29754b800e1a533769223cbcb2c805eda125e2614ac8137c570ea536b47e265e

Sharing

Copy URL Twitter E-mail

General

Target

29754b800e1a533769223cbcb2c805eda125e2614ac8137c570ea536b47e265e
Size

175KB
MD5

6a99561dbae647bcc0decf03471e1860
SHA1

34195384b56a4547be645c898e28ff97f176421f
SHA256

29754b800e1a533769223cbcb2c805eda125e2614ac8137c570ea536b47e265e
SHA512

d51ea88144af783bff9ef271de4c45d2ee9e39aa7f3c7632db1f9b3d754328ffe866507e4b5d2b9a7360dc25b4dfd21b666448d69351a723b82b149053c78dfe
SSDEEP

3072:oTaOog8o6VISCWhepWAQEoARRg9r7DMDbTnQjisgkSUIDSKeNU:EaOn8o69CzkaRSbMvjQmsg5FoS

Score

N/A

Malware Config

Signatures

Files

29754b800e1a533769223cbcb2c805eda125e2614ac8137c570ea536b47e265e
.dll windows x86

0ff0e32bb71c9d721fd3a85a85ce4830

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SuspendThread
ResumeThread
GetThreadContext
CreateRemoteThread
GetLongPathNameW
WideCharToMultiByte
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetFileAttributesW
OpenMutexW
SystemTimeToFileTime
CreateEventA
CreateMutexA
DuplicateHandle
CreateFileMappingA
MapViewOfFile
OpenThread
GetSystemDirectoryW
WaitForSingleObject
WaitForMultipleObjects
ReleaseMutex
UnmapViewOfFile
CreateFileW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetLogicalDriveStringsW
FreeLibrary
HeapAlloc
QueryPerformanceCounter
lstrcmpW
GetACP
GetTempFileNameW
DeleteFileW
LCMapStringW
GetSystemDefaultLCID
GetLocaleInfoA
lstrlenW
GetCurrentThread
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
GetVersion
GetModuleHandleW
GetModuleHandleA
GetLastError
LocalReAlloc
lstrcmpiW
InitializeCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
LocalAlloc
LocalFree
UnhandledExceptionFilter
lstrcpyA
lstrlenA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
CreateFileMappingW
DeviceIoControl
CopyFileW
WriteFile
SetFilePointer
GetBinaryTypeW
FindNextFileW
FindFirstFileW
GetSystemDefaultLangID
GetFileSize
GetOverlappedResult
TransactNamedPipe
CreateEventW
GetSystemTimeAsFileTime
SetNamedPipeHandleState
RemoveDirectoryW
CreateDirectoryW
SetEvent
GetProcessHeap
OpenProcess
MultiByteToWideChar
SetLastError
GetUserDefaultUILanguage
OpenEventW
OpenFileMappingW
GetCommandLineW
CloseHandle
ExitProcess
HeapFree
GetDateFormatA
Sleep
InterlockedDecrement
InterlockedIncrement
GlobalSize
GlobalReAlloc
GlobalFree
VirtualAlloc
GetSystemInfo
GlobalUnlock
GetUserDefaultLCID
CreateFileA
FileTimeToDosDateTime
ReadFile
GlobalLock
GetDriveTypeW
GetComputerNameW
GetCPInfo
SetThreadLocale
GetStdHandle
SetSystemTime
SetLocalTime
GetFileType
GetTimeZoneInformation
WriteConsoleW
GetConsoleMode
SetConsoleMode
ReadConsoleW
GetTempPathW
GetComputerNameExW

user32

OpenWindowStationW
OpenDesktopW
SetThreadDesktop
CloseWindowStation
CloseDesktop
DialogBoxParamW
GetProcessWindowStation
ReleaseDC
GetWindowRect
DrawIcon
GetWindowLongW
wsprintfW
GetUserObjectInformationW
GetSystemMetrics
LoadStringW
EndDialog
SetWindowTextW
GetDlgItemTextW
GetDlgItem
ShowWindow
LoadIconW

winspool.drv

GetJobW
GetPrinterW
ClosePrinter
ReadPrinter
OpenPrinterW

advapi32

RegCreateKeyExA
RegCreateKeyExW
RegOpenKeyExW
GetSecurityDescriptorDacl
AddAccessDeniedAce
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegEnumKeyExW
OpenSCManagerW
QueryServiceConfigW
CloseServiceHandle
CheckTokenMembership
ImpersonateLoggedOnUser
RegisterEventSourceW
ReportEventW
IsValidSid
EqualSid
SetThreadToken
RegLoadKeyW
RegUnLoadKeyW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyA
DeregisterEventSource
QueryServiceStatus
GetServiceKeyNameW
RegConnectRegistryW
GetAce
LookupAccountSidW
AddAccessAllowedAce
LookupAccountNameW
GetSidSubAuthorityCount
GetSidLengthRequired
CopySid
RegDeleteKeyA
RegEnumKeyExA
RegDeleteKeyW
RegSetKeySecurity
RevertToSelf
InitializeSecurityDescriptor
RegCloseKey
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegRestoreKeyW
RegSaveKeyW
OpenThreadToken
ImpersonateSelf
GetUserNameW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExA

ole32

CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoGetMalloc
StgOpenStorage
GetClassFile
StgOpenStorageOnILockBytes
CoTaskMemAlloc

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msvcrt

wcsspn
setlocale
exit
wcschr
wcsncat
swprintf
wcslen
srand
wcsrchr
calloc
wcscspn
memmove
atoi
wcscat
wcscpy
strncmp
wcscmp
malloc
__getmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
wcsncpy
wcstok
ftell
fread
putchar
wcstod
_vsnwprintf
toupper
rand

shlwapi

StrStrIW

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

rpcrt4

UuidToStringA
RpcStringFreeA

Exports

Exports

NeedAccesses
ThatOrUpMust

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ff0e32bb71c9d721fd3a85a85ce4830

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

ole32

version

msvcrt

shlwapi

setupapi

rpcrt4

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 28KB - Virtual size: 151KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 28KB - Virtual size: 151KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 1KB