16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c

Sharing

Copy URL

Twitter E-mail

General

Target

16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c
Size

310KB
MD5

b9d425b1970b5fd03aed67053d97916d
SHA1

6b198494ce7d94fe26e72f4d0de776c897d9231a
SHA256

16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c
SHA512

621449a17709fb703c18e84b31956a1fefd7a0204743061c401f7208a12c9a51df6f60eee0be155ca290d0336e46b7fdef8eaa4267dc8147916f43d824cb989d
SSDEEP

6144:57lnIn7dpc1ArWEboJ42GQ5cXjXbjKSASilvo9Br+xtiedXYEuB8btelu:1lktrkJ42G0cLbOSAS2oetiexYEuH

Score

N/A

Malware Config

Signatures

Files

16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c
.dll windows x86

12521ccb06d79a59621f7611b687f5d4

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
SetSecurityDescriptorDacl
LsaLookupNames2
RegEnumKeyExW
RegReplaceKeyW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
CreateRestrictedToken
InitializeSecurityDescriptor
RegSetValueExW

comctl32

_TrackMouseEvent

crypt32

CertGetNameStringW
CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObjectEx
CertEnumPhysicalStore
CertOpenStore
CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CertVerifyTimeValidity
CertFreeCertificateContext
CertOpenSystemStoreW
CertNameToStrW

gdi32

GetObjectW
CreateFontIndirectW

kernel32

WaitForMultipleObjects
WideCharToMultiByte
DuplicateHandle
LoadResource
IsProcessorFeaturePresent
GetUserDefaultUILanguage
OutputDebugStringW
ReleaseMutex
HeapDestroy
FileTimeToLocalFileTime
FindClose
GetDateFormatW
MultiByteToWideChar
DisconnectNamedPipe
WriteFile
CloseHandle
ResetEvent
CompareFileTime
WaitForSingleObject
ReadFile
HeapFree
CreateFileW
GetCurrentProcessId
SetThreadLocale
GetCurrentThreadId
OpenMutexW
QueryPerformanceCounter
CreateNamedPipeA
WaitForMultipleObjectsEx
LockResource
GetTempPathW
CreateThread
GetProcessHeap
CreateMutexW
GetSystemTimeAsFileTime
CreateEventW
RaiseException
GetTickCount
FlushFileBuffers
ProcessIdToSessionId
InitializeCriticalSectionAndSpinCount
SetNamedPipeHandleState
WaitNamedPipeA
ConnectNamedPipe
HeapReAlloc
DeleteFileW
LeaveCriticalSection
HeapSize
GetLocalTime
LoadLibraryW
GetModuleFileNameW
CreateNamedPipeW
SetEvent
FreeLibrary
VirtualProtect
FileTimeToSystemTime
GetLastError
GetSystemDefaultLangID
IsDebuggerPresent
OpenFileMappingW
GetCommandLineW
SizeofResource
GetProcAddress
FindResourceW
GetModuleHandleW
FindNextFileW
HeapAlloc
GetCurrentProcess
MapViewOfFile
EnterCriticalSection
DeleteCriticalSection
GetOverlappedResult
Sleep
LocalFree
GetACP
FindResourceExW
FindFirstFileW

ole32

CoUninitialize
CoInitialize

shell32

ExtractAssociatedIconA
SHBindToParent
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW
ExtractIconA

user32

DestroyWindow
GetWindowLongW
GetWindowTextA
GetWindowRect
IsDlgButtonChecked
GetWindow
LoadStringW
RegisterWindowMessageW
RedrawWindow
DefWindowProcW
GetForegroundWindow
GetThreadDesktop
GetParent
KillTimer
GetTopWindow
CheckDlgButton
LoadBitmapW
ShowWindow
CreateDialogParamW
CheckMenuItem
GetDesktopWindow
SendMessageTimeoutA
PostMessageW
RegisterClassW
OpenInputDesktop
SetWindowPos
CloseWindowStation
DestroyMenu
SendMessageW
SetWindowTextW
DialogBoxParamW
DispatchMessageW
GetUserObjectInformationW
GetMenuStringW
SetThreadDesktop
MoveWindow
ReleaseCapture
EnableWindow
EnumThreadWindows
AppendMenuW
SetProcessWindowStation
UnregisterClassW
GetWindowThreadProcessId
IsWindow
SetCapture
SetWindowLongW
MsgWaitForMultipleObjects
GetSystemMetrics
SetTimer
GetWindowTextW
MapVirtualKeyExA
GetMessageW
TranslateMessage
TrackPopupMenuEx
RemoveMenu
CloseDesktop
AttachThreadInput
EndDialog
CreateWindowExW
GetDlgItemTextW
ClientToScreen
SetForegroundWindow
CreatePopupMenu
SetFocus
OpenWindowStationW
PostThreadMessageW
IsWindowVisible
SetDlgItemTextW
GetCursorPos
OpenDesktopW
MessageBoxW
GetProcessWindowStation

ws2_32

freeaddrinfo
getaddrinfo

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

Exports

Exports

AB
PCMl
joqk
Ye
tUAQ
uafj
rRQ
Qx
OT
oAR
Oht
tL
Ibwk
hrtn
VeV
aV
tVn
RvXt
GMVc
TOkX
sU
Ey
Myd
lSK
DT
Jo
udTl
fPv
Xl
RPyx
LPuc
CNB
RY
Ggg
DS
XJnO
nmlG
HBe
Thsf
ji
Fya
nYA
Ijw
ndh
py
qNdU
PJ

Sections

.text
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12521ccb06d79a59621f7611b687f5d4

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

crypt32

gdi32

kernel32

ole32

shell32

user32

ws2_32

wtsapi32

Exports

Exports

Sections

.text Size: 299KB - Virtual size: 298KB

.rdata Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 299KB - Virtual size: 298KB

.rdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB