b642760d4f2fca3840bf9b920c12c59f268629321ffbdb1eea11cb426baaef7f

Sharing

Copy URL Twitter E-mail

General

Target

b642760d4f2fca3840bf9b920c12c59f268629321ffbdb1eea11cb426baaef7f
Size

1.2MB
MD5

bcee0cd48ca3cbed192df31bff17a773
SHA1

0620e4fd9c3a404bb6bc0f543766c71f75fab69c
SHA256

b642760d4f2fca3840bf9b920c12c59f268629321ffbdb1eea11cb426baaef7f
SHA512

d6a1962c95eb8090f5fecb33bb8efca25fe1edcb572ab736ea612706b33a5e7a2c49d7622372906930838d19d3acd17e3fe22d57d9356d127d7793dd7aecd1d9
SSDEEP

24576:JYwxO/Wpt8sWO1FsxdyUziiM1EL4QbyAP7oYrljD2K:6izMfLFpPM

Score

N/A

Malware Config

Signatures

Files

b642760d4f2fca3840bf9b920c12c59f268629321ffbdb1eea11cb426baaef7f
.exe windows x86

42f915b75b4dc18db3695a3e3dee9350

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerMessage
auxGetNumDevs
midiOutGetDevCapsA
mmioSeek
waveOutGetPlaybackRate
waveOutGetErrorTextW
midiDisconnect
DefDriverProc
midiStreamClose
waveInGetErrorTextA
midiInGetID
mixerClose
mciSendStringW
waveOutSetVolume
timeEndPeriod
midiOutClose
WOW32ResolveMultiMediaHandle
mciSetDriverData
WOWAppExit
timeGetSystemTime
CloseDriver
timeGetDevCaps
joySetCapture
midiOutReset
timeBeginPeriod
joyGetThreshold
mixerGetControlDetailsW
joyGetDevCapsA
waveOutBreakLoop
GetDriverModuleHandle
midiOutCachePatches
mmTaskYield
midiInOpen
mciSendCommandW
waveInOpen
waveOutPrepareHeader
midiOutUnprepareHeader
timeKillEvent
midiInGetErrorTextW
mixerGetNumDevs
mixerGetDevCapsA
midiOutGetErrorTextW
mciSendCommandA
mmioGetInfo
mmioRead
midiStreamPosition
auxGetVolume
waveInGetNumDevs
midiStreamOut
midiInStart
mixerGetControlDetailsA
mmioDescend
mciDriverNotify
waveOutRestart
SendDriverMessage
mixerOpen
mciGetDeviceIDW
waveOutPause
joyGetPos
timeGetTime
OpenDriver
mmTaskSignal
waveOutSetPitch
sndPlaySoundA
mciGetYieldProc
midiInMessage
joyGetNumDevs
sndPlaySoundW
mciGetDriverData
mciGetDeviceIDFromElementIDW
waveInUnprepareHeader
midiStreamPause
mmioStringToFOURCCA
auxGetDevCapsW
midiOutGetVolume
mmioStringToFOURCCW
mci32Message
mciGetErrorStringA
midiOutGetErrorTextA
mixerGetLineControlsA
joySetThreshold
mciSendStringA
NotifyCallbackData
mmsystemGetVersion
mixerGetDevCapsW
PlaySoundW
auxOutMessage
tid32Message
mmioClose
mciGetDeviceIDA
midiInReset
midiOutSetVolume
auxGetDevCapsA
mciGetDeviceIDFromElementIDA
mciExecute
aux32Message
midiInPrepareHeader

kernel32

GetStartupInfoA
GetHandleInformation
GetDevicePowerState
LoadLibraryA
SetConsoleOutputCP
PeekConsoleInputA
DebugBreak
GlobalFix
TransmitCommChar
UpdateResourceA
SetCalendarInfoW
Toolhelp32ReadProcessMemory
GetUserDefaultLangID
GlobalWire
Module32First
LockFile
BuildCommDCBW
SetHandleInformation
GetProcAddress
QueryInformationJobObject
GetModuleHandleA
GetStringTypeW
ReleaseSemaphore
IsValidLocale
AddAtomA
BackupRead
ReadFile
VirtualQueryEx
MoveFileWithProgressA
VerLanguageNameW
VerLanguageNameA
VirtualAlloc

user32

GetActiveWindow
OemKeyScan
ModifyMenuA
UnregisterHotKey
AttachThreadInput
AppendMenuA
EnumDisplaySettingsA
keybd_event
CreateMDIWindowA
AdjustWindowRect
ShowCaret
DdeCreateStringHandleW
EnumDesktopWindows
SetWindowContextHelpId
InsertMenuItemA
SetDoubleClickTime
GetDesktopWindow
FindWindowW
SetCursor
BroadcastSystemMessageW
IsWindow
GetMessageExtraInfo
CopyImage
SendNotifyMessageW
CloseDesktop
SendMessageTimeoutW
PostQuitMessage
SystemParametersInfoA
CreateWindowStationA
GetMessagePos
GetDlgCtrlID
GetForegroundWindow
MsgWaitForMultipleObjects
CreateMDIWindowW
GetAncestor
SetWinEventHook
SendIMEMessageExA
CharToOemBuffW
GetClassInfoW
SetWindowsHookW
FillRect
IMPGetIMEA
DdeEnableCallback
LoadKeyboardLayoutA
RealGetWindowClassA
EnumDisplayMonitors
ShowScrollBar
SetDebugErrorLevel
LookupIconIdFromDirectory
IsClipboardFormatAvailable
FindWindowA
WinHelpW
DefDlgProcA
LoadCursorW
IsCharLowerW
LoadIconA
DlgDirListW
GetCursorInfo
GetClassLongW
EnumDisplaySettingsExA
LoadImageW
ExitWindowsEx
GetCursor
EnumPropsW
KillTimer
GetClipboardOwner
GetMessageTime
LoadCursorA
GetFocus
GetCapture

advapi32

ConvertAccessToSecurityDescriptorA
SystemFunction010
CryptExportKey
LsaStorePrivateData
LsaDeleteTrustedDomain
SystemFunction005
CryptSignHashA
RegSetKeySecurity
LookupPrivilegeNameA
RegDeleteValueA
AddAce
EnumServiceGroupW
CryptGetKeyParam
CryptVerifySignatureW
RegCreateKeyExW
RemoveUsersFromEncryptedFile
LookupPrivilegeNameW

shell32

StrStrA
StrCmpNIA
StrCmpNA
StrStrIW
StrRChrIA

shlwapi

PathIsUNCServerA
ChrCmpIW
PathBuildRootW
PathGetDriveNumberW
PathRemoveFileSpecA
PathSearchAndQualifyA
SHQueryValueExA
StrTrimA
PathStripPathA
SHDeleteValueW
IntlStrEqWorkerW
PathAppendA
SHGetValueA
PathIsUNCW
SHDeleteOrphanKeyA
UrlIsA
StrToIntA
StrToIntExW
SHRegCreateUSKeyW
PathFindNextComponentA
PathCompactPathExW
StrFromTimeIntervalW
SHDeleteKeyA
PathSearchAndQualifyW
SHRegEnumUSKeyA
StrCSpnIW
PathCombineA
StrCmpIW
PathGetArgsA
SHRegGetUSValueA
PathQuoteSpacesA
SHSetValueW
PathIsURLA
PathRemoveExtensionA
PathIsSameRootA
PathSkipRootA
PathIsSameRootW
StrDupW
PathCombineW
SHRegQueryInfoUSKeyW
PathIsDirectoryW
StrCmpW
PathCompactPathA
SHRegDeleteEmptyUSKeyA
SHRegDeleteUSValueA
UrlGetPartW
HashData
SHDeleteKeyW
SHQueryInfoKeyW
SHRegGetBoolUSValueW
PathGetCharTypeA
PathMakeSystemFolderA
UrlIsW

version

VerFindFileA
GetFileVersionInfoSizeA
VerFindFileW
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerInstallFileA
VerInstallFileW
VerQueryValueA

winspool.drv

QueryColorProfile
DeletePrintProvidorA
FreePrinterNotifyInfo
EXTDEVICEMODE
CreatePrinterIC
SetPortW
FindFirstPrinterChangeNotification
OpenPrinterW
ord207
ord102
AddPortExW
DeletePrinterIC
DeletePrintProvidorW
AddPrinterA
DocumentPropertiesW
StartDocDlgA
GetPrinterDataA
EnumFormsW
ConvertAnsiDevModeToUnicodeDevmode
DeviceMode
AddPrinterDriverA
AddPrinterConnectionW
EnumPrinterDriversW
DevQueryPrint
AddFormA
DeletePrinterDataExA
ord205

msvcrt

fwprintf
_adj_fptan
_mbsncoll
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
fseek
iswspace
_wcsdup
fopen
ferror
fread
_unlink
fgetwc
_errno
_exit
_lsearch
_adj_fdivr_m32i
atoi
realloc
fsetpos
__iscsym
fputc
free
fprintf
fputs
ftell
memcpy
feof
__threadhandle
fwrite
fflush
sprintf
memmove
malloc
printf
memset
fclose

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42f915b75b4dc18db3695a3e3dee9350

Headers

File Characteristics

Imports

winmm

kernel32

user32

advapi32

shell32

shlwapi

version

winspool.drv

msvcrt

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 1.2MB - Virtual size: 1.2MB