c9c3e53e18b5ecf3ecad4b42b6aaaa6ce4eaef50492ccf4df795fa2a1d615ac4

Sharing

Copy URL Twitter E-mail

General

Target

c9c3e53e18b5ecf3ecad4b42b6aaaa6ce4eaef50492ccf4df795fa2a1d615ac4
Size

598KB
MD5

2c48e37099c0e0558781b39430de8f61
SHA1

dd704e93457969f71f6840d6ea4050ae81befed4
SHA256

c9c3e53e18b5ecf3ecad4b42b6aaaa6ce4eaef50492ccf4df795fa2a1d615ac4
SHA512

4636496a2a437bfee0752a9ae668ffcfc4358d12b42da0216f1185ad1cf256f89e592d5aa81068ab825fc5f0b093356cf5efed23eb99d77b9192bbd2d63bcad8
SSDEEP

6144:bo1fcXrpH8w3qkcOYG1kMHHnXAIcDZNTjGynSsbC+eEkrJUqfoVwF+gS2ljYS2qz:bM0bNH35kMGT6ySAedrJU3Kl96O65m

Score

N/A

Malware Config

Signatures

Files

c9c3e53e18b5ecf3ecad4b42b6aaaa6ce4eaef50492ccf4df795fa2a1d615ac4
.exe windows x86

29c52feff83432ac98436d93c025fae0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetDateFormatW
UnhandledExceptionFilter
RegisterWaitForSingleObject
WriteFile
GetSystemDefaultLangID
ShowConsoleCursor
GetThreadTimes
DebugActiveProcess
WriteConsoleInputVDMA
SetHandleInformation
VirtualAlloc
FindResourceExW
GetDiskFreeSpaceExA
EnumCalendarInfoExA
SleepEx
OpenProfileUserMapping
CompareStringA
GetPrivateProfileSectionW
SetConsoleHardwareState
UpdateResourceW
RegisterConsoleVDM
CreateMutexW
GetDiskFreeSpaceA
GetSystemPowerStatus
GetOverlappedResult
IsValidLocale
GlobalDeleteAtom
IsDBCSLeadByteEx
SetLocaleInfoA
UnlockFile
GetCurrentDirectoryW
lstrcmpA
ContinueDebugEvent
GetFileInformationByHandle
GlobalWire
FreeLibrary
PrepareTape
WriteProfileSectionW
WriteConsoleW
ReadConsoleOutputA
GetHandleInformation
GetSystemTime
BeginUpdateResourceA
GetVolumeInformationW
FormatMessageW
SetUnhandledExceptionFilter
GetConsoleDisplayMode
ReadFile
FoldStringA
GetLocalTime
Heap32First
OpenEventW
FileTimeToDosDateTime
Process32First
GetModuleHandleA
GetVersion
LoadLibraryA

user32

DdeClientTransaction
GetCaretPos
LoadMenuA
SendIMEMessageExW
BlockInput
LoadCursorFromFileA
wvsprintfA
GetPropA
RegisterClipboardFormatA
SendDlgItemMessageW
SetUserObjectSecurity
LookupIconIdFromDirectoryEx
CharUpperW
RegisterDeviceNotificationW
EnumDesktopWindows
EnumDisplayMonitors
GetThreadDesktop
SetWindowContextHelpId
IsCharLowerA
GetProcessDefaultLayout
TranslateMessage
DefFrameProcA
GetFocus
ScrollDC
EnumWindowStationsA
DlgDirSelectExA
ScreenToClient
SetWindowLongA
DestroyAcceleratorTable
DdeCreateDataHandle
VkKeyScanExA
UnpackDDElParam
PeekMessageW
DrawStateA

advapi32

SystemFunction014
BuildImpersonateTrusteeW
LookupAccountNameA
LsaEnumerateAccounts
LsaLookupPrivilegeDisplayName
AccessCheckByTypeAndAuditAlarmA
LookupPrivilegeDisplayNameW
LsaEnumerateAccountsWithUserRight
LookupAccountNameW
RegQueryInfoKeyW
CryptSetProviderA
OpenSCManagerA
LsaSetInformationPolicy
CryptDecrypt
ElfChangeNotify
BackupEventLogW
SystemFunction016
LookupSecurityDescriptorPartsW
GetSecurityInfoExA
GetNamedSecurityInfoExW
StartServiceW
LsaICLookupSids
InitializeSecurityDescriptor
SystemFunction007
DestroyPrivateObjectSecurity
LogonUserA
RegCreateKeyA
LsaQueryTrustedDomainInfo
CryptAcquireContextA
SystemFunction005
RegReplaceKeyA
ElfRegisterEventSourceW
CryptGetHashParam
RegSetKeySecurity
SystemFunction021
EncryptFileW
PrivilegedServiceAuditAlarmA
GetAccessPermissionsForObjectW
LsaAddPrivilegesToAccount
SystemFunction019
AccessCheckByType
RegLoadKeyW
OpenSCManagerW
BuildImpersonateTrusteeA
GetSecurityDescriptorControl
SetFileSecurityA
SystemFunction023
LsaEnumerateTrustedDomains
SystemFunction030
LsaNtStatusToWinError
RegQueryValueExW
SetPrivateObjectSecurityEx
LsaSetSecurityObject
AddAccessAllowedObjectAce
ElfOpenEventLogW
SetTokenInformation
LsaSetTrustedDomainInfoByName
FileEncryptionStatusW
GetCurrentHwProfileW
GetFileSecurityA
LsaEnumerateAccountRights
CryptGetUserKey
OpenEventLogA
QueryServiceStatus
ChangeServiceConfig2W
ControlService
CryptHashSessionKey
DeleteAce
CloseServiceHandle
CryptSetKeyParam

shell32

StrCmpNA
StrCmpNIA
StrChrA
StrRChrW

shlwapi

SHRegGetUSValueA
PathIsUNCServerW
PathMakeSystemFolderW
PathUnmakeSystemFolderA
PathIsPrefixW
PathRemoveFileSpecW
GetMenuPosFromID
UrlUnescapeA
PathBuildRootW
SHRegGetBoolUSValueW
PathIsContentTypeW
PathFindExtensionA
SHRegCreateUSKeyA
PathSkipRootW
PathUnquoteSpacesW
UrlIsA
PathCanonicalizeA
StrSpnA
IntlStrEqWorkerA
SHRegGetUSValueW
SHEnumValueA
PathFindOnPathW
UrlGetLocationW
PathFindOnPathA
PathFindFileNameW
PathBuildRootA
SHDeleteKeyW
StrNCatW
PathAddExtensionA
StrFromTimeIntervalW
SHGetInverseCMAP
SHDeleteValueW
PathCombineA
SHOpenRegStreamW
PathIsFileSpecW
StrCmpIW
SHEnumValueW
StrFromTimeIntervalA
PathFindFileNameA
PathIsPrefixA
UrlEscapeA
PathIsSystemFolderA
StrCSpnW
StrTrimW
PathFindExtensionW
PathIsRootW
UrlCanonicalizeW
UrlGetPartA
SHRegWriteUSValueA
UrlCanonicalizeA
PathGetCharTypeA
PathIsUNCServerA

version

VerInstallFileW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoSizeW

winmm

PlaySoundW
waveOutPause
timeSetEvent
mciGetCreatorTask
sndPlaySoundW
waveOutGetID
midiOutGetDevCapsA
mciSendCommandW
PlaySoundA
mmioGetInfo
joyReleaseCapture
midiOutGetNumDevs
midiOutOpen
waveInMessage
waveInStop
midiOutCachePatches
mciSendStringW
mciGetDriverData
auxSetVolume
midiInAddBuffer
timeKillEvent
mmioSeek
mciSendCommandA
midiStreamClose
mmsystemGetVersion
midiStreamPosition
waveOutGetVolume
joySetThreshold
mmioClose
joySetCapture
mixerGetLineControlsW
timeGetTime
waveInGetNumDevs
joyGetPos
mmioSendMessage
waveInClose
mmTaskCreate
mmDrvInstall
mixerGetDevCapsA
midiInUnprepareHeader
mixerGetControlDetailsA
waveInGetDevCapsA
mmioDescend
WOWAppExit
mixerGetLineInfoW
mxd32Message
waveOutSetPlaybackRate
midiInGetID
joyGetDevCapsW
mmioFlush
mmioRenameA
auxGetDevCapsA
mmTaskYield
mmioInstallIOProcW
timeBeginPeriod
mciSetDriverData
mmioAscend
midiInOpen
mmioSetInfo
midiStreamRestart
midiConnect
mixerSetControlDetails
waveInPrepareHeader
joyGetNumDevs
mixerGetLineInfoA
waveOutReset
midiOutShortMsg
DefDriverProc
joyGetDevCapsA
mciDriverYield
waveOutClose
mod32Message
waveOutWrite
mciSetYieldProc
waveOutGetNumDevs
sndPlaySoundA
waveInReset
joy32Message
mixerGetDevCapsW
mixerOpen
tid32Message
mixerGetLineControlsA
joyConfigChanged
midiInClose
waveOutGetDevCapsW
waveOutGetPitch

winspool.drv

AddPortExW
GetPrinterDriverW
EnumPrintProcessorsW
AddPrintProcessorA
GetPrintProcessorDirectoryA
ord256
DeletePrinterConnectionA
GetPrinterA
PlayGdiScriptOnPrinterIC
EnumPrintersW
GetPrinterDriverDirectoryW
AddPrinterConnectionA
QueryColorProfile
GetJobW
DeletePrinterKeyA
GetPrinterDataExA
FindFirstPrinterChangeNotification
ord204
DeletePrintProcessorA
DevQueryPrintEx
DeviceCapabilitiesA
DEVICECAPABILITIES
DeletePrinter
ord212
AddPrintProvidorA
DocumentPropertySheets
EnumMonitorsA
DeletePrinterDataExA
EnumPrinterKeyW
SetPrinterA
CreatePrinterIC
GetJobA
SetJobA
AdvancedSetupDialog
EnumPrinterDataA
DeletePrinterDataExW
DeletePrinterDriverW
SplDriverUnloadComplete
ord207
EndDocPrinter
AbortPrinter
DeleteFormA
EnumPrinterDriversW
GetPrinterDriverDirectoryA
StartDocDlgA
DeleteMonitorA
GetPrinterDataExW
ord202
GetPrintProcessorDirectoryW
DeletePrinterKeyW
StartDocPrinterA
ord215
ord201
SetPortW
SetPortA
AdvancedDocumentPropertiesW
ConvertUnicodeDevModeToAnsiDevmode
AddPrinterA
ord209
DocumentPropertiesA
DeletePortA
DeletePortW
AddMonitorW
AdvancedDocumentPropertiesA
AddPortExA
DeletePrinterDriverExW
EnumPrintProcessorDatatypesA
OpenPrinterA
ord100
DocumentEvent
ord102
GetPrinterDataA

msvcrt

_unlink
_inpd
_abnormal_termination
_j1
wcscat
floor
__p___initenv
_wrmdir
vsprintf
_pctype
__CxxFrameHandler
wcsncat
wprintf
fprintf
is_wctype
_open
putwchar
_mbsncat
fwprintf
ftell
_CxxThrowException
ceil
_wspawnlp
ferror
fread
iswcntrl
fputc
fsetpos
_expand
_ecvt
_putch
_wcsdup
_mbscoll
_mbsninc
wcscmp
_telli64
__winitenv
_errno
fclose
__p__fileinfo
fputwc
_mkdir
_mbcasemap
wcscoll
_CIasin
_mbstrlen
_makepath
strtod
memset
fputs
_CItan
time
_wenviron
isalnum
isspace
_spawnle
_wsystem
_spawnvpe
_winver
__p__iob
sqrt
_ismbblead
strftime
sprintf
_ismbbkana
__p__wenviron
_adj_fdiv_m16i
bsearch
scanf
_wtol
iswxdigit
_osver
fseek
_iob
_strnset
_sleep
printf
_findnexti64
_safe_fdiv
_cwait
fwrite
fopen
__iscsymf
__isascii
_EH_prolog
_dup2
feof
malloc

Sections

.text
Size: 564KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29c52feff83432ac98436d93c025fae0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

version

winmm

winspool.drv

msvcrt

Sections

.text Size: 564KB - Virtual size: 561KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 12KB - Virtual size: 9KB

.text
Size: 564KB - Virtual size: 561KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 9KB