ebfb798ff71e55c8f5a8baa0d2ab5c01a39ea564d21927f68a5573da46c422fe

Sharing

Copy URL Twitter E-mail

General

Target

ebfb798ff71e55c8f5a8baa0d2ab5c01a39ea564d21927f68a5573da46c422fe
Size

188KB
MD5

02a11d825ada7e7c3569cd36a652d7f0
SHA1

6074bf9748cfc7952cc30d6d2c29ae860eab2a73
SHA256

ebfb798ff71e55c8f5a8baa0d2ab5c01a39ea564d21927f68a5573da46c422fe
SHA512

52d83661736b56e6572c75ddafb1d1df5ce366b4c2df7509803b63cbef226ecaecd53a5a34929a77900e40de030a3668afd4d7c7a07d59b904855ba543c53e43
SSDEEP

3072:ErB64wkzMkGtd0o+ctfydgNKOCBmB8hLqUqH:oHwXJfDCBy8pqpH

Score

N/A

Malware Config

Signatures

Files

ebfb798ff71e55c8f5a8baa0d2ab5c01a39ea564d21927f68a5573da46c422fe
.dll windows x86

99eeedf41fdf94951490f46f0e419a98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

simcomex

?InitInstance@CSimSend@@QAEHKKK@Z
?Send@CSimSend@@QAEHPAXKHK@Z
??0CSimSend@@QAE@XZ
??1CSimSend@@QAE@XZ
?ExitInstance@CSimSend@@QAEXXZ

kernel32

SetErrorMode
TlsGetValue
GetCPInfo
GetOEMCP
LocalReAlloc
GlobalFlags
GetProcessVersion
GetCurrentProcess
WriteFile
WritePrivateProfileStringA
RtlUnwind
EnterCriticalSection
GlobalReAlloc
TlsSetValue
MultiByteToWideChar
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
GlobalHandle
LeaveCriticalSection
TlsFree
TlsAlloc
GlobalFree
DeleteCriticalSection
LocalAlloc
InitializeCriticalSection
LocalFree
GetModuleFileNameA
GetCurrentThread
GlobalAlloc
lstrcmpA
SetEvent
WideCharToMultiByte
CreateSemaphoreA
lstrlenA
InterlockedDecrement
InterlockedIncrement
lstrcpynA
GetLastError
GlobalLock
GlobalUnlock
SetLastError
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
CreateEventA
CloseHandle
GetProcAddress
LoadLibraryA
FreeLibrary
HeapFree
RaiseException
ResetEvent
ReleaseSemaphore
WaitForMultipleObjects
IsBadCodePtr
ResumeThread
WaitForSingleObject
CreateThread
GetCommandLineA
HeapAlloc

user32

GetClientRect
GetSysColor
MapWindowPoints
LoadIconA
SetWindowTextA
ShowWindow
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
GetActiveWindow
TranslateMessage
GetMessageA
UnregisterClassA
GetClassNameA
PtInRect
GetSysColorBrush
DestroyMenu
LoadStringA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
PeekMessageA
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
SetPropA
UnhookWindowsHookEx
GetPropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetParent
PostMessageA
EnableWindow
IsWindow
SendMessageA
SetParent
LoadCursorA
CallWindowProcA
RemovePropA
GetClassLongA

ws2_32

htonl
htons

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

comctl32

ord17

gdi32

SetTextColor
GetClipBox
SetBkColor
RestoreDC
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
Escape
GetObjectA
CreateBitmap
DeleteDC
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteObject
SaveDC
GetDeviceCaps
PtVisible
TextOutA
ExtTextOutA
RectVisible
SetViewportExtEx
SelectObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

Exports

Exports

??0ILanCapture@@QAE@ABV0@@Z
??0ILanCapture@@QAE@XZ
??4ILanCapture@@QAEAAV0@ABV0@@Z
??_7ILanCapture@@6B@
CreateLanCapture

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

99eeedf41fdf94951490f46f0e419a98

Headers

File Characteristics

Imports

simcomex

kernel32

user32

ws2_32

avicap32

comctl32

gdi32

winspool.drv

advapi32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 12KB - Virtual size: 10KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 12KB - Virtual size: 10KB

.rmnet
Size: 60KB - Virtual size: 60KB