83d2b41620d3e71d8b82467fe120c0295fdd60ab6da375688954a62f81090820

Sharing

Copy URL

Twitter E-mail

General

Target

83d2b41620d3e71d8b82467fe120c0295fdd60ab6da375688954a62f81090820
Size

213KB
MD5

174bc87222dc3285e8e80e1a68955c50
SHA1

1d8c12d95e3c82f193cae5f382a83a35cf697ab3
SHA256

83d2b41620d3e71d8b82467fe120c0295fdd60ab6da375688954a62f81090820
SHA512

fc37bc65656d2a655f123ce329b5e2a8790335ebebac21d312425015c9950253d7269455e1c980be92160cea7e57e904df93b923937ae5f597a5e09c1e735fb2
SSDEEP

3072:1fvfpirDGxEvPTUrgYfv/JRkFZizIYRmOUYyHaLfwSBAtFapSDADeak7dJHB/Adi:1fXp53/JRMcmOUtKQwSsQLH5Adi

Score

N/A

Malware Config

Signatures

Files

83d2b41620d3e71d8b82467fe120c0295fdd60ab6da375688954a62f81090820
.exe windows x86

f7cdb047a98733f3dff8a31fed8ea52a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

jetcfg

ord1

mfc90u

ord3621
ord1353
ord6091
ord4652
ord1665
ord611
ord3482
ord1663
ord1768
ord607
ord686
ord436
ord795
ord1688
ord590
ord2100
ord4131
ord4530
ord6311
ord636
ord367
ord2592
ord333
ord6094
ord6095
ord5387
ord6187
ord2263
ord1533
ord6604
ord3868
ord1070
ord1261
ord1249
ord320
ord2143
ord4519
ord6729
ord4457
ord6512
ord6168
ord711
ord463
ord5322
ord5891
ord744
ord6101
ord6547
ord524
ord5342
ord6579
ord1938
ord2057
ord2038
ord1779
ord1708
ord3627
ord3528
ord2103
ord1601
ord4510
ord2277
ord1667
ord4654
ord3496
ord2283
ord1719
ord4660
ord3286
ord3654
ord2597
ord6760
ord2904
ord2360
ord664
ord617
ord341
ord1186
ord6482
ord306
ord316
ord2539
ord601
ord5567
ord750
ord778
ord654
ord615
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord2447
ord4347
ord4996
ord5680
ord5663
ord6018
ord3115
ord4905
ord3670
ord3486
ord794
ord4967
ord4043
ord1937
ord4000
ord639
ord5632
ord4631
ord5167
ord5324
ord5008
ord2208
ord1810
ord1809
ord1675
ord3353
ord6408
ord1492
ord5653
ord4682
ord3515
ord374
ord4494
ord280
ord2479
ord6171
ord4044
ord2069
ord4774
ord797
ord3355
ord6411
ord1754
ord1751
ord4345
ord1493
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord5664
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord1354
ord2593
ord3488
ord1063
ord1088
ord2702
ord6098
ord4398
ord3741
ord3768
ord6137
ord3658
ord3736
ord2081
ord4235
ord580
ord782
ord4888
ord405
ord5409
ord4887
ord5055
ord5344
ord4630
ord5166
ord3122
ord5151
ord4918
ord5012
ord3038
ord2209
ord3994
ord3812
ord3360
ord1144
ord2478
ord4405
ord4490
ord6630
ord3220
ord285
ord1607
ord4518
ord899
ord6065
ord6096
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4681
ord3674
ord595
ord2326
ord6822
ord5778
ord6811
ord5767
ord1243
ord3589
ord266
ord265
ord814
ord813
ord2537
ord799
ord4324
ord939
ord935
ord3185
ord811
ord1254
ord1250
ord1248
ord296
ord2694
ord5851
ord1222
ord1108
ord1137
ord4516
ord3537
ord2106
ord1183
ord3543
ord310
ord1604
ord3399
ord6577
ord938
ord5939
ord3423
ord3422
ord6831
ord6830
ord589
ord4527
ord286
ord6693
ord909
ord4442
ord600
ord801
ord2901
ord1272

msvcr90

_vswprintf
memcpy_s
memset
wcsncpy_s
free
calloc
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_CxxThrowException
wcschr
__CxxFrameHandler3
_wsetlocale
wcscat_s
swscanf
_vsnwprintf_s
vswprintf_s
wcsrchr
wcspbrk
wcsncpy
_waccess
_purecall
_wtoi
wcscpy_s
memcpy
swprintf_s
wcsstr
_wcsicmp
_recalloc

kernel32

GetTickCount
GetLastError
GetLocaleInfoW
lstrcpynW
lstrlenW
MultiByteToWideChar
lstrlenA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetVersionExA
FreeResource
GlobalReAlloc
GlobalHandle
FindResourceW
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetLastError
SetThreadLocale
GetSystemDefaultLangID
GetVersion
EnumResourceLanguagesW
ConvertDefaultLocale
FreeLibrary
ExpandEnvironmentStringsW
LoadLibraryW
GetModuleFileNameW
CreateDirectoryW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
SetFilePointer
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetCurrentProcessId
DeleteFileW

user32

RedrawWindow
EnableWindow
SetFocus
WindowFromPoint
GetDlgCtrlID
LoadStringW
IsChild
ChildWindowFromPointEx
SystemParametersInfoW
SystemParametersInfoA
GetWindowPlacement
SetCursor
GetCursorPos
GetSysColor
TrackMouseEvent
ReleaseCapture
GetDesktopWindow
GetFocus
GetCapture
LoadCursorW
InvalidateRect
ScreenToClient
ClientToScreen
DrawFocusRect
DrawFrameControl
FillRect
EqualRect
UnionRect
InflateRect
SetRectEmpty
PtInRect
CopyRect
DrawStateW
OffsetRect
IsRectEmpty
PostMessageW
IsWindow
GetDC
ReleaseDC
GetSystemMetrics
GetClientRect
SendMessageW
GetParent
KillTimer
SetTimer
GetWindowRect
IsZoomed
IsIconic

gdi32

CreateFontIndirectW
GetObjectW
CreateFontW
SelectObject
GetCharWidthW
DeleteObject
RectVisible
GetTextExtentPoint32W
GetTextMetricsW
Rectangle
Polygon
CreateSolidBrush
GetStockObject
GetDIBits
GetDeviceCaps
GetPaletteEntries
CreateHalftonePalette
SelectPalette
CreateDIBitmap
BitBlt
Ellipse
RealizePalette
CreateCompatibleDC
CreatePalette
CreateCompatibleBitmap

advapi32

RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetMalloc
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHBrowseForFolderW

ole32

GetRunningObjectTable
CreateItemMoniker
CoTaskMemFree
CreateBindCtx
CoGetMalloc
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantInit
SysAllocString
SysFreeString

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7cdb047a98733f3dff8a31fed8ea52a

Headers

DLL Characteristics

File Characteristics

Imports

jetcfg

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 83KB - Virtual size: 82KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 83KB - Virtual size: 82KB