a0d3cfcb95bafc5475840a1c91415b9fb1a32015cdcccd1868879d26c21e5900

Sharing

Copy URL Twitter E-mail

General

Target

a0d3cfcb95bafc5475840a1c91415b9fb1a32015cdcccd1868879d26c21e5900
Size

92KB
MD5

8740afa6baf92d9ca2f57ec15f7de817
SHA1

e8da60ef972ee8e962965fcaa35f00ff9eddef57
SHA256

a0d3cfcb95bafc5475840a1c91415b9fb1a32015cdcccd1868879d26c21e5900
SHA512

33752e3795615a897b22cdea8be2b16f58809a6d038cbdae33482253fbd0a83645618af516bb973228ba288cb74532c2bc46087b2cfa2b4d003226abb653974a
SSDEEP

1536:rfYorkUiOu9om9nlrWppjVyZqgo6NQNuI3fKKkhB0V:rIOu9P9nlKpppyZDoZNu8fkB0V

Score

N/A

Malware Config

Signatures

Files

a0d3cfcb95bafc5475840a1c91415b9fb1a32015cdcccd1868879d26c21e5900
.exe windows x86

6afba15952d3623b07097fd9fd9e5b5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_adjust_fdiv
_XcptFilter
_exit
_c_exit
_stricmp
_wcsnicmp
wcscat
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_cexit
wcsrchr
wcslen
wcscpy

advapi32

SetServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

kernel32

LeaveCriticalSection
EnterCriticalSection
SetLastError
OpenProcess
InterlockedIncrement
GetLastError
InterlockedDecrement
GetProcAddress
GetSystemDirectoryW
GetModuleHandleW
GetModuleHandleA
InitializeCriticalSection
SetEvent
RaiseException
LocalAlloc
FreeLibrary
InterlockedExchange
LocalFree
LoadLibraryA
ExitThread
CloseHandle
WaitForSingleObject
CreateEventW
CreateThread
ExitProcess
Sleep
OpenEventW

gdi32

GdiInitSpool
bMakePathNameW
GdiGetSpoolMessage

rpcrt4

RpcRevertToSelf
NdrServerCall2
RpcServerUseProtseqEpA
RpcServerRegisterIf2
I_RpcSsDontSerializeContext
RpcMgmtSetServerStackSize
RpcServerListen
RpcImpersonateClient

ntdll

RtlValidRelativeSecurityDescriptor

Exports

Exports

YDriverUnloadComplete
YEndDocPrinter
YFlushPrinter
YGetPrinterDriver2
YGetPrinterDriverDirectory
YReadPrinter
YSeekPrinter
YSetJob
YSetPort
YSplReadPrinter
YWritePrinter

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6afba15952d3623b07097fd9fd9e5b5e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

rpcrt4

ntdll

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 46KB - Virtual size: 67KB

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 46KB - Virtual size: 67KB