a356eaa8b929718ee55d54f4e22f19c6520fbb49122fb09b080443f723c1a6ed

Sharing

Copy URL Twitter E-mail

General

Target

a356eaa8b929718ee55d54f4e22f19c6520fbb49122fb09b080443f723c1a6ed
Size

620KB
MD5

7004dd855088b879e333ebe66dc0a340
SHA1

71ffe83cb2b943785a6bd9b6011e296f878e2dc7
SHA256

a356eaa8b929718ee55d54f4e22f19c6520fbb49122fb09b080443f723c1a6ed
SHA512

dba0bd49e0bbc492b94f07d5de0d22b27a7a518c5943b7b05b8e98c0123e31404398fd267057888b5bd4ebb763c3d4db4c0f75212cd07fcf18b7f94a2fe3e3b0
SSDEEP

12288:JRXlrtTcTVMmqx+tAvhXZnUxl+bm6M11zeXw8HI2Dfka2:DXlrtTcho+yhpnUxlbbzedhLkZ

Score

N/A

Malware Config

Signatures

Files

a356eaa8b929718ee55d54f4e22f19c6520fbb49122fb09b080443f723c1a6ed
.dll windows x86

72c44023a95eb1fbdcec6d703ef22dce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcsncpy
_wcsupr
_ltoa
_ftol
free
_initterm
malloc
_adjust_fdiv
_purecall
wcscpy
_wcsicmp
wcslen
wcscat
_except_handler3
_strupr
_wtol
wcscmp
_ltow

ntdll

RtlNtStatusToDosError

nwapi32

NWPGetChallengeKey
NWPGetObjectID
NWPChangeObjectPasswordEncrypted
NWCReadPropertyValue
NWCDestroyQueue
NWCCreateQueue
NWCDeleteObject
NWPAddTrustee
NWCGetVolumeName
NWCGetVolumeNumber
NWCDeleteObjectFromSet
NWCAddObjectToSet
NWCGetObjectID
NWCIsObjectInSet
NWCGetFileServerVersionInfo
NWPCreateDirectory
NWCCreateObject
NWCChangePropertySecurity
NWCCreateProperty
NWCAttachToFileServerW
NWCDetachFromFileServer
NWCWritePropertyValue
NWCGetObjectName
NWCScanObject

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

activeds

ord22
ord17
ord18
ord15
ord14
ord21
ord16
ord12
ord23

ole32

CoTaskMemFree
CoCreateInstance
IIDFromString
CLSIDFromString
StringFromCLSID
StringFromGUID2
CreatePointerMoniker

winspool.drv

GetPrinterW
ClosePrinter
OpenPrinterW
SetPrinterW
GetJobW
SetJobW
EnumJobsW

kernel32

FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
lstrlenW
CloseHandle
RemoveDirectoryW
CreateFileW
SystemTimeToFileTime
FileTimeToSystemTime
DosDateTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetLastError
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
FileTimeToDosDateTime
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
LocalFree
DeleteFileW
LocalAlloc

user32

wsprintfW

oleaut32

VariantInit
SafeArrayDestroy
SysFreeString
VariantCopy
SetErrorInfo
DispInvoke
LoadRegTypeLi
DispGetIDsOfNames
SafeArrayPutElement
SafeArrayCreate
SysAllocString
CreateErrorInfo
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantTimeToDosDateTime
DosDateTimeToVariantTime
VariantClear

mpr

WNetCancelConnectionW
WNetAddConnection2W

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72c44023a95eb1fbdcec6d703ef22dce

Headers

File Characteristics

Imports

msvcrt

ntdll

nwapi32

advapi32

activeds

ole32

winspool.drv

kernel32

user32

oleaut32

mpr

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 102KB

.data Size: 9KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 6KB - Virtual size: 6KB

.vmp0 Size: 500KB - Virtual size: 1.6MB

.text
Size: 102KB - Virtual size: 102KB

.data
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 6KB - Virtual size: 6KB

.vmp0
Size: 500KB - Virtual size: 1.6MB