46fd4479f67821856003035fb11191441b8967391e79d452f31a532fc19c9331

Sharing

Copy URL Twitter E-mail

General

Target

46fd4479f67821856003035fb11191441b8967391e79d452f31a532fc19c9331
Size

81KB
MD5

eee68e2870043809db1afdef9addf141
SHA1

cee8a34ad9e063e6a8c497cad1afae9c8a9bd8d5
SHA256

46fd4479f67821856003035fb11191441b8967391e79d452f31a532fc19c9331
SHA512

1fd93ce4f1f8f719fef403a0ea2df574ba01b045efa16757a3bd7b25783e19b0fd54e57dff05667e11a0e28cdc41678f8bf0b5613d2f27389d928668e1891ff9
SSDEEP

1536:geIXZcvLCNNSZhT2hOdkuE/8PYc9xvTKN:745/8PYc9xvTKN

Score

N/A

Malware Config

Signatures

Files

46fd4479f67821856003035fb11191441b8967391e79d452f31a532fc19c9331
.dll windows x86

8359339531c5d499e979229f9efee6dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
CloseHandle
CreateEventA
OpenEventA
Sleep
DeleteFileA
ReadFile
GetFileSize
CreateFileA
OutputDebugStringA
TerminateThread
CreateToolhelp32Snapshot
GetCurrentProcessId
SetThreadPriority
GetTickCount
GetCommandLineA
GetWindowsDirectoryA
Process32Next
CreateThread
GetVolumeInformationA
GetComputerNameA
GetVersionExA
OpenProcess
GetCurrentThreadId
ExitProcess
DisableThreadLibraryCalls
VirtualAlloc
VirtualFree
MultiByteToWideChar
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
VirtualAllocEx
SetErrorMode
GetModuleHandleA
GlobalAlloc
GlobalLock
LoadLibraryA
GetProcAddress
GlobalUnlock
GlobalFree
GetModuleFileNameA
GetCurrentProcess
IsBadReadPtr
Process32First
WideCharToMultiByte

user32

GetMessageA
GetWindowTextA
GetInputState
CallNextHookEx
SetWindowsHookExA
GetWindowThreadProcessId
EnumWindows
PostMessageA
PostThreadMessageA
GetSystemMetrics
wsprintfA
ClipCursor

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetReadFile

ws2_32

inet_ntoa
getpeername

advapi32

RegFlushKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

netapi32

Netbios

iphlpapi

GetAdaptersInfo

msvcrt

__CxxFrameHandler
_strdup
strncat
??2@YAPAXI@Z
strstr
atoi
strchr
sprintf
strrchr
??3@YAXPAX@Z
wcscmp
wcslen
abort
free
_initterm
malloc
_adjust_fdiv
_stricmp
_strupr

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueIndexA
VerQueryValueIndexW
VerQueryValueW

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8359339531c5d499e979229f9efee6dd

Headers

File Characteristics

Imports

kernel32

user32

wininet

ws2_32

advapi32

netapi32

iphlpapi

msvcrt

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 63KB

zdata Size: 10KB - Virtual size: 10KB

vdata Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 63KB

zdata
Size: 10KB - Virtual size: 10KB

vdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB