b1f152f51651576290cf6cf18ae362e36c634d6d6af2cbec4d833afb993f9be4

Sharing

Copy URL Twitter E-mail

General

Target

b1f152f51651576290cf6cf18ae362e36c634d6d6af2cbec4d833afb993f9be4
Size

624KB
MD5

54c806ac2493a4e491233cef9b919b80
SHA1

69f3770837b7523604c275db21e0ad9141b26e59
SHA256

b1f152f51651576290cf6cf18ae362e36c634d6d6af2cbec4d833afb993f9be4
SHA512

0999d78c22680b1aacefcc66937893c000c1b122e19124b406faec3eb068b4be2c88eb2bb7398c770fa1683c76adc02a94157b1354de1f3bcda85b5136c84044
SSDEEP

12288:rnP5jeHlDzgEeaFMv29xmyqZmpwgdPt9qDQ:jP5C5b6idEmigFsQ

Score

N/A

Malware Config

Signatures

Files

b1f152f51651576290cf6cf18ae362e36c634d6d6af2cbec4d833afb993f9be4
.exe windows x86

dabaa6ef70e752a52944180d7bcfbdff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleA
GetHandleInformation
GetVersion
IsValidLocale
Process32Next
GetSystemTime
GetProcAddress
FreeLibrary
UnmapViewOfFile
FatalExit
GetLocalTime
FreeConsole
LoadLibraryA
GetConsoleMode

shell32

StrCmpNW

shlwapi

PathQuoteSpacesA
UrlIsW
PathCanonicalizeA
PathFindFileNameW
PathSetDlgItemPathW
StrPBrkA
SHRegEnumUSValueW
StrPBrkW
PathGetCharTypeW
SHRegGetBoolUSValueA
PathUnquoteSpacesW
PathStripToRootA
PathIsPrefixA
PathFindNextComponentW
SHRegEnumUSValueA
PathIsPrefixW
UrlCanonicalizeA
PathIsSystemFolderA
PathFindOnPathA
SHRegGetBoolUSValueW
PathRemoveFileSpecA
SHRegSetUSValueW
SHRegQueryUSValueA
PathAddExtensionW

winspool.drv

GetSpoolFileHandle
ord212
EnumPortsW
AddFormA
ConnectToPrinterDlg
DeviceCapabilitiesA
GetPrintProcessorDirectoryA
AddPrinterDriverExW
StartDocDlgA
ExtDeviceMode
AdvancedDocumentPropertiesA
FindNextPrinterChangeNotification
DevQueryPrintEx
ConvertUnicodeDevModeToAnsiDevmode
DeletePrinterDriverExW
GetJobA
ord201
CloseSpoolFileHandle
AddFormW
AddPortExA
ord103
ord102
GetPrinterDriverDirectoryW
ord215
OpenPrinterA
DeletePortW
DocumentPropertiesA

msvcrt

_mbsicmp
_mbslen
_mbcjmstojis
_local_unwind2
_CIasin
__argv
fclose
ferror
_wstat
fputs
sprintf
fputc
isxdigit
ftell
_stricmp
clock
abort
__STRINGTOLD
vfwprintf
__p__wpgmptr
feof
__getmainargs
_commode
fwrite
_putw
_cprintf
__setlc_active
printf
fsetpos
memset
wcscat
_unlink
fprintf
_wfsopen
log10
fopen
fwscanf
fread
_wsearchenv
_getdllprocaddr
_strncoll
fseek
fwprintf
_wsetlocale

Sections

.text
Size: 608KB - Virtual size: 606KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dabaa6ef70e752a52944180d7bcfbdff

Headers

File Characteristics

Imports

kernel32

shell32

shlwapi

winspool.drv

msvcrt

Sections

.text Size: 608KB - Virtual size: 606KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.text
Size: 608KB - Virtual size: 606KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB