6c65ec68a00ff163d9f3a4644f06df1b60e6ea0c7c72097dc21fb400ccced1fc

Sharing

Copy URL

Twitter E-mail

General

Target

6c65ec68a00ff163d9f3a4644f06df1b60e6ea0c7c72097dc21fb400ccced1fc
Size

504KB
MD5

2d3e3ab7bf778b243fbcc06c96e8d400
SHA1

4c6b917faef176a6662ae4530d172482484e3576
SHA256

6c65ec68a00ff163d9f3a4644f06df1b60e6ea0c7c72097dc21fb400ccced1fc
SHA512

5e9ac060fa614b1e22cfc4e8df85c919f133468977dbf667b02425d4a460842c99b84cdc5d53b0bc9c4a07beb0b484cb1b82d008ac2c7aa90dbea97ae97757ee
SSDEEP

12288:L6fQAHN1xscHAkB+d5mZFy7YB6lfGLTsg0Q:LAQAHX3HAkw5mzHR

Score

N/A

Malware Config

Signatures

Files

6c65ec68a00ff163d9f3a4644f06df1b60e6ea0c7c72097dc21fb400ccced1fc
.dll windows x86

ac4b42784084c80c256af591751c8faa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
OpenProcess
VirtualFree
VirtualAlloc
Sleep
SetThreadAffinityMask
GetCurrentThread
GetProcessAffinityMask
Module32Next
IsBadReadPtr
FindResourceA
GetFullPathNameA
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
WriteProcessMemory
VirtualProtectEx
Process32Next
GetModuleHandleA
Process32First
lstrcpyA
CreateThread
GetLastError
ReadFile
GetFileSize
OpenEventA
GetModuleFileNameA
ExitProcess
TerminateProcess
WriteFile
SetFilePointer
FlushFileBuffers
RtlUnwind
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
CreateFileA
DeviceIoControl
CloseHandle
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
lstrcmpiA
GetTickCount
GetCommandLineA
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
SetStdHandle

user32

MessageBoxA
FindWindowA
FindWindowExA
GetWindowThreadProcessId
wsprintfA
SendMessageA

advapi32

GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
OpenProcessToken

Exports

Exports

SDDynDll01
SDDynDll02
SDDynDll03
SDDynDll04
SDDynDll05
SDDynDll06
SDDynDll07
SDDynDll08

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data0
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 348KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac4b42784084c80c256af591751c8faa

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 58KB

.rsrc Size: 4KB - Virtual size: 928B

.data0 Size: 8KB - Virtual size: 4KB

.data1 Size: 348KB - Virtual size: 345KB

.reloc Size: 4KB - Virtual size: 1KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 58KB

.rsrc
Size: 4KB - Virtual size: 928B

.data0
Size: 8KB - Virtual size: 4KB

.data1
Size: 348KB - Virtual size: 345KB

.reloc
Size: 4KB - Virtual size: 1KB

.rmnet
Size: 60KB - Virtual size: 60KB