19386d24df5d4eaa1c19a27930ab83d6dd30fbed6b863a77c54ff2915452abed

Sharing

Copy URL Twitter E-mail

General

Target

19386d24df5d4eaa1c19a27930ab83d6dd30fbed6b863a77c54ff2915452abed
Size

139KB
MD5

64878004ffdbb805a4a360da13353aea
SHA1

c03c65d53749ba7c1c80efd9209727c3345c414e
SHA256

19386d24df5d4eaa1c19a27930ab83d6dd30fbed6b863a77c54ff2915452abed
SHA512

67ad431d3aea9135765f371141cbc33a2a067394f56e14018a97089a95e1c8c97ee757a088c0988c4c8c65001ae7d58381ee05ab3bac3e5e5213ffd89a019176
SSDEEP

3072:FrLuR2GmRqghDpku45p0cUwzvu2TwTrajxC3qK6BxpygS90w+0JOZekIBCaGgS:RCsbRq+pr4X0Uzv8r4y82/

Score

N/A

Malware Config

Signatures

Files

19386d24df5d4eaa1c19a27930ab83d6dd30fbed6b863a77c54ff2915452abed
.dll windows x86

38915e7c4b4e5007fd336716c8820b0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceExW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileSizeEx
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetThreadLocale
GetTickCount
GetVersionExA
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
FindNextFileW
LoadLibraryW
LoadResource
LockResource
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
RtlUnwind
SetThreadLocale
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
WideCharToMultiByte
lstrcmpiW
lstrlenW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitProcess
EnterCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
CreateFileW
LoadLibraryExW
CreateFileMappingW

user32

CharNextW
UnregisterClassA

ntdll

memcpy
memmove
memset
wcstoul
_wcsicmp
_vsnwprintf
_vsnprintf
RtlInitUnicodeString
RtlFreeHeap
RtlAllocateHeap
NtQueryValueKey

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msvcrt

calloc
_unlock
_purecall
_onexit
_lock
_initterm
_errno
free
_amsg_exit
__set_app_type
__p__fmode
__dllonexit
__CxxFrameHandler
_XcptFilter
_CxxThrowException
malloc
printf
_callnewh
realloc

userenv

ForceSyncFgPolicy
RsopResetPolicySettingStatus

shell32

ShellHookProc
SHGetSettings
WOWShellExecute
DragAcceptFiles
SHUpdateRecycleBinIcon
SHLoadInProc

advapi32

GetTraceEnableLevel
GetTraceLoggerHandle
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags

Exports

Exports

CopyPixels
GetTableColumnInfo
HrGetCertificateParam
Move
OpenFileStreamShare

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38915e7c4b4e5007fd336716c8820b0d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

version

msvcrt

userenv

shell32

advapi32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 24KB - Virtual size: 24KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 16KB - Virtual size: 15KB