c47dbab6a7bcedbad2a79ccc640785309d006f80ba5974032baf2a2423636ae8

Sharing

Copy URL Twitter E-mail

General

Target

c47dbab6a7bcedbad2a79ccc640785309d006f80ba5974032baf2a2423636ae8
Size

532KB
MD5

005f436d912c95368a0c9a33f93c10e0
SHA1

a30a5bbe44a377a8fa8218a437c0ef5d44ff8f24
SHA256

c47dbab6a7bcedbad2a79ccc640785309d006f80ba5974032baf2a2423636ae8
SHA512

4c799d6467c55f99b527303023af8e20ed702f089a01cbf4efbcfad53ff16294e5f1255787208a9256770669833af5c5d6ad9b57764c52a38c3b2f831fb7beee
SSDEEP

12288:WyUK51yHS8ih1n4OucH0Tc+it2y4zPPXs11v/FfOvUO:WyJbyHSVhNuU0TmtiPP6/FfOM

Score

N/A

Malware Config

Signatures

Files

c47dbab6a7bcedbad2a79ccc640785309d006f80ba5974032baf2a2423636ae8
.exe windows x86

2250c42687fbce035d6b30f1728a1f06

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

GetDriverModuleHandle
midiInGetErrorTextA
midiInGetDevCapsA
mmioSendMessage
joyGetPos
waveInAddBuffer
auxOutMessage
midiOutSetVolume
mmioGetInfo
midiInReset
midiStreamRestart
joyGetNumDevs
joyGetDevCapsA
midiOutGetVolume
mixerClose
midiOutLongMsg
midiOutOpen
CloseDriver
midiOutCacheDrumPatches
waveOutGetErrorTextA
midiStreamOut
midiInMessage
midiStreamStop
midiInStop
mixerSetControlDetails
waveInPrepareHeader
waveOutClose
waveInGetPosition
waveInReset
midiInAddBuffer
midiOutGetID
waveOutGetDevCapsA
waveOutPrepareHeader
midiOutMessage
waveOutGetPosition
midiDisconnect
midiOutGetNumDevs
midiStreamClose
midiInOpen
DrvGetModuleHandle
waveOutSetPitch
timeGetDevCaps
mmioSetBuffer
midiInStart
waveInGetNumDevs
mmioCreateChunk
mixerGetNumDevs
SendDriverMessage
mciSendStringA
mmioStringToFOURCCA

kernel32

GetStartupInfoA
GetCommandLineA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetLastError
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
HeapReAlloc
FlushFileBuffers
CreateFileA
GetOEMCP
MultiByteToWideChar
LoadLibraryA
InterlockedIncrement
GetVersionExA
WriteConsoleW
lstrcmpiA
HeapAlloc
CloseHandle
lstrcmpiW
GetShortPathNameA
UnmapViewOfFile
SetFilePointer
LoadLibraryExW
CreateMutexW
IsBadStringPtrW
GetTempPathA
QueryPerformanceCounter
WriteFile
LCMapStringW
WaitForSingleObject
GetThreadLocale
GetVersionExW
GetProcessHeap
InitializeCriticalSection
GetACP
GetSystemTime
GetHandleInformation
SizeofResource
GetLocaleInfoA
SetCurrentDirectoryA
LocalAlloc
GetTimeFormatA
IsBadWritePtr
SystemTimeToFileTime
GetModuleHandleA
lstrcmpA
GetTempPathW
GetFileType
SetErrorMode
InterlockedDecrement
GlobalHandle
SetEnvironmentVariableA
ReleaseMutex
IsValidCodePage
FormatMessageA
GlobalAlloc
CreateFileMappingA
GetVersion
lstrcatA
SetStdHandle
GetConsoleMode
ExitThread
GetTickCount
GetFileSize
CompareStringW
Sleep
GlobalLock
lstrcpynW
ResumeThread
GetCurrentThread
DeleteCriticalSection
InterlockedExchange
ExpandEnvironmentStringsA
GetModuleFileNameW
LocalFree
LoadResource
GetCPInfo
CreateFileMappingW
CreateEventA
CopyFileW
SetEndOfFile
ReadFile
SetPriorityClass
DeleteFileA
CreateThread
MapViewOfFile
HeapFree
GetTempFileNameW
GetProcAddress
VirtualAlloc
LCMapStringA
ExitProcess
GetStringTypeA
GetStringTypeW
GetCurrentThreadId
IsValidLocale

advapi32

RegOpenKeyExW
RegEnumKeyExA
InitializeSecurityDescriptor
FreeSid
RegCreateKeyExW
ChangeServiceConfigA
EqualSid
RegQueryValueExA
RegFlushKey
RegCreateKeyExA
RegEnumKeyExW
LockServiceDatabase
RegQueryValueExW
UnlockServiceDatabase
RegDeleteValueW
RegOpenKeyW
RegDeleteKeyA

comctl32

CreatePropertySheetPageA
DestroyPropertySheetPage
ord17
ord6
ImageList_ReplaceIcon
PropertySheetA
ImageList_Create
ImageList_Draw
ImageList_AddMasked

winspool.drv

FindFirstPrinterChangeNotification
DeletePrinterKeyA
AddJobA
AddPortA
FindClosePrinterChangeNotification
ResetPrinterA
ReadPrinter
ConfigurePortA
DocumentPropertiesA
EnumPrinterKeyA
SetPrinterA
AddPrinterConnectionA
OpenPrinterA
EnumPrintersA
StartPagePrinter
ScheduleJob
DeletePrinter
AbortPrinter
DeletePrinterConnectionA
SetFormA
SetPortA
EndDocPrinter
EndPagePrinter
ClosePrinter
AddMonitorA
EnumPrinterDriversA
PrinterMessageBoxA
AddPrintProvidorA
EnumPortsA
SetPrinterDataA
GetPrinterA
GetPrinterDataA
SetPrinterDataExA
EnumPrintProcessorDatatypesA
AddPrintProcessorA
EnumPrinterDataA
GetJobA
GetPrinterDataExA
PrinterProperties
DeletePrinterDataExA
GetPrintProcessorDirectoryA
WritePrinter
GetPrinterDriverA
DeletePrintProvidorA
FindNextPrinterChangeNotification
DeletePrinterDriverA
EnumPrinterDataExA
GetFormA
DeleteMonitorA
SetJobA
EnumFormsA
DeviceCapabilitiesA
DeletePrinterDataA
EnumPrintProcessorsA
EnumMonitorsA
DeletePortA
FreePrinterNotifyInfo

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 472KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2250c42687fbce035d6b30f1728a1f06

Headers

File Characteristics

Imports

winmm

kernel32

advapi32

comctl32

winspool.drv

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 472KB - Virtual size: 473KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 472KB - Virtual size: 473KB