5bb7442e8353d6ed037aa8c4e4fa896ac47dfb60f225d614272f94c67e97f87f

Sharing

Copy URL

Twitter E-mail

General

Target

5bb7442e8353d6ed037aa8c4e4fa896ac47dfb60f225d614272f94c67e97f87f
Size

84KB
MD5

6de0f46c44c8fa49fb9c8b3c8362da10
SHA1

07f3701767583b0eab43d0022ed33d29ae67fdc1
SHA256

5bb7442e8353d6ed037aa8c4e4fa896ac47dfb60f225d614272f94c67e97f87f
SHA512

2ce1df122df9b283b278a002ec83f9182168b73f4f5b97273007ac90ce3016e0e10652bb7d27082d18c684946bcc61e1246a86be207488009374dfa290532969
SSDEEP

768:NmVJ5xoIYMnRaFb1QKMUOFOOyZCA3iLNlQK9p2NbEAZ3Dg1p:QVLeIYMnG7ZOQOyZCISNltpEEQ0p

Score

N/A

Malware Config

Signatures

Files

5bb7442e8353d6ed037aa8c4e4fa896ac47dfb60f225d614272f94c67e97f87f
.dll windows x86

77758f362c0b50391bbe93f6f2a98fd4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrW
StrCmpNIA
StrRStrIW
StrCpyNW
StrCpyW
PathFileExistsW
StrCatW
StrChrA
StrCmpW
StrStrA
StrStrIW

ws2_32

WSASetLastError
WSASetEvent
inet_ntoa
gethostbyname
WSACleanup
gethostbyaddr
WSAStartup
getsockname

kernel32

VirtualFreeEx
GetVersionExA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetSystemTime
UnmapViewOfFile
VirtualAlloc
VirtualFree
lstrlenW
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetCurrentThreadId
GetModuleHandleA
Sleep
lstrlenA
WideCharToMultiByte
GetCurrentProcess
FlushInstructionCache
VirtualProtect
SetLastError
CloseHandle
GetModuleFileNameW
CreateFileW
GetFileSize
ReadFile
FlushFileBuffers
WriteFile
OpenMutexW
ReleaseMutex
QueryPerformanceCounter
GetTickCount
lstrcpyW
LoadLibraryW
GetSystemDirectoryW
GetTempPathW
GetCurrentProcessId
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualQuery
TerminateProcess
LocalAlloc
LocalFree
GetLocaleInfoA
lstrcatW
CreateThread
EnterCriticalSection
LeaveCriticalSection
ExitThread
DeleteCriticalSection
FreeLibraryAndExitThread
DisableThreadLibraryCalls
InitializeCriticalSection
GetModuleHandleExW
CreateMutexW
CreateProcessW
MoveFileExW
OpenFileMappingW
CreateFileMappingW
MapViewOfFile

user32

wsprintfA
PeekMessageW
CharLowerA
CharLowerW
MsgWaitForMultipleObjects
wsprintfW
DispatchMessageW
TranslateMessage

advapi32

SetSecurityDescriptorDacl
RegQueryValueExW
RegDeleteKeyW
RegFlushKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey

ole32

CoSetProxyBlanket
CoInitializeSecurity
IIDFromString
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

Exports

Exports

a
s

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77758f362c0b50391bbe93f6f2a98fd4

Headers

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 7KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 7KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 4KB