777d7aa06335bb90588efc4ed2d38156d2759f72bb88d2b8b9aeed24df8ceaa9

Sharing

Copy URL

Twitter E-mail

General

Target

777d7aa06335bb90588efc4ed2d38156d2759f72bb88d2b8b9aeed24df8ceaa9
Size

589KB
MD5

67d678e04d16ddb547fc92a6351f928c
SHA1

44cd80945b52995c948c3d0bd28c6bd6ddc9fc01
SHA256

777d7aa06335bb90588efc4ed2d38156d2759f72bb88d2b8b9aeed24df8ceaa9
SHA512

e81aea14396e0d624777244fad6c253aa1ce7eae846e048663d17a84e599c423f2467d66181391e4c43b741b1255f6d99486faf531849f93504dc12613da2a2b
SSDEEP

12288:zRVehLneuTngd1tK7gLGCrWCfYo4ZiIAGKdcyHW:zRV6LneuTnStye6CfYotIAdW

Score

N/A

Malware Config

Signatures

Files

777d7aa06335bb90588efc4ed2d38156d2759f72bb88d2b8b9aeed24df8ceaa9
.dll windows x86

9b66fdf15b065475a14b8c789e202b5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlSetEnvironmentVariable
RtlAppendAsciizToString
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlInitString
RtlFreeUnicodeString
RtlDestroyEnvironment
_strcmpi
LdrAccessResource
NtClose
NtDeleteKey
NtQueryKey
NtOpenKey
ZwAllocateVirtualMemory
RtlCreateEnvironment
NtWriteFile
NtCreateFile
NtQueryInformationThread
NtQueryObject
RtlDosPathNameToNtPathName_U
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlFreeHeap
RtlAllocateHeap
NtQueryValueKey
NtQueryVolumeInformationFile
DbgBreakPoint
RtlUnwind
NtDeleteValueKey
DbgPrint
NtQueryInformationFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlFormatCurrentUserKeyPath
NtQueryDirectoryFile
NtOpenFile
RtlQueryEnvironmentVariable_U
NtMapViewOfSection
NtCreateSection
NtUnmapViewOfSection
NtProtectVirtualMemory
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtQuerySystemInformation
NtQueryVirtualMemory
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlDoesFileExists_U
RtlGetFullPathName_U
RtlUnicodeStringToInteger
RtlExpandEnvironmentStrings_U
NtQueryAttributesFile
NtQueryInformationProcess
RtlGetVersion
NtSetInformationFile
RtlInitAnsiString
RtlGUIDFromString
NtEnumerateValueKey
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString
RtlCopyUnicodeString
RtlUpcaseUnicodeToMultiByteN
LdrFindResource_U

kernel32

SetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
OutputDebugStringA
IsBadWritePtr
GetLastError
InitializeCriticalSectionAndSpinCount
CloseHandle
DuplicateHandle
GetDriveTypeA
GetFileAttributesA
GetEnvironmentVariableA
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingW
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
FreeResource
SetFileAttributesA
CopyFileA
MoveFileA
GetTempFileNameA
DeleteFileA
IsBadStringPtrA
IsBadCodePtr
GetBinaryTypeW
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
WaitForSingleObject
SetEvent
ResetEvent
CreateThread
CreateEventW
WideCharToMultiByte
ExpandEnvironmentStringsW
GetFileAttributesW
GlobalFree
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetCurrentDirectoryW
GetVersionExW
QueryPerformanceCounter
QueryPerformanceFrequency
Module32First
CreateToolhelp32Snapshot
GetModuleHandleW
ExitProcess
CreateProcessW
FindResourceW
DeviceIoControl
CreateFileW
IsBadStringPtrW
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentThread
CompareStringA
LocalFree
LocalAlloc
lstrlenA
GetShortPathNameA
IsBadReadPtr
SetProcessAffinityMask
FindClose
FindNextFileW
CopyFileW
FindFirstFileW
GetWindowsDirectoryW
GetModuleFileNameW
GetVolumeNameForVolumeMountPointW
lstrlenW
GetShortPathNameW
GetDriveTypeW
GetLogicalDriveStringsW
SetFilePointer
ReadFile
MultiByteToWideChar
CreateProcessA
Sleep
GetEnvironmentVariableW
DeleteFileW
GetSystemWindowsDirectoryW
SetEnvironmentVariableW
IsDBCSLeadByte
FreeLibrary
LoadLibraryW
GetCurrentProcessId
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
HeapCreate
HeapAlloc
HeapFree
HeapReAlloc
ReleaseMutex
GetLocalTime
CreateMutexA
VirtualProtect
InterlockedCompareExchange
GetSystemInfo
DebugBreak
InterlockedDecrement
InterlockedIncrement
GetLongPathNameW
GetFullPathNameW
lstrcmpiW
SearchPathW
GlobalAlloc
TlsSetValue
GetVersionExA
TlsFree
TlsGetValue
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
WriteFile
InterlockedExchange
VirtualQuery
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
GetUserDefaultUILanguage
lstrcmpiA
GetCommandLineA

user32

IsWindowVisible
PostMessageA
EnumDisplaySettingsA
ChangeDisplaySettingsA
IsCharAlphaA
GetActiveWindow
GetDC
ReleaseDC
DefWindowProcA
IsWindow
CharNextA
CharUpperW
EnumDisplaySettingsW
GetSystemMetrics
wvsprintfA
SetForegroundWindow
ShowCursor

gdi32

GetObjectType
DeleteObject
GetCurrentObject
GetPaletteEntries
SetSystemPaletteUse
CreatePalette
SelectPalette
GetDIBits
CreateDIBSection
CreateCompatibleDC
SetViewportOrgEx
GetDeviceCaps
RealizePalette
DeleteDC

advapi32

RegOpenKeyW
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetUserNameW
RegCreateKeyW
RegQueryValueExA
RegSetValueExA
RegEnumKeyExW
OpenProcessToken
OpenThreadToken
GetTokenInformation
CopySid
RegEnumKeyW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
LookupPrivilegeValueW

shell32

SHGetFolderPathA
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetMalloc

shlwapi

StrRStrIA
StrCmpNIA

ole32

CoInitialize

userenv

GetUserProfileDirectoryA
GetAllUsersProfileDirectoryW
GetUserProfileDirectoryW

winspool.drv

GetPrinterA
ord201
ClosePrinter
OpenPrinterA
EnumPrintersA
ord203

Exports

Exports

GetHookAPIs
NotifyShims

Sections

.text
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b66fdf15b065475a14b8c789e202b5c

Headers

File Characteristics

Imports

ntdll

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

userenv

winspool.drv

Exports

Exports

Sections

.text Size: 346KB - Virtual size: 345KB

.data Size: 22KB - Virtual size: 35KB

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 25KB - Virtual size: 25KB

.rmnet Size: 67KB - Virtual size: 68KB

.text Size: 62KB - Virtual size: 64KB

.text
Size: 346KB - Virtual size: 345KB

.data
Size: 22KB - Virtual size: 35KB

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 25KB - Virtual size: 25KB

.rmnet
Size: 67KB - Virtual size: 68KB

.text
Size: 62KB - Virtual size: 64KB