ca0f562b3fed8e91038bbb6b2f829b2444f72f0b6ea817660ab93db182dbb276

Sharing

Copy URL

Twitter E-mail

General

Target

ca0f562b3fed8e91038bbb6b2f829b2444f72f0b6ea817660ab93db182dbb276
Size

339KB
MD5

dc3c72c536d21c3977a33bb8fb19252b
SHA1

93e39ea2967fa22220e5d668601893253fc7f9dc
SHA256

ca0f562b3fed8e91038bbb6b2f829b2444f72f0b6ea817660ab93db182dbb276
SHA512

7e809c2840e3b029e5838201ae5e5bd1dde9348eaa045320bbacd098cd851aef44a02724df1f85e248c9a7b92ae861c25264f27b4927e560628fce86c7462ce3
SSDEEP

6144:tVdBzYxOz5RmXjj3X5K35sHZK7BLFZAnM8ieXrvq8OB++g2qT38flgMVeAA/:tVd1sjDXqN9ZZAnIUGN++g204fu

Score

N/A

Malware Config

Signatures

Files

ca0f562b3fed8e91038bbb6b2f829b2444f72f0b6ea817660ab93db182dbb276
.exe windows x86

f8c1966f94da088bff61ba69d60e8fc3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TranslateMessage
CreateWindowExA
MessageBoxIndirectA
DispatchMessageA
LoadCursorA
LoadIconA
OpenClipboard
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetWindowTextA
MessageBoxExA
DefDlgProcA
FindWindowExA
CloseWindow
AdjustWindowRectEx

gdi32

GetStockObject
CloseEnhMetaFile
ExcludeClipRect
CombineRgn
AddFontResourceA
DeleteEnhMetaFile
CopyMetaFileW
CreateDCA
FrameRgn
CopyMetaFileA
CreateDiscardableBitmap
GetBitmapDimensionEx
CopyEnhMetaFileA
EndPage
Ellipse

advapi32

OpenProcessToken
NotifyChangeEventLog
RegEnumKeyExA
RegisterEventSourceW
ClearEventLogW
RegSetValueA
OpenEventLogA
RegOverridePredefKey

shlwapi

StrCSpnA
PathAddBackslashW
SHQueryInfoKeyW
PathIsRelativeA
SHDeleteKeyW
PathMakePrettyA
SHQueryValueExW
StrCSpnIA
PathIsSystemFolderW
SHRegDeleteEmptyUSKeyW
PathRemoveBlanksA
PathRemoveArgsW

kernel32

ResetEvent
GetSystemDefaultLangID
GetOverlappedResult
LocalSize
GetProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetStartupInfoA
GetStdHandle
VirtualAllocEx
TlsGetValue
GetACP
LCMapStringA
GetLastError
GetModuleHandleA
GetProcAddress
HeapReAlloc
VirtualFreeEx
HeapUnlock
OpenMutexA
HeapWalk
CreateEventA
LocalFree
FoldStringA
GetStringTypeA
VerLanguageNameA

version

VerFindFileA
VerQueryValueA
GetFileVersionInfoA
VerInstallFileA
GetFileVersionInfoSizeA

winspool.drv

AddPrinterW
SetJobW
DeletePrinterDriverW
AddPrinterDriverA
DeletePrinterDriverExA
DeleteFormA
AddPrinterConnectionA
EnumJobsA
GetPrinterA
DeletePrinter
ConfigurePortA
AddPrinterDriverExA
AddPrintProcessorA
AbortPrinter
DeletePrinterConnectionA

secur32

VerifySignature
DecryptMessage
MakeSignature
FreeCredentialsHandle
ApplyControlToken
CompleteAuthToken
AcceptSecurityContext
DeleteSecurityContext
ExportSecurityContext
EncryptMessage

netapi32

NetMessageNameAdd
NetLocalGroupDelMembers
NetFileClose
NetGroupAddUser
NetFileGetInfo
Netbios
NetConfigGet
NetConfigGetAll
NetErrorLogRead
NetGroupAdd
NetGetDCName
NetAuditRead

msvcrt

__p__fmode
_controlfp
_except_handler3
__set_app_type
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_exit
_XcptFilter

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8c1966f94da088bff61ba69d60e8fc3

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shlwapi

kernel32

version

winspool.drv

secur32

netapi32

msvcrt

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 314KB - Virtual size: 413KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 314KB - Virtual size: 413KB

.rsrc
Size: 4KB - Virtual size: 3KB