beed687b967a2d6085993bd635c12c10cfb06dea979a5442a738d1df17d58893

General

Target

beed687b967a2d6085993bd635c12c10cfb06dea979a5442a738d1df17d58893
Size

781KB
MD5

089fe7d94687413115185d78bae34430
SHA1

46348601af6d34e22d46afd438d08065ec7cc8a8
SHA256

beed687b967a2d6085993bd635c12c10cfb06dea979a5442a738d1df17d58893
SHA512

450f6e920bab061708b145e421f423cdd8e794c57ffdc94020179a187a6b85efa1fc143e597767de5d2972a80360740bc9565149cbd3c3892d45ea4a55f0d07a
SSDEEP

24576:LURS2H73w/icSgIRn4vfjvGo26kmMN//:LF2MqAIRn4jL26kmM/

Score

N/A

Malware Config

Signatures

Files

beed687b967a2d6085993bd635c12c10cfb06dea979a5442a738d1df17d58893
.exe windows x86

3a4f8dfb523947dbfdff479b9f9749da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winspool.drv

GetPrinterW
SetPrinterDataW
StartPagePrinter
EnumFormsA
DeletePrinterDataW
StartDocPrinterW
GetPrinterA
DocumentPropertiesW

netapi32

NetUnregisterDomainNameChangeNotification
NetLocalGroupDelMembers
NetShareAdd
NetShareDelSticky
NetAlertRaiseEx
NetpIsRemote
NetShareDel
I_NetServerSetServiceBitsEx
NetUserAdd
NetServerEnum
NetRemoteTOD

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceLoggerHandle
GetSidSubAuthority
SystemFunction004
AddAuditAccessAceEx
CloseEncryptedFileRaw
RegSetValueExW
RegUnLoadKeyA
DeregisterEventSource
SystemFunction041
LsaQueryTrustedDomainInfoByName
WmiExecuteMethodW
BuildExplicitAccessWithNameW
RegQueryInfoKeyA
SystemFunction027
ConvertSidToStringSidW
GetKernelObjectSecurity
ImpersonateNamedPipeClient
LsaQueryInformationPolicy
SystemFunction006
IsTokenRestricted
GetSecurityDescriptorOwner
RegFlushKey

kernel32

FindCloseChangeNotification
CreateRemoteThread
VirtualAlloc
FoldStringA
GetModuleFileNameW
GetDefaultCommConfigW
WriteProfileStringW
GetCalendarInfoA
GetVolumePathNameA
WaitForMultipleObjects
EnumResourceLanguagesW
GetComputerNameA
FormatMessageW
PeekNamedPipe
GetDevicePowerState
GetTempFileNameA
ContinueDebugEvent

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 602KB - Virtual size: 965KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a4f8dfb523947dbfdff479b9f9749da

Headers

File Characteristics

Imports

winspool.drv

netapi32

advapi32

kernel32

Sections

.text Size: 5KB - Virtual size: 5KB

DATA Size: 602KB - Virtual size: 965KB

.rsrc Size: 172KB - Virtual size: 171KB

.reloc Size: 512B - Virtual size: 48B

.text
Size: 5KB - Virtual size: 5KB

DATA
Size: 602KB - Virtual size: 965KB

.rsrc
Size: 172KB - Virtual size: 171KB

.reloc
Size: 512B - Virtual size: 48B