f86734554a57478b91c684aa487c0b6ef6b8b13dc0a1497a21a1da3c07c5e812

Sharing

Copy URL

Twitter E-mail

General

Target

f86734554a57478b91c684aa487c0b6ef6b8b13dc0a1497a21a1da3c07c5e812
Size

85KB
MD5

a54b890c787c6b318bff6fbd532c21f0
SHA1

0b29f3db245696ab4450d1676ae83f87b8a7ab88
SHA256

f86734554a57478b91c684aa487c0b6ef6b8b13dc0a1497a21a1da3c07c5e812
SHA512

d93bb65e79c4ae57ed39ad0a551f4fe133ca3a28a43c3e43ca30bfe5a39f5ccd150d107ab13e729a42d4388e9a57c8b03df17d6488418d46ffe0c34b62add79e
SSDEEP

1536:kcVJPbkrsKunLydcTXwQYqB2es5UlYorBbt22K+FHuLfHnf0/+Sl/z:kcVJPbkrInLXXwZqQnOWcx97YLfn8/+S

Score

N/A

Malware Config

Signatures

Files

f86734554a57478b91c684aa487c0b6ef6b8b13dc0a1497a21a1da3c07c5e812
.dll windows x86

49db47c2aebca4ab2792ce37c72fbaa5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ScrollConsoleScreenBufferA
VirtualQueryEx
GetACP
VirtualAlloc
FlushViewOfFile
GetVersion
InterlockedExchangeAdd
GetTimeFormatW
WritePrivateProfileStringA
InterlockedExchange
WriteProfileStringW
EnumCalendarInfoA
OpenSemaphoreW
FreeEnvironmentStringsA
GetConsoleTitleA
GetConsoleWindow
GetLastError
SetConsoleTitleW
WriteConsoleW
IsBadWritePtr
SetCurrentDirectoryW
CloseProfileUserMapping
GetShortPathNameW
WaitForMultipleObjectsEx
WriteConsoleOutputA
CopyFileExW
GetFileSize
GetWriteWatch
FoldStringW
ReadConsoleInputA
CreateTimerQueueTimer
GetFullPathNameW
VirtualProtect
GetUserDefaultUILanguage
WriteProfileStringA
SetNamedPipeHandleState
GetPrivateProfileSectionA
CreateFileW
CreateRemoteThread
GetEnvironmentVariableW
SetVolumeLabelA
SetConsoleKeyShortcuts
_hwrite
HeapCompact

userenv

DestroyEnvironmentBlock
GetUserProfileDirectoryW
RegisterGPNotification
RsopResetPolicySettingStatus
FreeGPOListW
LoadUserProfileW
GetProfilesDirectoryW
GetProfileType
UnloadUserProfile
EnterCriticalPolicySection
ProcessGroupPolicyCompletedEx
ExpandEnvironmentStringsForUserW
DeleteProfileW
GetAppliedGPOListW
CreateEnvironmentBlock
RefreshPolicy
GetDefaultUserProfileDirectoryW
LeaveCriticalPolicySection

winspool.drv

GetPrinterDriverDirectoryA
EnumJobsW
GetPrintProcessorDirectoryA
EnumMonitorsW
AddMonitorW
EnumPortsW
GetPrinterDataExW
EnumPrinterDriversW
GetPrinterW
DeletePrinterConnectionW
DocumentPropertiesA
AddPrinterW
DeletePrintProcessorW
XcvDataW
GetPrinterDriverW
GetPrinterDataW
OpenPrinterA
DeleteFormW
AddPrintProcessorW
DeletePrinterDataExW
ReadPrinter
DeletePrinterDriverExW
SetJobA
GetJobW
EndPagePrinter
AddPrinterConnectionW
AddPrinterDriverExW
OpenPrinterW
EndDocPrinter
AbortPrinter
EnumFormsA
EnumMonitorsA
AddMonitorA
EnumPrinterDataW
AddFormW
StartDocPrinterW
EnumPrinterDataExW
StartPagePrinter
DeleteMonitorW
DocumentPropertySheets
FlushPrinter

crypt32

CryptDecryptAndVerifyMessageSignature

advapi32

AreAllAccessesGranted
SystemFunction004
GetSidSubAuthorityCount
CryptGenKey
QueryRecoveryAgentsOnEncryptedFile
CryptEncrypt
EnumServicesStatusW
AddAuditAccessAce
LookupAccountNameA
DuplicateTokenEx
I_ScSetServiceBitsW
CryptGetKeyParam
OpenProcessToken
OpenEventLogW
CryptGetProvParam
RegSetKeySecurity
QueryServiceConfigW
GetServiceDisplayNameA

msvcrt

system
_CIlog
strncmp
strncpy
__doserrno
abort
_ltoa
_read
modf
acos
iswprint
_ismbcdigit
_mbslwr
iswctype
_CIlog10
__p__fmode
realloc
fputwc
wscanf
vfprintf
wcscspn
_ismbstrail
sqrt
iswalnum
_memicmp
_CItanh
_wsplitpath
strtok
tan
_wremove
_wcsnset

uxtheme

GetThemeAppProperties
SetWindowTheme
DrawThemeBackground
DrawThemeParentBackground
GetThemeColor
GetThemePartSize
GetThemeRect
DrawThemeIcon
GetThemeSysColor
CloseThemeData
GetThemeFont
IsThemeBackgroundPartiallyTransparent
OpenThemeData
GetThemeBackgroundExtent
IsThemeActive
GetWindowTheme
IsAppThemed
GetThemeBool
GetThemeSysFont
GetThemeTextExtent
GetThemeMetric
EnableThemeDialogTexture
GetThemeMargins
DrawThemeText
GetThemeBackgroundContentRect
IsThemePartDefined
GetThemeBackgroundRegion
GetCurrentThemeName

Sections

.text
Size: 42KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 15KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 16KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49db47c2aebca4ab2792ce37c72fbaa5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

userenv

winspool.drv

crypt32

advapi32

msvcrt

uxtheme

Sections

.text Size: 42KB - Virtual size: 189KB

.edata Size: 15KB - Virtual size: 48KB

.edata Size: 16KB - Virtual size: 99KB

.data Size: 9KB - Virtual size: 38KB

.rsrc Size: 1024B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 788B

.text
Size: 42KB - Virtual size: 189KB

.edata
Size: 15KB - Virtual size: 48KB

.edata
Size: 16KB - Virtual size: 99KB

.data
Size: 9KB - Virtual size: 38KB

.rsrc
Size: 1024B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 788B