7deff90679a266a863f457c096939eb8752d89790b3a4b099340c9ab574b8657

Sharing

Copy URL Twitter E-mail

General

Target

7deff90679a266a863f457c096939eb8752d89790b3a4b099340c9ab574b8657
Size

62KB
MD5

a1606d4095893c02af4b74fa52e5a617
SHA1

68216ca4aebe88585c5bc0675d303b1b5983dbad
SHA256

7deff90679a266a863f457c096939eb8752d89790b3a4b099340c9ab574b8657
SHA512

72fac8e83ecda193ccf95337742105073831b4bec46118b59fd0e64cc310987eca55c287c3a4b498c63e80eebcc3b5ef1263fa44a61fdff776792e485885851c
SSDEEP

1536:dsWWLN/fcBLjD0IIR05LGBD1hvVL3bBKmo3STX:Dy/fQwIhLGBDrvdbBVo3k

Score

N/A

Malware Config

Signatures

Files

7deff90679a266a863f457c096939eb8752d89790b3a4b099340c9ab574b8657
.dll windows x86

3e5fa4dd45b95e4c4b47c0e38640aab2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
WaitForSingleObject
GetFileAttributesA
OpenFileMappingA
ExitProcess
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
FlushViewOfFile
GetTickCount
GetTempPathA
ResetEvent
WaitForMultipleObjects
SetEvent
OpenEventA
CreateEventA
HeapFree
GetProcessHeap
HeapAlloc
VirtualFreeEx
GetExitCodeThread
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
GlobalUnlock
ResumeThread
CreateProcessA
ExpandEnvironmentStringsA
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryA
FreeLibrary
ReadFile
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileInformationByHandle
SystemTimeToFileTime
GetLocalTime
RaiseException
InterlockedExchange
LocalAlloc
CreateThread
GetSystemDirectoryA
GetComputerNameA
CreateFileA
GetLastError
Sleep
GetFileSize
WriteFile
SetFilePointer
SetEndOfFile
CloseHandle
GetModuleFileNameA
OpenProcess
WideCharToMultiByte

ws2_32

connect
socket
inet_addr
gethostbyname
htons
send
recv
inet_ntoa
WSAIoctl
WSASocketA
gethostname
WSAStartup
WSAGetLastError
WSACleanup
closesocket

user32

SetWindowLongA
CallWindowProcA
GetDesktopWindow
GetSystemMetrics
GetForegroundWindow
UnhookWindowsHookEx
CreateWindowExA
SetClipboardViewer
SetWindowsHookExA
PeekMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
LoadIconA
LoadCursorA
RegisterClassA
DefWindowProcA
SendMessageA
OpenClipboard
GetWindowLongA
CloseClipboard
GetClassNameA
GetParent
GetWindowTextA
GetKeyNameTextA
GetKeyboardState
ToAscii
GetKeyState
CallNextHookEx
FindWindowA
EnumChildWindows
GetClipboardData

advapi32

SetSecurityDescriptorDacl
GetUserNameA
CreateProcessAsUserA
FreeSid
InitializeAcl
AllocateAndInitializeSid
GetLengthSid
IsValidSid
AddAccessAllowedAce
RegQueryValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor

msvcrt

atoi
isalpha
_CxxThrowException
_mbsstr
strftime
free
localtime
difftime
_ftol
srand
rand
time
strstr
_mbsnbcmp
sprintf
realloc
malloc
ftell
fseek
wcstombs
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_mbsicmp
??3@YAXPAX@Z
memset
??2@YAPAXI@Z
memcpy
strlen
_mbsrchr
strcpy
__CxxFrameHandler
fwrite
_mbscmp
fclose
fopen
_mbsrev
strcat
fread

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

Exports

Exports

?g_dwOperation@@3KA
?g_dwTargetPID@@3KA
FlushBuffer
Init
SM
WLEvtLock
WLEvtLogoff
WLEvtLogon
WLEvtShutdown
WLEvtStartScreenSaver
WLEvtStartup
WLEvtStopScreenSaver
WLEvtUnlock

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e5fa4dd45b95e4c4b47c0e38640aab2

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

advapi32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 3KB

Shared Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 3KB

Shared
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB