584490f583ebf6d83cee81a243c2d7bd0e2905eea33f25f29eaac2ab37e29195

Sharing

Copy URL Twitter E-mail

General

Target

584490f583ebf6d83cee81a243c2d7bd0e2905eea33f25f29eaac2ab37e29195
Size

88KB
MD5

6aec149ba19aedcf25cc44bb15a116d1
SHA1

4a60efa552a91c0a2a4081f238cbcf1f99cd4425
SHA256

584490f583ebf6d83cee81a243c2d7bd0e2905eea33f25f29eaac2ab37e29195
SHA512

4304f0ff5ce41d21c9dc974e2dddc887c92101b964010715e4b88f74305fc933228c3c00776dba97c73b1429f8a0c35fc0b898d44ef2a3a4ae7de1fe0ac968c1
SSDEEP

1536:rSgcPe5kuekQKNI9b/ZLzGygn87//lGs/tc+EqfvisytSp0tS5zn4AmCmvX:rrb5kuex9bBLzbgM/t5EsvisF0ezn4AY

Score

N/A

Malware Config

Signatures

Files

584490f583ebf6d83cee81a243c2d7bd0e2905eea33f25f29eaac2ab37e29195
.dll windows x86

a304e6534eae6d72f9c90197777fd027

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
FreeConsole
LocalSize
LocalReAlloc
lstrcmpiA
GetCurrentThreadId
DeleteCriticalSection
GetStartupInfoA
GlobalSize
GlobalAlloc
GlobalLock
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
SetEvent
InterlockedExchange
CancelIo
Sleep
DeleteFileA
lstrlenA
ReadFile
SetFilePointer
CreateFileA
GetProcAddress
LoadLibraryA
GetLastError
SetLastError
LocalFree
GetFileAttributesA
lstrcatA
GetSystemDirectoryA
InitializeCriticalSection
CreateProcessA
GlobalUnlock
GlobalFree
LocalAlloc
UnmapViewOfFile
HeapAlloc
GetProcessHeap
HeapFree
CreateFileMappingA
MapViewOfFile
GetLocalTime
GetCurrentProcess
GetFileSize
WriteFile
GetTickCount
MoveFileA
MoveFileExA
TerminateThread
OpenProcess
FreeLibrary
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread

user32

IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
EnumWindows
CloseDesktop
SetThreadDesktop
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
GetCursorInfo
GetCursorPos
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
OpenInputDesktop
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
SystemParametersInfoA
SendMessageA
BlockInput
DestroyCursor
LoadCursorA
UnhookWindowsHookEx
SetWindowsHookExA
wsprintfA
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
CreateWindowExA
CloseWindow
IsWindow
GetClipboardData
GetWindowTextA
GetActiveWindow
GetKeyNameTextA
CallNextHookEx
PostMessageA

gdi32

CreateDIBSection
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
GetDIBits
CreateCompatibleBitmap
SelectObject

advapi32

GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
SetServiceStatus
RegisterServiceCtrlHandlerA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegEnumValueA
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegEnumKeyExA

shlwapi

SHDeleteKeyA

msvcrt

_strcmpi
??3@YAXPAX@Z
memmove
ceil
_ftol
strlen
strstr
__CxxFrameHandler
memset
??2@YAPAXI@Z
memcmp
_CxxThrowException
_except_handler3
strncpy
strcat
strcpy
strrchr
malloc
strchr
strncat
realloc
atoi
wcstombs
_beginthreadex
calloc
free
??1type_info@@UAE@XZ
_strnicmp
memcpy

ws2_32

ntohs
recv
select
send
getsockname
closesocket
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup
gethostname

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

msvfw32

ICSeqCompressFrame
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSeqCompressFrameStart

Exports

Exports

caonimama
xiaobing
xiaohua
xiaowen
xiaoxiao

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a304e6534eae6d72f9c90197777fd027

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

msvcrt

ws2_32

imm32

wininet

msvfw32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 8KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 960B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 8KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 960B

.reloc
Size: 4KB - Virtual size: 3KB