715b89c17f1f424b2a8d7e0a920fae3de636dde9902bbff053e2c8b0a9d9e3e3

Sharing

Copy URL Twitter E-mail

General

Target

715b89c17f1f424b2a8d7e0a920fae3de636dde9902bbff053e2c8b0a9d9e3e3
Size

140KB
MD5

69dc304e42ab88c46b77ba13c140f42f
SHA1

173760e8747be2d225341aae85fecafd44850e77
SHA256

715b89c17f1f424b2a8d7e0a920fae3de636dde9902bbff053e2c8b0a9d9e3e3
SHA512

362411097a027ca74c54808b4fb7f738d968afa71ee961a0304ce16232bd9d7a24ba436b16cd06369b93debfb589ceef929e8855690cc758ed74c9399114c101
SSDEEP

3072:3QOwF2rOUrT78ooELAEn+X0WpRI0hYKUQ6rPFuDa9ZnL7o:pwrGGEn+XtI0ChQY9u2f

Score

N/A

Malware Config

Signatures

Files

715b89c17f1f424b2a8d7e0a920fae3de636dde9902bbff053e2c8b0a9d9e3e3
.dll windows x86

6fc25ed788070df10489974a012c0b97

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

gdi32

DeleteDC
GetDIBits
CreateFontIndirectA
SetTextColor
SetBkMode
CreateDIBSection
CreateDCA
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetStockObject
SelectPalette
DeleteObject
RealizePalette

psapi

GetModuleFileNameExA
EnumProcessModules

ws2_32

WSAStartup
socket
WSAGetLastError
ntohs
WSACleanup
send
recv
closesocket
select
inet_addr
gethostbyname
inet_ntoa
setsockopt
htons
connect

winmm

waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInReset
waveInOpen
waveInClose

kernel32

ExitThread
FreeLibrary
CloseHandle
CreateThread
GetTickCount
GetProcAddress
LoadLibraryA
DeleteFileA
GetVersionExA
GetLastError
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetDiskFreeSpaceA
GetDriveTypeA
GetLogicalDrives
GetModuleHandleA
GlobalMemoryStatus
GetCurrentProcessId
WinExec
CopyFileA
MoveFileExA
GetModuleFileNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
OpenProcess
WaitForSingleObject
CreateRemoteThread
GetVersion
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
WideCharToMultiByte
TerminateProcess
SetPriorityClass
SuspendThread
Thread32Next
Thread32First
ResumeThread
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetVolumeInformationA
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToFileTime
GetLocalTime
CreateDirectoryA
SetFileAttributesA
GetFileAttributesA
RemoveDirectoryA
MoveFileA
GetFileTime
CreateFileA
SetFileTime
TerminateThread
GetExitCodeThread
LocalFree
LocalAlloc
GetWindowsDirectoryA
GetSystemTime
OutputDebugStringA
WriteFile
GetStdHandle
FreeConsole
WriteProcessMemory
VirtualAllocEx
MultiByteToWideChar
Module32Next
Module32First
GetSystemDirectoryA
SetLastError
ReadFile
CreateProcessA
GetStartupInfoA
CreatePipe
GetSystemDefaultLangID
FileTimeToSystemTime
GetFileSize
InterlockedDecrement
GetPrivateProfileStringA
CreateMutexA
GlobalSize
lstrlenA
GetComputerNameA

user32

GetDesktopWindow
RedrawWindow
DrawTextA
SendMessageA
mouse_event
keybd_event
GetDC
ReleaseDC
OpenInputDesktop
GetUserObjectInformationA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
PostMessageA
CloseWindowStation
CloseDesktop
MessageBoxA
ExitWindowsEx
GetForegroundWindow
GetMessageA
PostThreadMessageA
GetSystemMetrics

advapi32

GetTokenInformation
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyA
RegEnumKeyA
RegCreateKeyA
RegDeleteKeyA
CloseServiceHandle
QueryServiceConfigA
QueryServiceConfig2A
OpenServiceA
EnumServicesStatusExA
LookupAccountSidA
RegisterServiceCtrlHandlerA
OpenSCManagerA
DeleteService
SetServiceStatus
CreateServiceA
ChangeServiceConfig2A
QueryServiceStatusEx
ChangeServiceConfigA
StartServiceA
QueryServiceStatus
ControlService

ole32

CoCreateInstance
OleRun
CoTaskMemFree
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
SysAllocString
GetErrorInfo
SysFreeString

msvfw32

ICClose
ICOpen
ICSendMessage
ICCompress
ICImageCompress

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
isdigit
strtoul
strtok
malloc
free
strcat
sprintf
strstr
strrchr
fopen
fwrite
fclose
printf
memcmp
strncmp
strchr
memset
strlen
strcpy
memcpy
fprintf
_vsnprintf
_ftol
_strrev
strcmp
fread
fseek
abs
_strdate
_strtime
wcstombs
_CxxThrowException
strncat
_except_handler3
rand
fputc
fgetc
time
wcslen
_CIacos
_CIpow
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_strnicmp
_stricmp
_strlwr
__CxxFrameHandler
strncpy
atoi

Exports

Exports

InstallRT
InstallSA
InstallSB
InstallServiceA
InstallServiceB
PSLIST
ServiceMain
UninstallRT
UninstallSA
UninstallSB
UninstallServiceA
UninstallServiceB

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fc25ed788070df10489974a012c0b97

Headers

File Characteristics

Imports

shell32

gdi32

psapi

ws2_32

winmm

kernel32

user32

advapi32

ole32

oleaut32

msvfw32

msvcrt

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 28KB - Virtual size: 496KB

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 28KB - Virtual size: 496KB

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 12KB - Virtual size: 8KB