1a023254964ce45b51ad57632c3772ee6f927821741663e500463c837a5a42d9

Sharing

Copy URL Twitter E-mail

General

Target

1a023254964ce45b51ad57632c3772ee6f927821741663e500463c837a5a42d9
Size

108KB
MD5

95743a8bf673ff5d225dfbefd5221543
SHA1

b8175a3643b70482e59690bbbf5eff93c0b4e7c7
SHA256

1a023254964ce45b51ad57632c3772ee6f927821741663e500463c837a5a42d9
SHA512

b7c0cc647984ec3cb075a9c60cd123840ed5d0fb0e742bc834265d750af1f57cdc08ef7b8a039edc5ec62356b7c8bf7e94ddd07071c2f5b8d0949147acdd06f9
SSDEEP

1536:3sUaMzKKW1N/jF/aZT8WtTgofHAzYGMrv6GQoVgAOReXJtI6NTCzn:3sUaOGXq8ogovAzDE6G9gAyeXJS6Nuj

Score

N/A

Malware Config

Signatures

Files

1a023254964ce45b51ad57632c3772ee6f927821741663e500463c837a5a42d9
.dll windows x86

24e738e8215d8150860ac1752a005e6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetCurrentProcess
MoveFileExA
TerminateThread
CreateThread
AllocConsole
WaitForSingleObject
WideCharToMultiByte
GetEnvironmentVariableW
HeapFree
HeapAlloc
GetProcessHeap
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
FileTimeToSystemTime
Thread32Next
Thread32First
GetWindowsDirectoryA
TerminateProcess
FindNextFileA
GetFileSize
GlobalFree
GlobalAlloc
GetStartupInfoW
GetStartupInfoA
CreatePipe
GetEnvironmentVariableA
DeviceIoControl
GetVolumeInformationA
GetDiskFreeSpaceExA
SearchPathA
ExpandEnvironmentStringsA
GetTempPathA
DuplicateHandle
GetLogicalDriveStringsA
GetDriveTypeA
CreateEventA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetCurrentThreadId
OutputDebugStringA
GetTickCount
GetSystemTime
lstrcmpA
GetLocaleInfoA
lstrcpyA
lstrcatA
Sleep
ReadFile
GetLastError
WriteFile
SetEndOfFile
GetVersionExA
QueryDosDeviceA
SetFilePointer
CreateProcessA
MoveFileA
CreateDirectoryA
FindFirstFileA
PeekNamedPipe
FindClose
GetSystemDirectoryA
GetFileAttributesA
GetModuleHandleA
CopyFileA
DeleteFileA
GetModuleFileNameA
GetTempFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
SetFileTime
SetFileAttributesA
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime

user32

GetThreadDesktop
GetProcessWindowStation
ExitWindowsEx
GetWindowTextA
GetWindowTextLengthA
OpenWindowStationA
GetAsyncKeyState
GetKeyState
GetSystemMetrics
wsprintfA
EnumWindows
GetWindowThreadProcessId
GetWindowLongA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
CloseDesktop
CloseWindowStation
CharUpperA
GetForegroundWindow

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetDIBits
CreateDCA

advapi32

RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidA
RevertToSelf
ControlService
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
ImpersonateLoggedOnUser
QueryServiceConfigA
EnumServicesStatusA
ChangeServiceConfigA
QueryServiceStatus
CreateProcessWithLogonW
LogonUserA
RegEnumKeyExA
RegDeleteKeyA

shell32

SHFileOperationA

msvcrt

rename
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
printf
wcscmp
_strupr
wcslen
atoi
_local_unwind2
strncat
time
srand
rand
strchr
_except_handler3
_CxxThrowException
??2@YAPAXI@Z
strstr
??3@YAXPAX@Z
malloc
free
_open
_read
_write
_close
_lseek
remove
_tempnam
sprintf
strncpy
strrchr
__CxxFrameHandler

netapi32

NetApiBufferFree
NetShareEnum
NetUserEnum

ws2_32

gethostbyname
inet_addr
htons
WSACleanup
WSAStartup
WSCEnumProtocols
inet_ntoa
WSAIoctl

iphlpapi

GetNetworkParams
GetAdaptersInfo

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

psapi

EnumProcessModules
GetModuleFileNameExA

ntdll

_itoa
_strcmpi

wininet

HttpAddRequestHeadersA
InternetSetOptionA
InternetQueryDataAvailable
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA

userenv

CreateEnvironmentBlock
GetUserProfileDirectoryA
DestroyEnvironmentBlock

Exports

Exports

MainRun
ServiceMain

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24e738e8215d8150860ac1752a005e6c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

netapi32

ws2_32

iphlpapi

version

psapi

ntdll

wininet

userenv

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 42KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 42KB

.reloc
Size: 8KB - Virtual size: 7KB