50527b7215ac41060f84727d222e28ef35ca9f32ba13927a8c399391af640bb6

Sharing

Copy URL Twitter E-mail

General

Target

50527b7215ac41060f84727d222e28ef35ca9f32ba13927a8c399391af640bb6
Size

291KB
MD5

1e5fd6faed42dd9d5919db28ae269180
SHA1

331b89906d2aef234e6a39d8b1e4ae92911031b4
SHA256

50527b7215ac41060f84727d222e28ef35ca9f32ba13927a8c399391af640bb6
SHA512

7b0b43ff5f481fd6926aa81b3d0ee1369988e68bfac93b33f48cd350a63a4ec608f42fb3558b6ead4f02d0c9c705b757b3636535a45d09bfb3529af55a2de883
SSDEEP

3072:gn6TMqKuW8ER2h5IEdVUrbP/A9WdbwIZKBJv7XYZ:gnu3KuWVxrbQAdbD+Do

Score

N/A

Malware Config

Signatures

Files

50527b7215ac41060f84727d222e28ef35ca9f32ba13927a8c399391af640bb6
.dll windows x86

0d499402a27f0c6b7bb1808e3ad87b35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
HeapFree
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
CreateToolhelp32Snapshot
GetCurrentProcessId
Module32First
CloseHandle
Module32Next
GetProcAddress
VirtualProtect
GetModuleFileNameA
SetThreadPriority
Sleep
ExitProcess
CreateThread
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
OpenProcess
FlushFileBuffers
CreateFileA
LoadLibraryA
MultiByteToWideChar
VirtualQuery
WideCharToMultiByte
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetCurrentThreadId
GetCommandLineA
RaiseException
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

SetWindowsHookExA
GetWindowThreadProcessId
FindWindowA
CallNextHookEx
UnhookWindowsHookEx

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

Exports

Exports

GG_AddNameLevel
GG_InstallDLLByName
GG_InstallDLLByProcessID
GG_Installed
GG_RemoveNameLevel
GG_SetNickLevel
GG_UnInstallDLL

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hjsdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0d499402a27f0c6b7bb1808e3ad87b35

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 53KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 7KB - Virtual size: 14KB

.hjsdata Size: 152KB - Virtual size: 151KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 7KB - Virtual size: 14KB

.hjsdata
Size: 152KB - Virtual size: 151KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

.rmnet
Size: 56KB - Virtual size: 60KB