8be791cfaf6dbe2f1022406cbab97c3f53a084abd5b7e2ede043bd10de268352

Sharing

Copy URL

Twitter E-mail

General

Target

8be791cfaf6dbe2f1022406cbab97c3f53a084abd5b7e2ede043bd10de268352
Size

255KB
MD5

0c08b1960c39c2c9524dba1ffe86753c
SHA1

8e1f2c5aae34110d22b8e93277e2985473b3d2c9
SHA256

8be791cfaf6dbe2f1022406cbab97c3f53a084abd5b7e2ede043bd10de268352
SHA512

5f7eb2dfe282cbd90746f0ea810645ebe05d649565b2002dac0bb83a0ac305e42d6ddda7952246c5cc10027332a9a7afa618dfb1101472764468b9767f72e2fc
SSDEEP

6144:bLnteacLOatW4YZ0slwA2EjHOQHH9ukBjl86Uo3GluqkiKRS4nA:bjUeZ0s99A693MkpPn

Score

N/A

Malware Config

Signatures

Files

8be791cfaf6dbe2f1022406cbab97c3f53a084abd5b7e2ede043bd10de268352
.dll windows x86

0de9bdab4c286917a060910285432836

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

MapGenericMask
GetSecurityDescriptorControl
SetSecurityDescriptorSacl
RegEnumKeyA
CreateWellKnownSid
IsTextUnicode
RegQueryInfoKeyW
OpenProcessToken
InitializeSecurityDescriptor
FreeSid
ConvertSidToStringSidW
RegCloseKey
OpenThreadToken
GetSecurityDescriptorOwner
LookupAccountNameW
IsValidSecurityDescriptor
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorSacl
RegQueryValueExW
LookupPrivilegeDisplayNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CopySid
RegQueryValueExA
GetLengthSid
LsaOpenPolicy
RegOpenKeyExW
LsaFreeMemory
GetSecurityDescriptorLength
LsaQueryInformationPolicy
RegDeleteKeyA
IsValidSid
SetSecurityDescriptorOwner
RegCreateKeyExA
RegDeleteKeyW
LookupAccountSidW
RegSetValueExA
LsaClose
RegOpenKeyExA
MakeSelfRelativeSD
EqualSid
RegDeleteValueW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetTokenInformation

gdi32

SetBkMode
SetBkColor
SetTextColor
CreateCompatibleDC
GetPixel
GetTextExtentPoint32W
SetMapMode

kernel32

LoadResource
GetUserDefaultUILanguage
FindNextFileA
CompareStringW
GetWindowsDirectoryW
LocalFree
WritePrivateProfileStringW
LoadLibraryW
SetFilePointer
LoadLibraryA
WaitForSingleObject
WriteFile
GetVersionExA
LocalAlloc
lstrcatW
GetLastError
GetFileAttributesA
CreateThread
HeapFree
DeleteFileW
IsBadWritePtr
OutputDebugStringA
GetCurrentProcessId
GetModuleFileNameW
GetTempPathW
SetEvent
lstrcpyW
TryEnterCriticalSection
ReadFile
GetSystemWindowsDirectoryW
CreateEventW
FindResourceW
lstrcmpW
GetSystemTimeAsFileTime
GetTempFileNameW
lstrcpynW
GetCurrentThread
CreateProcessW
CreateDirectoryW
GlobalFree
FormatMessageW
EnterCriticalSection
lstrlenW
GetTickCount
GlobalLock
SetUnhandledExceptionFilter
GetModuleHandleW
SetLastError
lstrlenA
lstrcmpiW
InitializeCriticalSection
WritePrivateProfileSectionW
InterlockedDecrement
SetCurrentDirectoryW
GetUserDefaultLangID
GetThreadLocale
CreateFileW
ExpandEnvironmentStringsA
GetExitCodeThread
QueryPerformanceCounter
FindClose
GetProcessHeap
FreeLibrary
SizeofResource
LeaveCriticalSection
GetShortPathNameW
IsBadCodePtr
GetProcAddress
UnhandledExceptionFilter
GlobalAlloc
IsBadReadPtr
InterlockedIncrement
LoadLibraryExA
lstrcpyA
Sleep
GetModuleHandleA
MultiByteToWideChar
OutputDebugStringW
lstrcatA
GlobalUnlock
IsBadStringPtrW
TerminateProcess
GetCurrentProcess
CopyFileW
VirtualProtectEx
FindFirstFileA
HeapAlloc
GetModuleFileNameA
GetCurrentThreadId
LockResource
ExpandEnvironmentStringsW
WideCharToMultiByte
CloseHandle
FindNextFileW
SetThreadLocale
DeleteCriticalSection
FindFirstFileW
GetFileAttributesW

msvcrt

wcsncpy
free
_findclose
_CxxThrowException
fread
_wfindfirst
_strerror
_onexit
_wfindnext
swprintf
fwrite
setlocale
vswprintf
fseek
_wtol
wcscpy
wcstoul
_wcslwr
__dllonexit
ftell
?terminate@@YAXXZ
wcslen
_wcsicmp
__RTDynamicCast
mbstowcs
wcschr
wcstombs
wcsrchr
_fsopen
_wchdir
wcscmp
_initterm
wcscat
_wcsnicmp
__CxxFrameHandler
fclose
_wfsopen
wcsncat
malloc
_purecall
_wtoi

netapi32

DsGetDcNameW
NetApiBufferFree

ole32

StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
StringFromCLSID
ReleaseStgMedium
CoTaskMemFree
CoSetProxyBlanket
CreateStreamOnHGlobal

scecli

SceCompareSecurityDescriptors
SceGetObjectSecurity
SceCommitTransaction
SceUpdateSecurityProfile
SceEnumerateServices
SceSvcSetInformationTemplate
SceSvcFree
SceCloseProfile
SceSvcUpdateInfo
SceSvcGetInformationTemplate
SceCompareNameList
SceAddToNameList
SceGetSecurityProfileInfo
SceUpdateObjectInfo
SceAnalyzeSystem
SceSvcQueryInfo
SceLookupPrivRightName
SceRollbackTransaction
SceCreateDirectory
SceOpenProfile
SceGetScpProfileDescription
SceCopyBaseProfile
SceGetServerProductType
SceAddToNameStatusList
SceAppendSecurityProfileInfo
SceStartTransaction
SceFreeProfileMemory
SceSetupGenerateTemplate
SceGetObjectChildren
SceConfigureSystem
SceWriteSecurityProfileInfo
SceFreeMemory
SceSvcConvertTextToSD

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW

shlwapi

StrToIntW

user32

LoadBitmapW
GetWindowLongW
GetMessagePos
PtInRect
GetScrollInfo
DestroyWindow
IsWindow
SetWindowLongW
GetClientRect
MsgWaitForMultipleObjects
LoadStringW
LoadIconW
OpenClipboard
RegisterClipboardFormatW
ReleaseDC
wsprintfW
RedrawWindow
GetDC
IsWindowEnabled
TrackPopupMenu
CreatePopupMenu
PostThreadMessageW
SetScrollInfo
DefWindowProcW
CloseClipboard
CreateWindowExW
GetWindow
GetSystemMetrics
LoadImageW
SetCursor
GetParent
GetWindowRect
MessageBoxW
MapWindowPoints
MoveWindow
AppendMenuW
SetFocus
SystemParametersInfoW
TranslateMessage
DestroyIcon
GetFocus
SetScrollPos
GetSysColor
IsClipboardFormatAvailable
ShowWindow
ChildWindowFromPointEx
DispatchMessageW
ScreenToClient
EmptyClipboard
EnableWindow
ScrollWindow
BringWindowToTop
LoadCursorW
SetScrollRange
PostMessageW
WinHelpW
GetDlgCtrlID
SetWindowPos
SetWindowTextW
SetClipboardData
RegisterClassW
SendDlgItemMessageW
DrawFocusRect
IsWindowVisible
SendMessageW
FrameRect
InflateRect

version

VerQueryValueW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

Exports

Exports

teyHli
shGXc
GNpxpYRJV

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0de9bdab4c286917a060910285432836

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

netapi32

ole32

scecli

shell32

shlwapi

user32

version

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 242KB - Virtual size: 242KB

.data Size: 512B - Virtual size: 330B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 242KB - Virtual size: 242KB

.data
Size: 512B - Virtual size: 330B

.reloc
Size: 1KB - Virtual size: 1KB