c9b5196ddad7e0282cfb592d4b1c2fce2ee313bbfa0dbe517428ff62f7810534
SHA512

800dd1336343164954d000ab4b52410bd2430e0c511320558db9874402a09f43a8234b6f08aeeded5646c1636ca985dd791f757c47e926a76ec47b26e85407f3
SSDEEP

3072:GY+RzgwlgvNs2Qne2iBl9a+/PfFHyhJt3KEh:GY+TYN0e2iBfFHyhJt3jh

Score

N/A

Malware Config

Signatures

Files

c9b5196ddad7e0282cfb592d4b1c2fce2ee313bbfa0dbe517428ff62f7810534
.exe windows x86

779efd72b66c8a8db556894a03c19a92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetProcAddress
GetModuleHandleA
CopyFileA
LoadLibraryExA
FreeLibrary
DeleteFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateFileA
WriteFile
CloseHandle
OpenMutexA
GetTempFileNameA
GetFileAttributesA
DeviceIoControl
GetSystemTime
GetCurrentProcessId
GetWindowsDirectoryW
FreeLibraryAndExitThread
GetCurrentProcess
CreateFileW
GetFileSize
ReadFile
SetFilePointer
SetEndOfFile
GetModuleHandleW
CopyFileW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
Sleep
DeleteFileW
ExitProcess
GetCommandLineA
CreateThread
GetSystemTimeAsFileTime
VirtualProtect
VirtualFree
GetLastError
GetVersionExA
MoveFileExW
GetTempFileNameW
GetTempPathW
GetModuleFileNameW
SystemTimeToFileTime
VirtualAlloc

advapi32

QueryServiceStatusEx
StartServiceA
OpenSCManagerA
OpenServiceA
GetUserNameW
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyA
CloseServiceHandle

ntdll

RtlComputeCrc32
LdrAddRefDll
ZwImpersonateThread
ZwOpenThread
RtlEqualUnicodeString
ZwQueryInformationToken
wcsncpy
ZwOpenFile
ZwClose
ZwLoadDriver
strncat
ZwCreateEvent
RtlInitUnicodeString
_snwprintf
atoi
ZwTestAlert
RtlRandom
ZwRaiseHardError
RtlAdjustPrivilege
ZwQuerySystemInformation
sscanf
strncpy
_chkstk
memcpy
_snprintf
RtlImageNtHeader
ZwDeviceIoControlFile
memset

shlwapi

StrStrIW
SHDeleteKeyA
SHGetValueA
PathFileExistsW
StrStrIA
PathAppendA
PathRemoveFileSpecA
StrStrA
PathFindFileNameW
PathFileExistsA

imagehlp

CheckSumMappedFile

psapi

GetMappedFileNameW

rpcrt4

UuidCreateSequential

wininet

InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetQueryOptionA
InternetSetOptionA
InternetCloseHandle
InternetOpenA

shell32

ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

winspool.drv

DeletePrintProvidorW
AddPrintProvidorW

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.config
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

779efd72b66c8a8db556894a03c19a92

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ntdll

shlwapi

imagehlp

psapi

rpcrt4

wininet

shell32

ole32

winspool.drv

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 10KB - Virtual size: 10KB

.config Size: 99KB - Virtual size: 99KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 10KB - Virtual size: 10KB

.config
Size: 99KB - Virtual size: 99KB

.reloc
Size: 1KB - Virtual size: 1KB