fd9a6ca0b5f548c10f2c7f5afd3dcc63864bce8f4c5d7cb65c6d02a6f55cfb47

Sharing

Copy URL Twitter E-mail

General

Target

fd9a6ca0b5f548c10f2c7f5afd3dcc63864bce8f4c5d7cb65c6d02a6f55cfb47
Size

252KB
MD5

1a6eddc070de875540f812a028d31e50
SHA1

e043f06ad41e3016ec2d72aeac5303d1dc14ea7a
SHA256

fd9a6ca0b5f548c10f2c7f5afd3dcc63864bce8f4c5d7cb65c6d02a6f55cfb47
SHA512

43d799a0bb6e14a7bc73aafe908ee3066024ab292810bc5ae745413699aa8c6b2858f3f19f7fcdf1763e4977e6ad7c5455ff913f3298d8f5aae343826d394f46
SSDEEP

3072:kYglJRVqBh6wpVwGs5m5tEA346FO5F3zyY7IZGptOq5LSx/tcDaAnYVBBCaCVFky:cdqBhbWCuFpyq5SXyaAn8jYFW

Score

N/A

Malware Config

Signatures

Files

fd9a6ca0b5f548c10f2c7f5afd3dcc63864bce8f4c5d7cb65c6d02a6f55cfb47
.dll windows x86

98bd347be99c6ea9d34c4596ddd7ed77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle

ws2_32

WSACleanup
inet_addr
WSAStartup

kernel32

FindResourceExW
GetLastError
MultiByteToWideChar
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
CloseHandle
CreateMutexW
ReadFile
GetFileSize
CreateFileW
GetModuleFileNameW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
SetLastError
GetThreadLocale
GlobalHandle
lstrlenA
LoadLibraryW
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
LCMapStringW
WideCharToMultiByte
LCMapStringA
FindResourceW
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
HeapCreate
GetCommandLineA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
RaiseException
lstrlenW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
TlsFree
GetConsoleCP
GetConsoleMode

user32

SetDlgItemTextW
EndDialog
SetWindowContextHelpId
EnableMenuItem
SendDlgItemMessageW
EnableWindow
LoadBitmapW
UnregisterClassA
GetSystemMenu
GetActiveWindow
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
DestroyAcceleratorTable
IsWindow
SetFocus
GetFocus
GetWindow
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetSysColor
DefWindowProcW
LoadImageW
SetWindowTextW
SendMessageW
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
CharNextW
GetWindowLongW
SetWindowLongW
MapDialogRect

gdi32

CreateBrushIndirect
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetDeviceCaps
CreateSolidBrush

advapi32

RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CLSIDFromString
StringFromGUID2
CoCreateInstance
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemAlloc

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysStringByteLen
SysAllocStringLen

shlwapi

SHGetValueW

Exports

Exports

AbortWarn
ActivateSetup
CheckBaiduIntranet
CheckRun
CleanUpPendingOperation
GetOriginalTn
GetTn
GetTnInfo
IsOldVersion
Report
SelectFordDialog
SetControlImage
SetLicense

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

98bd347be99c6ea9d34c4596ddd7ed77

Headers

File Characteristics

Imports

version

iphlpapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 16KB - Virtual size: 12KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 16KB - Virtual size: 12KB

.rmnet
Size: 60KB - Virtual size: 60KB