ffdd7349c73bd8dfc450ea983feaefdbb98e431b99a6b599d511ed8f34f50736

Sharing

Copy URL Twitter E-mail

General

Target

ffdd7349c73bd8dfc450ea983feaefdbb98e431b99a6b599d511ed8f34f50736
Size

265KB
MD5

80ec64767f282a017d2d66d54239fa39
SHA1

39f829381958f7891782cfc6fb85d3afa87eb360
SHA256

ffdd7349c73bd8dfc450ea983feaefdbb98e431b99a6b599d511ed8f34f50736
SHA512

70c14b715b123c92f654075ae1220db6cf8965fdb75b8813495e2a40ff953cb455eb28c4e52906f25cb7dae7853fb025688f655b8388412f92606d6cd5c4590d
SSDEEP

6144:3Pq62SziXlHvh2boJqY9PMfEnU7y1YnCZ1RoEkY8beg+zY6Ym96U519GgFAS:3H20iXlHvh2boJqYifEnCy1/qY2+z395

Score

N/A

Malware Config

Signatures

Files

ffdd7349c73bd8dfc450ea983feaefdbb98e431b99a6b599d511ed8f34f50736
.exe windows x86

c78cf708131ea166a349e1ce7c6feb2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
GetTempFileNameW
GetTempPathW
CloseHandle
WaitForSingleObject
Sleep
GetCurrentProcess
ExitProcess
GetExitCodeProcess
CreateProcessW
FindFirstFileW
GetSystemDirectoryW
VirtualAlloc
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process
lstrcpyW
lstrcatW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
FindClose
CreateDirectoryW
GetTickCount
GetCommandLineW
DecodePointer
EncodePointer
WriteConsoleW
SetEndOfFile
GetFileSizeEx
HeapReAlloc
HeapSize
GetConsoleCP
FlushFileBuffers
CreateFileW
SetConsoleCtrlHandler
GetProcessHeap
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
OutputDebugStringW
GetCurrentThread
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
HeapAlloc
HeapFree
GetModuleHandleExW
GetModuleFileNameW
WriteFile
GetStdHandle
ReadFile
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
InterlockedPushEntrySList
InterlockedFlushSList

comdlg32

PageSetupDlgA
GetOpenFileNameW
ReplaceTextW

loadperf

LoadPerfCounterTextStringsA
LoadPerfCounterTextStringsW
UnloadPerfCounterTextStringsA

winspool.drv

ord212
AddFormA
EnumPrintProcessorsA
ClosePrinter
DeletePrinterConnectionA
DeletePrinterKeyW
ConfigurePortA
AddPortExA

wsnmp32

ord103
ord600
ord900
ord205
ord320

mapi32

ord178
ord121
ord148
ord23
ord195
ord164
ord160
ord158
ord172
ord190

mpr

WNetConnectionDialog1W
WNetGetProviderNameA
WNetUseConnectionA
WNetGetLastErrorA
WNetGetUniversalNameW

mswsock

NPLoadNameSpaces
EnumProtocolsW
rresvport
inet_network
sethostname
GetAddressByNameA
GetServiceA
GetServiceW
GetTypeByNameW
getnetbyname
GetAcceptExSockaddrs
AcceptEx

wsock32

WSAUnhookBlockingHook
WSACleanup
closesocket

oleaut32

VarI1FromR8
VarDecFromDisp
VarR8FromUI4

ole32

CoInitialize

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c78cf708131ea166a349e1ce7c6feb2b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comdlg32

loadperf

winspool.drv

wsnmp32

mapi32

mpr

mswsock

wsock32

oleaut32

ole32

Sections

.text Size: 216KB - Virtual size: 215KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 360B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 216KB - Virtual size: 215KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 360B

.reloc
Size: 8KB - Virtual size: 8KB