b4b7249552293d99f85b86d58d128350f22bbd3add2c094c4b1c6fa5c673e7e7

Sharing

Copy URL Twitter E-mail

General

Target

b4b7249552293d99f85b86d58d128350f22bbd3add2c094c4b1c6fa5c673e7e7
Size

271KB
MD5

326ec393d9425e2cfa97c48467b6e9c4
SHA1

263c87adc158b26c5fcff6d4b85f8937ddbcbf46
SHA256

b4b7249552293d99f85b86d58d128350f22bbd3add2c094c4b1c6fa5c673e7e7
SHA512

0a385fd741c022706431acc2c72b6666ab69e1d6005313fa03d514cf167170723a6a91c7e31cdec6d695807cf53ad1984151c2692ef8bed933ebbc814004178c
SSDEEP

6144:yuJAU9av3OSc6CVAQwHVmLyGUSGjrGySpUfq:yuJAU9avj0VAULyGGjrQpb

Score

N/A

Malware Config

Signatures

Files

b4b7249552293d99f85b86d58d128350f22bbd3add2c094c4b1c6fa5c673e7e7
.exe windows x86

087193242caab57577a7403b5b5207db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

PathRemoveFileSpecW
StrToIntExW
PathIsUNCServerW
PathFileExistsW
PathAddBackslashW
PathAppendW

advapi32

CheckTokenMembership
SetSecurityDescriptorDacl
CryptHashData
GetSidLengthRequired
InitializeSid
IsValidSid
GetFileSecurityW
RegCloseKey
SetFileSecurityW
CryptGetHashParam
GetTokenInformation
RegDeleteValueW
RegEnumKeyExW
CryptDestroyHash
GetSidSubAuthority
RegOpenKeyExW
FreeSid
RegQueryValueExW
CopySid
GetLengthSid
AdjustTokenPrivileges
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
AllocateAndInitializeSid
InitializeSecurityDescriptor
LookupPrivilegeValueW
SetFileSecurityA
OpenProcessToken

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

userenv

UnloadUserProfile

crypt32

CertVerifyValidityNesting
CertCloseStore
CryptMemAlloc
CryptMsgClose
CertFreeCertificateChain
CertOpenStore
CryptMsgGetParam
CertCreateCertificateContext
CertCompareIntegerBlob
CertFreeCertificateContext
CryptMemRealloc
CertAddCertificateContextToStore
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertCompareCertificate
CryptMemFree
CertNameToStrW
CryptDecodeObjectEx
CertFindExtension
CryptMsgUpdate
CryptMsgOpenToDecode
CertGetIntendedKeyUsage
CryptMsgControl

ole32

CLSIDFromString
StringFromGUID2
CoCreateGuid

ws2_32

inet_ntoa
WSAStringToAddressW
WSAStartup
WSACleanup
inet_addr

dnsapi

DnsQuery_W
DnsFree

kernel32

IsDBCSLeadByte
HeapDestroy
lstrcpyW
GetProcessHeap
HeapSize
FindResourceW
LoadResource
GetTimeZoneInformation
UnhandledExceptionFilter
SetFileAttributesA
FindNextFileW
ReleaseMutex
SetCurrentDirectoryW
CreateDirectoryA
MoveFileW
CreateFileW
GetShortPathNameW
FindClose
GetTempFileNameW
FreeLibrary
LockResource
OpenMutexW
GetVolumeInformationW
DeleteCriticalSection
CreateProcessW
GetCurrentThreadId
WaitForSingleObject
GetSystemDefaultLangID
FindResourceExW
FindNextFileA
GetStdHandle
CreateDirectoryW
RaiseException
WideCharToMultiByte
GetFileTime
SystemTimeToFileTime
SetEndOfFile
GetFileSize
GlobalFree
GetSystemTime
EnterCriticalSection
QueryPerformanceFrequency
LoadLibraryExW
GetThreadPriority
ReadFile
DosDateTimeToFileTime
GetLocalTime
GetSystemWindowsDirectoryW
GetFileType
GetDiskFreeSpaceExW
GetSystemTimeAsFileTime
SetFilePointer
SetFileTime
CreateEventW
RemoveDirectoryW
OutputDebugStringW
LocalFileTimeToFileTime
SizeofResource
GetSystemDirectoryW
LeaveCriticalSection
GetCurrentDirectoryW
lstrlenW
DeleteFileW
CloseHandle
SetFileAttributesW
HeapFree
SetUnhandledExceptionFilter
HeapAlloc
HeapReAlloc
FindFirstFileA
SetLastError
GetFileAttributesExW
WriteFile
FindFirstFileW
CreateFileA
CreateMutexW
CompareFileTime
GetWindowsDirectoryW
SetThreadPriority
CopyFileW
MoveFileExW
DeviceIoControl
IsDebuggerPresent
FileTimeToSystemTime
LocalAlloc
GetTempPathW
lstrlenA
HeapCreate
VirtualAllocEx
GetModuleHandleW

user32

TranslateMessage
CharUpperW
MsgWaitForMultipleObjects
CharLowerA
CharToOemBuffW
PeekMessageW
CharUpperA
wsprintfW
OemToCharA
OemToCharBuffA
DispatchMessageW
CharToOemA

winspool.drv

DocumentEvent
AdvancedDocumentPropertiesA
AdvancedSetupDialog
EnumPortsA
GetPrintProcessorDirectoryW
EnumFormsW
AddPortW
DeletePrinter
SetPortA
SpoolerDevQueryPrintW
AddPrinterA
DeleteFormW
PrinterMessageBoxW
CreatePrinterIC
OpenPrinterW
EndDocPrinter

kbdne

KbdLayerDescriptor

Sections

.tVBsPww
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_MEM_READ

.WySA
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_MEM_READ

.JDCXmZ
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_MEM_READ

.CfGNw
Size: 512B - Virtual size: 35KB

IMAGE_SCN_MEM_READ

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.PWfQFT
Size: 1024B - Virtual size: 829B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ymbd
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GzSVB
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NVajJ
Size: 512B - Virtual size: 211B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TcmXv
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iQgbr
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aCmoE
Size: 1024B - Virtual size: 815B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

087193242caab57577a7403b5b5207db

Headers

DLL Characteristics

File Characteristics

Imports

version

shlwapi

advapi32

shell32

userenv

crypt32

ole32

ws2_32

dnsapi

kernel32

user32

winspool.drv

kbdne

Sections

.tVBsPww Size: 1KB - Virtual size: 10KB

.WySA Size: 2KB - Virtual size: 32KB

.JDCXmZ Size: 2KB - Virtual size: 28KB

.CfGNw Size: 512B - Virtual size: 35KB

.text Size: 16KB - Virtual size: 16KB

.PWfQFT Size: 1024B - Virtual size: 829B

.ymbd Size: 3KB - Virtual size: 2KB

.GzSVB Size: 1KB - Virtual size: 1KB

.NVajJ Size: 512B - Virtual size: 211B

.TcmXv Size: 2KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 217KB

.rdata Size: 211KB - Virtual size: 210KB

.iQgbr Size: 2KB - Virtual size: 1KB

.rsrc Size: 17KB - Virtual size: 17KB

.aCmoE Size: 1024B - Virtual size: 815B

.tVBsPww
Size: 1KB - Virtual size: 10KB

.WySA
Size: 2KB - Virtual size: 32KB

.JDCXmZ
Size: 2KB - Virtual size: 28KB

.CfGNw
Size: 512B - Virtual size: 35KB

.text
Size: 16KB - Virtual size: 16KB

.PWfQFT
Size: 1024B - Virtual size: 829B

.ymbd
Size: 3KB - Virtual size: 2KB

.GzSVB
Size: 1KB - Virtual size: 1KB

.NVajJ
Size: 512B - Virtual size: 211B

.TcmXv
Size: 2KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 217KB

.rdata
Size: 211KB - Virtual size: 210KB

.iQgbr
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB

.aCmoE
Size: 1024B - Virtual size: 815B