e48186452e623bf665756689d1adc56960b249c4292e34eec942ee47c825ba0a

Sharing

Copy URL Twitter E-mail

General

Target

e48186452e623bf665756689d1adc56960b249c4292e34eec942ee47c825ba0a
Size

151KB
MD5

4fdba27a4aa371f5662ebcdcbd616900
SHA1

aa685f7e9bada220c6ea5660d003566ab344c8ef
SHA256

e48186452e623bf665756689d1adc56960b249c4292e34eec942ee47c825ba0a
SHA512

a3198c29f86fa9a08d184f3b12d4c6a9f814410f0196e5d55503773bb28d553684bf13a569c7c95990f54c6ba954e886f9b9f82966e825c48aa87bfb99e5c462
SSDEEP

3072:Yx6ufIob+KTDkclqIfJ6QdE45vobh/WQeWCIovIchiHdwXkJ9:2biKEclqSg45vobd9eW8IchYdw0J9

Score

N/A

Malware Config

Signatures

Files

e48186452e623bf665756689d1adc56960b249c4292e34eec942ee47c825ba0a
.dll windows x86

831f949ba050751452f71d141c62f6eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_aligned_malloc
_wcsnicmp
_strnicmp
__CxxFrameHandler3
_wcsicmp
wcsncmp
memset
memmove
toupper
strstr
_stricmp
wcstombs
wcsstr
memcpy
free
malloc
towlower
iswctype
_vsnprintf
realloc
??3@YAXPAX@Z
??2@YAPAXI@Z
_strlwr
wcspbrk
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_except_handler4_common
_amsg_exit
_initterm
_XcptFilter
tolower
_aligned_free
calloc
wcschr
_CxxThrowException

ntdll

NtClose
RtlFreeHeap
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
NtQueryInformationProcess
RtlInitUnicodeString
RtlFormatCurrentUserKeyPath
NtWriteFile
NtCreateFile
RtlAllocateHeap
NtQueryValueKey
NtOpenKey
RtlInterlockedPopEntrySList
RtlInitializeSListHead

kernel32

AddVectoredExceptionHandler
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
SetLastError
VirtualAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
DebugBreak
GetCurrentProcessId
OutputDebugStringA
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
InterlockedIncrement
InterlockedDecrement
HeapAlloc
GetProcessHeap
HeapFree
GetLocalTime
WaitForSingleObject
SetFilePointer
MultiByteToWideChar
CreateMutexW
ReleaseMutex
WideCharToMultiByte
GetCommandLineW
lstrlenW
GetFileAttributesW
FindFirstFileW
FileTimeToSystemTime
CreateFileW
GetFileSize
CloseHandle
FindClose
IsWow64Process
GetWindowsDirectoryA
GetSystemWow64DirectoryW
ExpandEnvironmentStringsW
lstrlenA
ExpandEnvironmentStringsA
GetSystemInfo
VirtualQuery
GetLastError

advapi32

RegQueryValueA
RegOpenKeyExA
RegCloseKey

version

GetFileVersionInfoA
VerQueryValueA

Exports

Exports

GetHookAPIs
NotifyShims

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

831f949ba050751452f71d141c62f6eb

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

version

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 3KB

.text Size: 108KB - Virtual size: 112KB

.text
Size: 36KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 108KB - Virtual size: 112KB