fef204c24fb27e978949957dac82844389e23e82aad6ebc4f1fcb46f6efc38b7

Sharing

Copy URL

Twitter E-mail

General

Target

fef204c24fb27e978949957dac82844389e23e82aad6ebc4f1fcb46f6efc38b7
Size

87KB
MD5

58924c2bddaaec2bf6052b077900853a
SHA1

327facc308c2d517f678d418f58844d64c618235
SHA256

fef204c24fb27e978949957dac82844389e23e82aad6ebc4f1fcb46f6efc38b7
SHA512

c6b9df598e25789c7118cb1bc73bc6d961c7f55d4ca957ff65c4e3847dc20bc32db1ee06614b198459d6e19e48989fd82eecd382a466e33093d4ce88f3dfd6fc
SSDEEP

1536:VhrDsSdoMBsZVW9L52e4fRcjg9TyDe3RsIqmQV+jJvOgB+OXAsWSWcdl91ae6:NoMBsZo9L52e45mtDe3RsIqmQVwvyOxK

Score

N/A

Malware Config

Signatures

Files

fef204c24fb27e978949957dac82844389e23e82aad6ebc4f1fcb46f6efc38b7
.exe windows x86

1a069ab77eeb100e76932995f9eb0a91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
Sleep
GetCurrentProcessId
TerminateProcess
OpenProcess
GetTickCount
VirtualAlloc
GetModuleHandleW
FormatMessageW
lstrcmpW
WideCharToMultiByte
GetOEMCP
WriteConsoleW
K32EnumProcesses
K32EnumProcessModules
K32GetModuleBaseNameW
SetEndOfFile
HeapSize
GetConsoleCP
FlushFileBuffers
CreateFileW
LCMapStringW
HeapFree
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetStringTypeW
GetModuleFileNameW
ReadFile
GetModuleHandleExW
ExitProcess
RaiseException
HeapReAlloc
HeapAlloc
CloseHandle
WriteFile
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
DecodePointer
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection

mapi32

ord141
ord48
ord170
ord191
ord187
ord64
ord201
ord75

winmm

midiInAddBuffer
joyGetPos
mmioCreateChunk
sndPlaySoundW
midiOutGetVolume
WOW32DriverCallback
CloseDriver
mmioOpenA
aux32Message
mixerClose

mscms

UnregisterCMMW
UninstallColorProfileA
OpenColorProfileW
GenerateCopyFilePaths
CreateProfileFromLogColorSpaceA
ord1
SetColorProfileElement
SetColorProfileElementReference
UninstallColorProfileW
SetStandardColorSpaceProfileA

pdh

PdhEnumObjectsW
PdhValidatePathW
PdhVbGetCounterPathElements
PdhVbAddCounter
PdhGetCounterInfoA
PdhGetFormattedCounterArrayA
PdhVbGetCounterPathFromList

comdlg32

FindTextA
ReplaceTextW
GetFileTitleW
PageSetupDlgA
PageSetupDlgW

rtm

MgmGetMfe
RtmRegisterClient
RtmAddRoute
RtmGetFirstRoute
MgmDeInitialize

user32

PostMessageW
EnumWindows
GetWindowThreadProcessId
LoadStringW

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a069ab77eeb100e76932995f9eb0a91

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mapi32

winmm

mscms

pdh

comdlg32

rtm

user32

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B