f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755

Sharing

Copy URL

Twitter E-mail

General

Target

f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755
Size

242KB
MD5

e7371f007db56cf6c0ec2880db0984f7
SHA1

26d3cd9a7c0fe17d6b24053acf427493fdba1fb1
SHA256

f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755
SHA512

231a70f0f88d729e1990fa78e6627478ae5f04c2bd8ac4180b02b9c7e35f7063db074e3b29917aefeb62b1a57d0d718c97a77c4a8d1489b0f3806848fb5e26da
SSDEEP

6144:Yqxzd2mJzPPUMSoGFKdMWKbZaDdfAhKlEeuv0Xv/jF:5Nd2TpKdMWKbIpkKlEelXv/j

Score

N/A

Malware Config

Signatures

Files

f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755
.dll windows x86

9faa2085078dcc2238d9cc1f7dce54e6

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
ImpersonateSelf
RegSetValueExW
RegOpenKeyExW
RegQueryValueExA
RegDeleteValueW
RegEnumKeyExW
QueryServiceConfigW
QueryServiceStatus
OpenServiceW
RegQueryInfoKeyW
RegOpenKeyA
OpenSCManagerW
RegQueryValueExW
RegCreateKeyExW
CloseServiceHandle

gdi32

GetBkMode
GetObjectW

kernel32

lstrcmpiA
lstrlenW
MultiByteToWideChar
GetFileAttributesExA
LocalFree
_llseek
GlobalUnlock
TlsAlloc
CreateThread
GetCurrentThread
GetTempPathW
Beep
GlobalHandle
UnmapViewOfFile
SleepEx
LoadLibraryA
_lclose
lstrcmpW
HeapReAlloc
HeapFree
GetTickCount
GetTempFileNameW
DeleteCriticalSection
WideCharToMultiByte
lstrcpyA
InitializeCriticalSection
ExitThread
GetLastError
GetFullPathNameW
lstrcatW
DeleteFileW
SetLastError
GlobalReAlloc
GetCurrentProcess
GetCurrentProcessId
VirtualProtectEx
lstrcpyW
GetFileSize
GetThreadPriority
WaitForSingleObject
GetSystemTimeAsFileTime
lstrcpynW
PulseEvent
SetCurrentDirectoryW
IsBadStringPtrW
LeaveCriticalSection
CloseHandle
Sleep
lstrcpynA
IsBadReadPtr
LockResource
GetCurrentDirectoryW
MoveFileW
MapViewOfFile
SetThreadPriority
ExpandEnvironmentStringsW
FindResourceW
CreateEventW
EnterCriticalSection
FreeResource
_lwrite
HeapAlloc
GlobalLock
GetProfileStringW
CreateFileW
OpenFileMappingW
LoadLibraryW
InterlockedDecrement
CompareFileTime
SetUnhandledExceptionFilter
OpenEventW
HeapSize
GetACP
GetFileAttributesW
WaitForSingleObjectEx
InterlockedExchange
UnhandledExceptionFilter
TlsFree
IsBadWritePtr
LocalAlloc
TerminateProcess
GetModuleFileNameW
GetModuleHandleW
VerifyVersionInfoW
GlobalAlloc
QueryPerformanceCounter
IsBadCodePtr
GetCurrentThreadId
_lread
GetFileTime
TlsGetValue
LoadLibraryExW
FreeLibrary
SearchPathW
InterlockedIncrement
ResetEvent
CreateEventA
SetEvent
lstrcmpiW
GetPrivateProfileStringW
LoadResource
FileTimeToSystemTime
SetErrorMode
GlobalFree
TlsSetValue
GetProcAddress
GetModuleFileNameA

ntdll

NtQueryVirtualMemory
RtlInitializeResource
RtlReleaseResource
wcsrchr
NtClose
strstr
atoi
wcsncmp
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
wcschr
RtlUnwind
_wcsnicmp
NtResumeThread
NtCreateEvent
NtSetTimerResolution
NtSetValueKey
NtMapViewOfSection
RtlInitUnicodeString
NtCreateSection
mbstowcs
strncpy
RtlDeleteResource
NtQueryTimerResolution
NtUnmapViewOfSection
NtSetEvent
NtWaitForMultipleObjects
wcsncpy
RtlAcquireResourceExclusive
NtQueryValueKey
RtlCreateUserThread
wcslen
wcscat
strspn
RtlOpenCurrentUser
NtCancelTimer
towlower
NtCreateTimer
memmove
swprintf
NtOpenKey
NtSetTimer
RtlAcquireResourceShared
RtlImageNtHeader
VerSetConditionMask
wcscpy
wcsncat
isdigit
wcstol
strncmp

rpcrt4

RpcBindingFromStringBindingW
RpcBindingFree
RpcStringBindingComposeW
RpcStringFreeW
NdrClientCall2

user32

KillTimer
wsprintfA
CharUpperA
CreateWindowExA
MessageBoxW
LoadIconA
SystemParametersInfoW
UnregisterClassA
LoadStringW
GetAsyncKeyState
PostThreadMessageA
PostMessageW
SetTimer
RegisterClassA
DispatchMessageA
LoadStringA
PostMessageA
RegisterWindowMessageW
GetWinStationInfo
GetSystemMetrics
SendMessageA
CharLowerBuffA
GetMessageA
wsprintfW
DefWindowProcA
IsWindow
DestroyWindow

Exports

Exports

UppFm
MfHvvIJFMK
paAHnYlRj
NVrJPoWWme
XLAstEfers
GDTUstsLC
uQiC
oTcxBxsiOY
FyJbhx
UnaXmGe
tKhqotEVAS
aAPvPJcM
QbTxHOqbV
cYQED

Sections

.text
Size: 235KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9faa2085078dcc2238d9cc1f7dce54e6

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

kernel32

ntdll

rpcrt4

user32

Exports

Exports

Sections

.text Size: 235KB - Virtual size: 249KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 235KB - Virtual size: 249KB

.reloc
Size: 2KB - Virtual size: 2KB