d2890c2af979de6e1cb5f7b38ae00562f42c7f6dd24c652d9498083f8a7f4aa1

General

Target

d2890c2af979de6e1cb5f7b38ae00562f42c7f6dd24c652d9498083f8a7f4aa1
Size

535KB
MD5

f2a5936308b873ca1f6bebe35c37ffa6
SHA1

0912bf6d2568a5324b6500e4ba19b34665fdf259
SHA256

d2890c2af979de6e1cb5f7b38ae00562f42c7f6dd24c652d9498083f8a7f4aa1
SHA512

8216d3382e9e47246c2b72bd9f3ca68bf402da3ec733814c1d487101aa0ada4298afc776afb83dbe9b3f32f8a985f204fc8d96948bac66c4afe57ad59f58d37d
SSDEEP

12288:RMzDAW4U6bVBYuUEjfx01wIshB2dtBuKy02:CzDmU6BXUwxkW8LuKy02

Score

N/A

Malware Config

Signatures

Files

d2890c2af979de6e1cb5f7b38ae00562f42c7f6dd24c652d9498083f8a7f4aa1
.exe windows x86

bf25fe527f82e9010b5818c41e3ff9eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

BackupEventLogW
RegisterEventSourceA
AdjustTokenPrivileges
RegLoadKeyA
GetOldestEventLogRecord
ReportEventW
RegRestoreKeyA
DeregisterEventSource
OpenBackupEventLogW
OpenEventLogW

kernel32

WriteProfileStringA
GetPrivateProfileStructA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
GetProcAddress
VirtualAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

winspool.drv

AddPrinterConnectionA
SetPrinterW
EnumPrintProcessorsW
DeletePrinterDriverExA
AddPrintProcessorW
AddPrinterA
GetPrinterDriverW
AddPrinterDriverExA
EnumJobsW
DeletePrinterDataA
AddPrintProcessorA
AddPrinterDriverA

msrating

RatingEnabledQuery

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 498KB - Virtual size: 803KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf25fe527f82e9010b5818c41e3ff9eb

Headers

File Characteristics

Imports

advapi32

kernel32

winspool.drv

msrating

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 498KB - Virtual size: 803KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 498KB - Virtual size: 803KB

.rsrc
Size: 7KB - Virtual size: 7KB