c86973ffcbc1655af367ee8870271f89d43eaed63b9682085648bc267cd14eee

Sharing

Copy URL Twitter E-mail

General

Target

c86973ffcbc1655af367ee8870271f89d43eaed63b9682085648bc267cd14eee
Size

27KB
MD5

6e0eba0c75f9df14b182b3e38b6db241
SHA1

a8e5a50d27d16f9ffb15597ad57917d0a2add3db
SHA256

c86973ffcbc1655af367ee8870271f89d43eaed63b9682085648bc267cd14eee
SHA512

5dd5c12845a7d7f73001809dd7fd9c5d6dee7aedc424abb33c6a2d5a3fe3e67713856601ff3e8850c23ad940783d48a759f01145095321a8b5a0094572882189
SSDEEP

384:w7MkhhR4juoke8D4iOVr5kJloXUYsiSMkD1EuVSgz81kUhCTX/yfLPL9rDBaWaW/:mhRaY7k/VKoXZkfVnQ5wT/+1aWaWLz

Score

N/A

Malware Config

Signatures

Files

c86973ffcbc1655af367ee8870271f89d43eaed63b9682085648bc267cd14eee
.dll windows x86

456fd68b552f206034193f16647ab48d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetFileSize
ReadFile
CreateFileA
DeleteFileA
MultiByteToWideChar
GlobalFree
GlobalUnlock
WriteFile
GlobalLock
GlobalAlloc
GetTempPathA
WritePrivateProfileStringA
CreateThread
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTickCount
WideCharToMultiByte
GetModuleHandleA
IsBadReadPtr
SetFileAttributesA
SizeofResource
LockResource
LoadResource
FindResourceA
CopyFileA
GetModuleFileNameA
VirtualProtect
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
lstrcmpiA
lstrcpynA
lstrlenA
lstrcmpA
lstrcpyA
Sleep
ExitProcess
GetSystemDirectoryA
lstrcatA
LoadLibraryA
GetProcAddress
FreeLibrary
OutputDebugStringW
OutputDebugStringA

user32

GetWindowTextA
ReleaseDC
GetDC
IsRectEmpty
PrintWindow
GetWindowInfo
EnumWindows
GetSystemMetrics
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA

gdi32

RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits

wininet

InternetQueryDataAvailable
InternetConnectA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetReadFile

msvcrt

free
malloc
atoi
wcscmp
strstr
memmove
wcscpy
_beginthread
??2@YAPAXI@Z

gdiplus

GdiplusShutdown
GdipSaveImageToFile
GdipLoadImageFromFile
GdipAlloc
GdiplusStartup
GdipFree
GdipDisposeImage
GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize

Exports

Exports

InstallService
wdof
wdon

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

456fd68b552f206034193f16647ab48d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

wininet

msvcrt

gdiplus

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB