9c51ae2eba65a6311a28889e8bc81566d96ac84884ea5507e782d7e333f44383

Sharing

Copy URL

Twitter E-mail

General

Target

9c51ae2eba65a6311a28889e8bc81566d96ac84884ea5507e782d7e333f44383
Size

108KB
MD5

1804c62c1f6cbe65cac8d4934345fbc0
SHA1

edf5cba1fba4543f5cf2341e1a6b8d85b4e15283
SHA256

9c51ae2eba65a6311a28889e8bc81566d96ac84884ea5507e782d7e333f44383
SHA512

56595ec25dea9817f2f95b9ead0c346c461fe9319d8f1d3c99f5bdc8995da46e1f19c2f16293db8f1d37c1776c5f3a4effad0c8e967cdcc1af6d5754450a50eb
SSDEEP

1536:Hq7uuAfsvvu8sWwHgvFyfrVDPTa+J8frQ+p2oEiMR3jPXMrXUJ:KRIkFsWwAIfrVzTuhprf6zPXqXUJ

Score

N/A

Malware Config

Signatures

Files

9c51ae2eba65a6311a28889e8bc81566d96ac84884ea5507e782d7e333f44383
.dll windows x86

99cc36f8b3efaaec0fd970e15a19b986

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetVolumeNameForVolumeMountPointA
WaitForSingleObject
WriteConsoleInputA
GlobalFindAtomW
BuildCommDCBA
GetPrivateProfileSectionNamesW
FreeLibrary
_hwrite
GetCurrentDirectoryA
lstrcpyA
ChangeTimerQueueTimer
lstrlenW
IsValidLocale
TlsAlloc
VerLanguageNameA
ConsoleMenuControl
GetConsoleInputWaitHandle
TerminateJobObject
GetLongPathNameW
OpenSemaphoreW
HeapCompact
GlobalReAlloc
GetCommConfig
FindNextFileA
VDMOperationStarted
lstrcpynA
GetFileAttributesExA
AreFileApisANSI
GetConsoleCP
GetHandleInformation
GetSystemTime
WaitForMultipleObjectsEx
BuildCommDCBAndTimeoutsA
CallNamedPipeA
GetShortPathNameW
GetLogicalDriveStringsW
GetConsoleAliasExesA
GlobalSize
LoadResource
GetConsoleFontInfo
VirtualUnlock
GetLocalTime
ReadConsoleInputExW
SetLastError
ExitProcess
FoldStringW
GetModuleHandleA
SetConsoleCP
GetVolumeInformationW
SetConsoleOutputCP
VirtualAlloc
IsBadStringPtrA
LoadLibraryExA
GetProcAddress
GetLastError
GetVersionExA
FreeLibraryAndExitThread
CreateTimerQueue
GetVersion
GetCommModemStatus
LoadLibraryA

advapi32

GetTrusteeFormA
ChangeServiceConfig2W
FindFirstFreeAce
CryptSetProviderW
SetTokenInformation
SystemFunction024
BuildTrusteeWithNameW
GetAuditedPermissionsFromAclW
SetSecurityDescriptorDacl
CheckTokenMembership
GetSecurityDescriptorDacl
GetServiceKeyNameW
AccessCheck
SystemFunction031
SystemFunction033
CryptImportKey
LsaLookupNames
CryptAcquireContextW
AddAccessAllowedObjectAce
LsaGetRemoteUserName
LsaOpenAccount
BuildExplicitAccessWithNameA
CryptContextAddRef
EnumServicesStatusW
CryptSetProviderExA
RegQueryInfoKeyA
FreeEncryptionCertificateHashList
GetMultipleTrusteeOperationA
DeregisterEventSource
LsaCreateSecret

comctl32

FlatSB_SetScrollProp
ord16
ImageList_GetImageRect
ImageList_Read
DestroyPropertySheetPage
FlatSB_ShowScrollBar
ImageList_EndDrag
CreateStatusWindowW
ImageList_GetIconSize
FlatSB_SetScrollRange
ImageList_LoadImageA
ImageList_AddMasked
ImageList_Duplicate
InitializeFlatSB
ord5
ord15
ImageList_SetFilter
DrawStatusTextW
ImageList_SetIconSize
_TrackMouseEvent
ImageList_GetIcon
ord13
FlatSB_EnableScrollBar
FlatSB_SetScrollPos
FlatSB_GetScrollRange
FlatSB_GetScrollPos
ImageList_DragMove
ImageList_SetOverlayImage
PropertySheetW
ord8
ImageList_GetImageInfo
FlatSB_GetScrollProp
ImageList_Replace
ImageList_AddIcon
ImageList_BeginDrag
ord7
ImageList_LoadImageW
ImageList_DragLeave
ImageList_ReplaceIcon
ImageList_Copy
ord17
ImageList_GetImageCount
ord14
ord6
PropertySheetA
ord3
FlatSB_GetScrollInfo
ImageList_Draw
ImageList_DrawEx
ImageList_DragShowNolock
ImageList_Create
CreatePropertySheetPageA
ImageList_SetImageCount
ImageList_SetDragCursorImage
FlatSB_SetScrollInfo
CreateToolbarEx
ImageList_DrawIndirect

winspool.drv

GetJobW
ord214
AddPrinterDriverExA
EXTDEVICEMODE
GetSpoolFileHandle
EnumPrintProcessorDatatypesW
ord207
ConnectToPrinterDlg
ord211
ord205
AddPortW
PlayGdiScriptOnPrinterIC
DeletePrinterDataExA
ord100
EnumPortsA
SplDriverUnloadComplete
SetFormA
EnumPrintProcessorsW
EnumPrintersA
EnumFormsA
CloseSpoolFileHandle
EndPagePrinter
DeletePrintProcessorA
StartDocPrinterA
DeletePrinterDriverW
GetPrinterDriverW
AdvancedSetupDialog
GetPrinterDataExA
SeekPrinter
EnumPrinterDriversW
ord102
DeletePrinter
DeletePrinterDriverExW
XcvDataW
GetPrinterDataW
SetPrinterDataExA
EnumJobsW
EnumPrinterKeyA
DeleteMonitorW
DeletePrinterIC
StartPagePrinter
ScheduleJob
DocumentPropertiesA
OpenPrinterA
SetJobW
ord208
ADVANCEDSETUPDIALOG
PrinterMessageBoxA
ord209
WritePrinter
AddFormW
DeletePrintProvidorW
FreePrinterNotifyInfo

msvcrt

_lrotr
_mbsinc
_mbsninc
_mbsnset
_mbspbrk
_mbscmp
_mbsncat
_mbsnbcmp
_onexit
_daylight
_ui64toa
_wpgmptr
_unlink
_wcsncoll
printf
memset
_flushall
__crtGetLocaleInfoW
_sys_errlist
ftell
_adj_fdiv_m32i
_fcloseall
_copysign
_XcptFilter
__iscsymf
fputc
fputs
wcslen
fwrite
_cwait
_mbsspn
_adj_fdiv_r
_umask
__argc
_mbsnbicoll
__RTCastToVoid
_wspawnve
fsetpos
_vsnprintf
sprintf
_outpw
_wexeclpe
_wmakepath
system
_exit
wscanf
_iob
raise
__unDName
_mbstok
__CxxLongjmpUnwind
fopen
__dllonexit
_mbsstr
__p__winver
_mbsbtype
vswprintf
_pwctype
fprintf
fclose
putc
fseek
__p__environ
ferror
_mbsnbcoll
fwprintf
isxdigit
_spawnlp
fread
ungetwc
_mbsnbicmp
_fcvt
_ismbcpunct
feof

Exports

Exports

Apah
Cmkhgjl
Ervwkhfabt
Gfigto
Hcmf
Hisvoucph
Risy

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99cc36f8b3efaaec0fd970e15a19b986

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 52KB - Virtual size: 49KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 52KB - Virtual size: 49KB

.reloc
Size: 8KB - Virtual size: 5KB