0ad872556a5f5d49b3d5fb8f2c9419a9ad0530c3d41e8c3d3ec66aa7e09f8e1f

Sharing

Copy URL

Twitter E-mail

General

Target

0ad872556a5f5d49b3d5fb8f2c9419a9ad0530c3d41e8c3d3ec66aa7e09f8e1f
Size

60KB
MD5

6dbffbacfbec66ca27fdd270a29bb105
SHA1

3450caad1ea5594ad92586b163cb142bd232ef73
SHA256

0ad872556a5f5d49b3d5fb8f2c9419a9ad0530c3d41e8c3d3ec66aa7e09f8e1f
SHA512

72793e33ec20d6ac2902d371ca093bfd74d7cb66f6f25dcbe2ce0fcd7c283ed3cd2583c4e1c9d7ab1d847493017fbc41b77dddfc27f3ebc65b729f3fcab4b071
SSDEEP

1536:r8YorkUi4u9om9nlrWppjVyZqgoF93Mm:rb4u9P9nlKpppyZDoFRMm

Score

N/A

Malware Config

Signatures

Files

0ad872556a5f5d49b3d5fb8f2c9419a9ad0530c3d41e8c3d3ec66aa7e09f8e1f
.exe windows x86

6afba15952d3623b07097fd9fd9e5b5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_adjust_fdiv
_XcptFilter
_exit
_c_exit
_stricmp
_wcsnicmp
wcscat
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_cexit
wcsrchr
wcslen
wcscpy

advapi32

SetServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

kernel32

LeaveCriticalSection
EnterCriticalSection
SetLastError
OpenProcess
InterlockedIncrement
GetLastError
InterlockedDecrement
GetProcAddress
GetSystemDirectoryW
GetModuleHandleW
GetModuleHandleA
InitializeCriticalSection
SetEvent
RaiseException
LocalAlloc
FreeLibrary
InterlockedExchange
LocalFree
LoadLibraryA
ExitThread
CloseHandle
WaitForSingleObject
CreateEventW
CreateThread
ExitProcess
Sleep
OpenEventW

gdi32

GdiInitSpool
bMakePathNameW
GdiGetSpoolMessage

rpcrt4

RpcRevertToSelf
NdrServerCall2
RpcServerUseProtseqEpA
RpcServerRegisterIf2
I_RpcSsDontSerializeContext
RpcMgmtSetServerStackSize
RpcServerListen
RpcImpersonateClient

ntdll

RtlValidRelativeSecurityDescriptor

Exports

Exports

YDriverUnloadComplete
YEndDocPrinter
YFlushPrinter
YGetPrinterDriver2
YGetPrinterDriverDirectory
YReadPrinter
YSeekPrinter
YSetJob
YSetPort
YSplReadPrinter
YWritePrinter

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6afba15952d3623b07097fd9fd9e5b5e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

rpcrt4

ntdll

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 14KB - Virtual size: 35KB

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 14KB - Virtual size: 35KB