c4932fad51772988c4b4f8e305a0be755eebeb34124d124c8d728a8ea867b179

Sharing

Copy URL

Twitter E-mail

General

Target

c4932fad51772988c4b4f8e305a0be755eebeb34124d124c8d728a8ea867b179
Size

157KB
MD5

7b5813655ad1925cdc50f2197750a594
SHA1

162031e0f21739ce774db7ec92ba9a7e4d0f734b
SHA256

c4932fad51772988c4b4f8e305a0be755eebeb34124d124c8d728a8ea867b179
SHA512

9c678ffbcd18c4c23e5d6262e0f44ffbe0a1a2456009ed5a132b6229d3c936e878a1e6a339c89dc10ffd93054a6065cc16721fd6fba58940b5f6d6ae642b7c85
SSDEEP

3072:8WEAy+sRED0/8YysdOJPFuDa9ZroNncdaw:8WEF+sKD0EYy+M9u2ZL

Score

N/A

Malware Config

Signatures

Files

c4932fad51772988c4b4f8e305a0be755eebeb34124d124c8d728a8ea867b179
.dll windows x86

bff620f2a8ebd6b25c1d702f01a6966b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryW
GetTempPathA
GetLocalTime
HeapFree
GetProcessHeap
SetEvent
HeapAlloc
CreateEventA
lstrcpyA
GlobalFree
GlobalAlloc
GetComputerNameA
lstrlenA
WideCharToMultiByte
OpenThread
GetExitCodeThread
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetCurrentProcessId
GetTickCount
TerminateThread
Thread32First
CreateToolhelp32Snapshot
ExitProcess
MoveFileA
GetTempFileNameA
ReadProcessMemory
GlobalMemoryStatus
GetSystemDefaultLangID
lstrcmpiA
CreateDirectoryW
DeleteFileW
MoveFileW
GetLogicalDriveStringsA
RtlUnwind
LCMapStringW
LCMapStringA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
GetFileSize
GetSystemTime
SetFileAttributesW
WinExec
GetVersionExA
GetCurrentThreadId
FindFirstFileA
FindNextFileA
RemoveDirectoryA
GetFileAttributesA
CreateDirectoryA
FreeLibrary
DeleteFileA
GetModuleHandleA
CreatePipe
GetCurrentThread
ReadFile
WriteFile
TerminateProcess
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateProcessA
OpenProcess
WaitForSingleObject
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
MultiByteToWideChar
GetModuleFileNameA
CreateMutexA
GetLastError
GetCurrentProcess
GetSystemDirectoryA
ExitThread
GetWindowsDirectoryA
lstrcatA
WritePrivateProfileStringA
SetFileAttributesA
CopyFileA
Sleep
CreateThread
GetDriveTypeA
CreateFileA
DeviceIoControl
Thread32Next
CloseHandle

user32

wsprintfA
ExitWindowsEx
CloseDesktop
CloseWindowStation
DestroyWindow
GetUserObjectInformationA
SetTimer
IsWindow
SendMessageA
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
ReleaseDC
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
mouse_event
SetCursorPos
keybd_event
GetDC
PostMessageA
OpenInputDesktop
KillTimer
GetSystemMetrics

advapi32

CloseEventLog
RegOpenKeyExA
AdjustTokenPrivileges
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
GetTokenInformation
LookupAccountSidA
QueryServiceConfigA
EnumServicesStatusA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegCreateKeyExA
RegQueryValueExA
DeleteService
ControlService
DuplicateTokenEx
OpenEventLogA
ClearEventLogA
LookupPrivilegeValueA
LogonUserA
CreateProcessAsUserA
OpenSCManagerA
OpenServiceA
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
ChangeServiceConfig2A
StartServiceA
RegDeleteKeyA
OpenProcessToken
RegCloseKey

gdi32

DeleteDC
SelectObject
CreateDCA
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetDIBits
GetObjectA
BitBlt
GetDeviceCaps

ws2_32

WSAStartup
__WSAFDIsSet
select
gethostbyname
inet_addr
sendto
send
shutdown
connect
ioctlsocket
bind
htonl
htons
closesocket
socket
gethostname
inet_ntoa
recvfrom
recv
setsockopt

urlmon

URLDownloadToFileA

psapi

GetProcessMemoryInfo
GetModuleFileNameExA
GetMappedFileNameA

userenv

LoadUserProfileA

wininet

InternetQueryDataAvailable
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
HttpSendRequestA

msvcrt

_CIacos
_adjust_fdiv
_initterm
_onexit
__dllonexit
isdigit
memcpy
memset
strcat
printf
strcmp
strlen
strcpy
realloc
_CIpow
_stricmp
srand
rand
strncmp
atol
_write
_wfindfirst
wcscpy
wcscat
_wfindnext
_wopen
_filelengthi64
_lseeki64
_eof
_read
_close
_atoi64
wcslen
sprintf
sscanf
??3@YAXPAX@Z
strncpy
malloc
free
__CxxFrameHandler
_ftol
??2@YAPAXI@Z
_vsnprintf
atoi
_findclose
strftime
localtime
_i64toa
_wfindnexti64
_wfindfirsti64
swprintf
wcscmp

msvfw32

ICSeqCompressFrameStart
ICSeqCompressFrame
ICDecompress
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

winmm

mixerClose
waveInReset
waveInStart
waveOutWrite
waveOutPrepareHeader
waveInOpen
waveInClose
waveOutOpen
waveOutClose
waveOutReset
waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveOutUnprepareHeader

Exports

Exports

InitSQLConnect
SQLAlloc
SQLClose
SQLExecute
SQLFree
SQLQuery
Uninstall

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bff620f2a8ebd6b25c1d702f01a6966b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ws2_32

urlmon

psapi

userenv

wininet

msvcrt

msvfw32

avicap32

winmm

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 28KB - Virtual size: 127KB

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 28KB - Virtual size: 127KB

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 8KB - Virtual size: 6KB