3eb9e3f9bcd374133e408b395a6d96dde16c8cf964ffa3d691759326897a6ea5

Sharing

Copy URL Twitter E-mail

General

Target

3eb9e3f9bcd374133e408b395a6d96dde16c8cf964ffa3d691759326897a6ea5
Size

224KB
MD5

6babf0d20949c824e25b29b6df6e4cb0
SHA1

a5dc5970c4aa11fe97db85bd3159616ed4182659
SHA256

3eb9e3f9bcd374133e408b395a6d96dde16c8cf964ffa3d691759326897a6ea5
SHA512

86607a8ba49250664f0d005471078c4727a5de4f976c7cfa34f438c881d9a274e98e72fe3d436f936599e16f8fbd61be66f47a80a351b11b60cf240721c5218e
SSDEEP

3072:NiJ0imeBZfqdKe0y0IVGnqcxikpo8Tch6d+kmJeTl1eDUgtTuYAl5bx2znH:NCJZftetpVGlpo8Tc0d+kmieZAl1Ub

Score

N/A

Malware Config

Signatures

Files

3eb9e3f9bcd374133e408b395a6d96dde16c8cf964ffa3d691759326897a6ea5
.dll windows x86

fd4128c3323b291d660a13dfa71eaf6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
HeapFree
FreeLibrary
GetModuleHandleA
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
CreateThread
MoveFileExA
CreateDirectoryA
WaitForSingleObject
CreateMutexA
ReleaseMutex
InitializeCriticalSection
GetExitCodeThread
TerminateThread
CreateProcessA
GetProcAddress
LoadLibraryA
FindClose
FindNextFileA
FindFirstFileA
GetTickCount
InterlockedIncrement
MapViewOfFile
CreateFileMappingA
DeviceIoControl
GlobalFree
LoadLibraryExA
GlobalAlloc
GlobalMemoryStatus
MultiByteToWideChar
WideCharToMultiByte
ReadFile
GetSystemDirectoryA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
GetProcessId
VirtualQuery
MoveFileA
LocalFree
GetCommandLineW
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetModuleHandleW
GetModuleFileNameW
GetThreadContext
CreateProcessW
SetFileTime
SystemTimeToFileTime
GetSystemTime
GetLocalTime
VirtualQueryEx
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
FileTimeToSystemTime
GetFileInformationByHandle
UnmapViewOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
TerminateProcess
GetVersionExA
lstrcmpiA
lstrcpyA
lstrlenA
lstrcatA
GetCurrentProcessId
SetCurrentDirectoryA
CreateFileA
SetFilePointer
WriteFile
GetModuleFileNameA
CopyFileA
Sleep
DeleteFileA
ExitProcess
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
CloseHandle
GetCurrentProcess
GetLastError
FlushFileBuffers
RaiseException
SetStdHandle
GetStringTypeW
GetStringTypeA
InterlockedDecrement
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
IsBadWritePtr
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

GetDesktopWindow
wsprintfA

advapi32

DeleteService
ControlService
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegCloseKey
DuplicateTokenEx
SetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
QueryServiceStatusEx

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW
ShellExecuteA

shlwapi

StrStrIA

wsock32

WSAStartup
gethostbyname
gethostname
inet_addr

Exports

Exports

IfInLoadFPath
IfInLoadFPathv2
InWorld
Work
checksetupok
test_work

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd4128c3323b291d660a13dfa71eaf6d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

wsock32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 133KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 136KB - Virtual size: 133KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 12KB - Virtual size: 8KB