78f39631cc01a48809af2bc0ade6f8780dec696ad9fbd5324a1f1073652ae202

Sharing

Copy URL Twitter E-mail

General

Target

78f39631cc01a48809af2bc0ade6f8780dec696ad9fbd5324a1f1073652ae202
Size

66KB
MD5

2f531a2195450880c8489b0ad9f204d0
SHA1

73c105de243231ccb20b42e9e3c01f06210e153e
SHA256

78f39631cc01a48809af2bc0ade6f8780dec696ad9fbd5324a1f1073652ae202
SHA512

5199d1b88b794801d1e0023f0477cdc7956771e4169eab31a6bb7097e14b061f2385d68efc60e3751491cc63f860041204b3668f10e215090c4065863deb04bc
SSDEEP

1536:ACZ7CAhQ4nGEgcNHGG6r0fn5UeyGptTh0kXACfLFlS:ACZWAhbG7cop0/5XyGPThJfplS

Score

N/A

Malware Config

Signatures

Files

78f39631cc01a48809af2bc0ade6f8780dec696ad9fbd5324a1f1073652ae202
.dll windows x86

8d3abf54b118dda823d99b7e9d953eb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetCurrencyFormatW
GetDateFormatA
DisableThreadLibraryCalls
CreateJobObjectW
GlobalFree
GetFileSize
GetNextVDMCommand
OpenFileMappingA
FindFirstFileA
FindNextFileA
GetProfileSectionW
IsValidLocale
GetVersion
HeapReAlloc
SetThreadLocale
VirtualAlloc
OpenEventW
ReadConsoleInputExA
SetFilePointer
CreateEventA
FlushFileBuffers
ResetWriteWatch
GetPrivateProfileSectionNamesW
DeleteFileW
SetConsoleCP

oleaut32

SysFreeString
SafeArrayGetLBound
SysStringLen
VariantChangeTypeEx
VariantCopy
VariantChangeType
VariantInit
GetErrorInfo
SysAllocStringByteLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SysAllocStringLen
SafeArrayCreate
VariantCopyInd
SysReAllocStringLen
VariantClear
GetActiveObject

comctl32

ImageList_GetImageCount
ImageList_Write
CreateStatusWindowA
ImageList_EndDrag
ImageList_Draw
ImageList_Create
ImageList_BeginDrag
_TrackMouseEvent
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_LoadImageA
ImageList_AddMasked
ImageList_GetBkColor
ImageList_ReplaceIcon
PropertySheetA

mpr

WNetAddConnection3W
WNetGetLastErrorW
WNetEnumResourceW
WNetGetResourceInformationW
WNetGetUniversalNameW
WNetGetConnectionA
WNetGetProviderNameW
WNetCancelConnection2W
WNetCloseEnum
WNetGetUserW
WNetGetUniversalNameA
WNetOpenEnumA
WNetOpenEnumW
WNetGetUserA
WNetGetConnectionW
WNetUseConnectionW
WNetAddConnection2W
WNetEnumResourceA

msvcrt

bsearch
swprintf
sqrt
fabs
__CxxFrameHandler
_strtime
__crtCompareStringA
??0exception@@QAE@XZ
_wcmdln
_splitpath
_mktime64
__p__fmode
_beginthread
wcsncmp
_Gettnames
iswupper
printf
??8type_info@@QBEHABV0@@Z
memcmp
_sopen
_waccess
clearerr
_wfindnext64
_filelength
wcscspn
__initenv
iswdigit
_mbclen
iswctype
_atoi64
toupper
strncat
_wmakepath
raise

crypt32

CryptProtectData

winspool.drv

EnumFormsW
EnumPrintersA
GetPrinterDriverDirectoryW
AddPrinterConnectionW
PrinterProperties
SetJobW
DeletePrinterDriverExW
GetJobW
EnumJobsW
DeleteFormW
EnumPrinterDataW
DeletePrinterDataExW
EnumMonitorsW
XcvDataW
SetJobA
GetPrinterDataW
ConfigurePortW
GetFormW
AbortPrinter
SetFormW
GetPrinterW

advapi32

GetKernelObjectSecurity
LsaQueryInformationPolicy
SetFileSecurityW
CreateProcessWithLogonW
LsaOpenTrustedDomainByName
BuildTrusteeWithSidW
SetThreadToken
RegReplaceKeyW
InitiateSystemShutdownA
StartTraceW
AddAccessAllowedAce
ElfDeregisterEventSource
GetCurrentHwProfileA
RevertToSelf
OpenServiceA
GetTokenInformation
RegLoadKeyW
SystemFunction029
CloseEventLog
AccessCheckByType
SystemFunction005
AddAccessDeniedAce
RegCreateKeyA
DeleteService
WmiOpenBlock
CreateProcessAsUserW
RegQueryInfoKeyA
AddAuditAccessAce
LsaGetSystemAccessAccount

Sections

.text
Size: 26KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 13KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 14KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 11KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d3abf54b118dda823d99b7e9d953eb1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

comctl32

mpr

msvcrt

crypt32

winspool.drv

advapi32

Sections

.text Size: 26KB - Virtual size: 192KB

.edata Size: 13KB - Virtual size: 46KB

.edata Size: 14KB - Virtual size: 97KB

.bss Size: 11KB - Virtual size: 60KB

.reloc Size: 512B - Virtual size: 268B

.text
Size: 26KB - Virtual size: 192KB

.edata
Size: 13KB - Virtual size: 46KB

.edata
Size: 14KB - Virtual size: 97KB

.bss
Size: 11KB - Virtual size: 60KB

.reloc
Size: 512B - Virtual size: 268B