c7204053138cc3f29b985af6c86785af8ac19adf38e6522f96952c0506d4d70f

Sharing

Copy URL

Twitter E-mail

General

Target

c7204053138cc3f29b985af6c86785af8ac19adf38e6522f96952c0506d4d70f
Size

716KB
MD5

3a67973d7309a9bcfe49ec9ad67c1a10
SHA1

d7253481ac7cffa061fbf06024c4f04e3c452269
SHA256

c7204053138cc3f29b985af6c86785af8ac19adf38e6522f96952c0506d4d70f
SHA512

c217a2a0d0ea627c35cb43fd83f8cdd9ff5518d33a0c7e4c71b313deb3e14b4c9c2079be060e7318840acb2fce259b55c2e50570d04f1417bad4253687d9e236
SSDEEP

6144:5rekr8ElLFNS0QOSXlBtmTV5c18xCK7MHsT/NdbJJ10MZGqL09VE2Vx:L4ElZcBdXFX10/7MHybJJWMnLC7Vx

Score

N/A

Malware Config

Signatures

Files

c7204053138cc3f29b985af6c86785af8ac19adf38e6522f96952c0506d4d70f
.exe windows x86

9aa25f588e4e92d68181371db2ff06c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

lstrcpyA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetComputerNameA
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
DeleteFileA
GetWindowsDirectoryA
GetCurrentThreadId
GetTickCount
SetFilePointer
GetFileSize
GetLocalTime
GetExitCodeThread
SetThreadPriority
GetCurrentProcess
GetModuleHandleA
GetVersionExA
ReleaseMutex
OpenMutexA
SetEvent
ResetEvent
CreateEventA
OpenEventA
GlobalFree
lstrcmpiA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileW
GetTimeZoneInformation
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
SetConsoleCtrlHandler
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CopyFileA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
GetStdHandle
GetLastError
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetCurrentProcessId
Process32Next
TerminateProcess
WaitForSingleObject
FreeLibrary
GetTempPathA
CreateFileA
WriteFile
CloseHandle
SetCurrentDirectoryA
Sleep
GetModuleFileNameA
FindFirstFileA
FindClose
FindResourceA
LoadResource
LockResource
GetProcAddress
LoadLibraryA
SetHandleCount
HeapReAlloc
GlobalAlloc
GlobalUnlock
GlobalLock
CreateProcessA
GetSystemDirectoryA
LocalFree
lstrcatA
LocalAlloc
lstrlenA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
GetCommandLineA
HeapAlloc
GetProcessHeap
GetStartupInfoA
ExitThread
CreateThread
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
GetACP
GetOEMCP
HeapSize
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
CreateMutexA

user32

GetCursorPos
wsprintfA
RegisterClassA
WaitForInputIdle
RegisterWindowMessageA
KillTimer
PostQuitMessage
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowA
FindWindowExA
GetWindowRect
CreateMenu
SetMenu
LoadIconA
SetMenuDefaultItem
CreatePopupMenu
SetForegroundWindow
TrackPopupMenu
AppendMenuA
DestroyMenu
LoadCursorA
RegisterClassExA
CreateWindowExA
SendMessageA
DefWindowProcA
LoadStringA

gdi32

GetStockObject

winspool.drv

ClosePrinter
GetPrinterDataA
GetPrinterA
DocumentPropertiesA
EnumPrintersA
OpenPrinterA
GetPrinterDriverDirectoryA

advapi32

RegEnumValueA
SetEntriesInAclA
SetKernelObjectSecurity
GetSecurityDescriptorDacl
SetSecurityInfo
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
IsValidSid
GetLengthSid
GetAce
AllocateAndInitializeSid
InitializeSecurityDescriptor
FreeSid
RegCreateKeyA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegFlushKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

Shell_NotifyIconA

Sections

.text
Size: 532KB - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nrdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9aa25f588e4e92d68181371db2ff06c0

Headers

File Characteristics

Imports

imm32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

Sections

.text Size: 532KB - Virtual size: 531KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 12KB - Virtual size: 28KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 4KB

.nrdata Size: 76KB - Virtual size: 76KB

.text
Size: 532KB - Virtual size: 531KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 12KB - Virtual size: 28KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 4KB

.nrdata
Size: 76KB - Virtual size: 76KB