d33f5eae6be71da189e6309a4f5f7b0ff2490831f4c535efc540d58745cedcc4

Sharing

Copy URL Twitter E-mail

General

Target

d33f5eae6be71da189e6309a4f5f7b0ff2490831f4c535efc540d58745cedcc4
Size

116KB
MD5

fe5d3e6d4234c09ff4b3200d2f08fda0
SHA1

a873fe761bf41966d40000a64e1c99ac46253517
SHA256

d33f5eae6be71da189e6309a4f5f7b0ff2490831f4c535efc540d58745cedcc4
SHA512

e18ac2f14407518e71df73762e4f953d4c684fdf3f0ac7122e3db9ca567f01d23de17bd24451ed32df8008dfc24172adecb3ed5a84a4926ad568bc099f2b4eed
SSDEEP

3072:lvQI39DBDIN/WuSFjV4ISRteUz/9n4NtlVI5kPbi:bB8/WuYjV6RR+NhI54bi

Score

N/A

Malware Config

Signatures

Files

d33f5eae6be71da189e6309a4f5f7b0ff2490831f4c535efc540d58745cedcc4
.exe windows x86

06d86a6b850f559b8ec14899df4ee2d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryW
GetDateFormatW
CreateEventW
QueryPerformanceCounter
GetVersionExW
OpenProcess
LocalFree
LocalAlloc
GetVolumeInformationW
InitializeCriticalSection
EnterCriticalSection
Sleep
LoadLibraryW
GetProcAddress
GetProfileStringW
VirtualProtect
GetModuleFileNameW
GetModuleHandleW
GetSystemTime
GetWindowsDirectoryW
CreateFileW

user32

GetActiveWindow
IsDialogMessageW
SetWindowsHookExW
PostMessageW
DrawFrameControl
TrackPopupMenu
FillRect
IsIconic
SetWindowTextW
SetWindowLongW
GetDlgItem
GetWindow
FindWindowW
GetParent
ScrollWindow
SetPropW
AppendMenuW

gdi32

SetBkMode
MoveToEx
LineTo
ExcludeClipRect
DPtoLP
CreateDCW
GetObjectW
CreatePen
DeleteObject
DeleteDC
BitBlt

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW
EnumPrintersW

advapi32

AdjustTokenPrivileges
GetTokenInformation
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
SetServiceStatus
SetSecurityDescriptorDacl
SetEntriesInAclW
RegisterServiceCtrlHandlerW
RegSetValueExW
RegEnumKeyW
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
OpenProcessToken
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW

ole32

CoRevokeClassObject
OleInitialize
OleSetContainedObject
CoInitialize

ws2_32

ioctlsocket
listen
ntohl
inet_addr
select
recv
socket
WSAConnect
WSACreateEvent
WSAGetOverlappedResult
WSASocketW
WSAWaitForMultipleEvents
WSACloseEvent
send

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

msvcrt

fwrite
fclose
atoi
fseek
fopen
free
malloc
_exit
_XcptFilter
exit
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fputs

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06d86a6b850f559b8ec14899df4ee2d1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

ws2_32

version

msvcrt

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 52KB - Virtual size: 663KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 52KB - Virtual size: 663KB

.reloc
Size: 4KB - Virtual size: 3KB