b80ced3353ff2dc3b3301d982620ce5b7d1cc49ad0465e3a70acf4e3f36c35a1

Sharing

Copy URL Twitter E-mail

General

Target

b80ced3353ff2dc3b3301d982620ce5b7d1cc49ad0465e3a70acf4e3f36c35a1
Size

129KB
MD5

6c060a034deec783020b0a4965614240
SHA1

0fb75f3da8a91c8997ee42bd1b3fe5427c9d727e
SHA256

b80ced3353ff2dc3b3301d982620ce5b7d1cc49ad0465e3a70acf4e3f36c35a1
SHA512

ecbbe318c8dfc4cd9508ec7e7383ddc4ed127eb24fa0bc625b14d04c75bbb6964423462cfc6fab22344f6b80f8de56356fef95b80786aafb353197996b1e5402
SSDEEP

3072:g693p/Ql8opFWSfYFk4KYcT2e0lFsT1yC:gGUbKSfYFkZYRlFu1J

Score

N/A

Malware Config

Signatures

Files

b80ced3353ff2dc3b3301d982620ce5b7d1cc49ad0465e3a70acf4e3f36c35a1
.dll windows x86

8f750dbb0a7159847eb2981dcebecb51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrA
StrCmpNIW
PathStripPathA
StrRChrW
StrRChrA

ntdll

NtQuerySystemInformation
RtlUnwind

ws2_32

bind
socket
closesocket
send
listen
accept
WSAStartup
WSACleanup
htonl
htons
ioctlsocket
select
recv
shutdown

psapi

EnumProcessModules
GetMappedFileNameA

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam

kernel32

CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersion
CreateEventA
GetCurrentProcessId
lstrcmpA
lstrlenA
GetCurrentProcess
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
DeleteCriticalSection
lstrcpyA
lstrcmpiA
GetModuleFileNameA
HeapAlloc
HeapFree
SetEvent
OpenThread
GetCurrentThreadId
CreateThread
HeapReAlloc
MultiByteToWideChar
GetVersionExA
WideCharToMultiByte
lstrlenW
lstrcpyW
ExpandEnvironmentStringsW
MulDiv
GetModuleHandleA
GlobalUnlock
FindFirstFileW
WriteFile
OpenProcess
lstrcmpW
FindClose
RemoveDirectoryW
lstrcmpiW
lstrcatW
FindNextFileW
DeleteFileW
GetTickCount
GetSystemTimeAsFileTime
GetProcessTimes
TerminateProcess
lstrcatA
CreateMutexA
GetLocaleInfoW
VerLanguageNameW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
LoadLibraryW
SetLastError
SystemTimeToFileTime
WaitForMultipleObjects
ReleaseMutex
GetSystemTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetTempPathW
HeapDestroy
HeapCreate
LocalFree
GetCurrentThread
TerminateThread
SetUnhandledExceptionFilter
GetExitCodeThread
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualQuery
TlsGetValue
TlsSetValue
DecodePointer
UnhandledExceptionFilter
IsDebuggerPresent
LCMapStringW
GetStringTypeW
InitializeCriticalSectionAndSpinCount
ExitProcess
GetStdHandle
GetModuleFileNameW
GetLastError
Sleep
WaitForSingleObject
GlobalLock
EncodePointer

user32

GetUserObjectInformationA
VkKeyScanA
GetKeyboardLayoutList
ToAscii
MoveWindow
DispatchMessageA
GetSysColor
RedrawWindow
GetKeyboardLayout
TranslateMessage
BeginPaint
GetClientRect
KillTimer
DrawTextW
CharUpperBuffW
GetWindowRect
SetTimer
GetMessageA
EndPaint
wsprintfW
wsprintfA
GetThreadDesktop
GetWindowInfo
GetParent
PtInRect
FindWindowExA
GetClipboardData
CreateWindowExA
ChangeClipboardChain
DefWindowProcA
OpenClipboard
SetClipboardViewer
GetClipboardOwner
RegisterClassA
IntersectRect
GetDC
ReleaseDC
CloseDesktop
RegisterWindowMessageA
GetDesktopWindow
SetThreadDesktop
GetWindowThreadProcessId
GetWindow
DestroyWindow
CloseClipboard
SendNotifyMessageA
SetWindowLongA
GetWindowLongA

gdi32

SetWindowOrgEx
BitBlt
SetTextColor
CreateFontA
SetBkColor
SetBkMode
SelectClipRgn
GetClipBox
ExtTextOutA
DeleteDC
CreateDIBSection
GetDeviceCaps
GetDIBits
SetDIBColorTable
GetRegionData
GetSystemPaletteEntries
CreatePatternBrush
CreateRectRgn
CreateCompatibleBitmap
CombineRgn
CreateCompatibleDC
SelectObject
DeleteObject
CreateBitmap
GetStockObject

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Exports

Exports

CheckVnc
ClientSetModule
VncStartServer
VncStopServer

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f750dbb0a7159847eb2981dcebecb51

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ntdll

ws2_32

psapi

crypt32

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 6KB - Virtual size: 6KB