e52831eb8b3e7e98f3599fb85a1533081e28c730bce06494fb2698ae6ed597a5

Sharing

Copy URL

Twitter E-mail

General

Target

e52831eb8b3e7e98f3599fb85a1533081e28c730bce06494fb2698ae6ed597a5
Size

28KB
MD5

6d8d6c1bf46d03db27bb09b26207feac
SHA1

4a4f66a1b278764e3f6f2ff34e7ee6f519e9605e
SHA256

e52831eb8b3e7e98f3599fb85a1533081e28c730bce06494fb2698ae6ed597a5
SHA512

68bb6b5a445a80d0491688c475061bb65a7e1f2331a76f825c87b5f9ec10e6e5e36b7c251d045f618882fb399a0d31a3ce49f2ccfbca9fcc4060f4b40a4a6d5d
SSDEEP

768:knVTXUvLY1b93z3+wOA/PRjEigA4L5kRueFd:knVTXskJBz3+CRwigIAez

Score

N/A

Malware Config

Signatures

Files

e52831eb8b3e7e98f3599fb85a1533081e28c730bce06494fb2698ae6ed597a5
.dll windows x86

29af8e438196f5d9d8003076b9d707f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
QueryDosDeviceA
GetModuleHandleA
VirtualAlloc
GetPrivateProfileStringA
IsBadReadPtr
CopyFileA
GetSystemTime
WritePrivateProfileStringA
Process32First
SetFilePointer
GetModuleFileNameA
UnmapViewOfFile
LoadLibraryA
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
Process32Next
GetTempPathA
GlobalAlloc
GlobalLock
WriteFile
GlobalUnlock
GlobalFree
MultiByteToWideChar
DeleteFileA
lstrcpynA
CreateFileA
ReadFile
CloseHandle
GetTickCount
lstrlenA
lstrcmpiA
lstrcatA
lstrcpyA
lstrcmpA
Sleep
ExitProcess
VirtualProtect
OutputDebugStringA
CreateThread

user32

SetForegroundWindow
GetWindowInfo
PrintWindow
FindWindowA
ShowWindow
GetWindowThreadProcessId
IsRectEmpty
GetDC
ReleaseDC
GetActiveWindow
IsIconic
GetWindowTextA
GetSystemMetrics
EnumWindows
GetClassNameA
GetForegroundWindow
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
FindWindowExA

gdi32

CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
CreateDCA
GetDeviceCaps
DeleteDC
GetObjectA
GetStockObject
SelectPalette
CreateCompatibleDC
GetDIBits
RealizePalette

advapi32

OpenSCManagerA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
InternetConnectA
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA

ws2_32

inet_ntoa
gethostbyname

gdiplus

GdiplusStartup
GdipAlloc
GdipLoadImageFromFile
GdipFree
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage
GdipSaveImageToFile
GdipCloneImage

netapi32

Netbios

msvcrt

strchr
free
malloc
atoi
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
strstr
memmove
sscanf

Exports

Exports

Hookoff
Hookon
InstallService

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29af8e438196f5d9d8003076b9d707f9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

ws2_32

gdiplus

netapi32

msvcrt

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 18KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 18KB

.reloc
Size: 2KB - Virtual size: 2KB