29c562a9dd2062a04b5a7325abcbbbc6e996cb490e2fdf5a43599e9be2a02fbf

Sharing

Copy URL Twitter E-mail

General

Target

29c562a9dd2062a04b5a7325abcbbbc6e996cb490e2fdf5a43599e9be2a02fbf
Size

338KB
MD5

4d35f1a72a1bfb6bb2920b1374646ac0
SHA1

df9a1c74b3440ab01d55136e53efe63490e96a7e
SHA256

29c562a9dd2062a04b5a7325abcbbbc6e996cb490e2fdf5a43599e9be2a02fbf
SHA512

ffce775983c3a34bc52f01571d3452f673692d9aafffbf3a96bb558ee68fd11a553f75902ed9c171414da23da7e80c51e6c76e9c614225d0d55d93aa7fc5e481
SSDEEP

6144:m9W9cAVRPNZsQS1BfEdcFWh8elflfWtsodwt3JsRSszf:uWyAVRlWQS1KWFWu+flf6s7JsRz

Score

N/A

Malware Config

Signatures

Files

29c562a9dd2062a04b5a7325abcbbbc6e996cb490e2fdf5a43599e9be2a02fbf
.dll windows x86

8bf42dc33a29874c96a7af59ae1e3ed2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
FindResourceW
FindResourceExW
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeLibrary
LocalFree
OpenProcess
CloseHandle
GetCurrentProcess
GetModuleHandleA
TerminateProcess
GetTickCount
GetCurrentProcessId
LockResource
InterlockedIncrement
RaiseException
DeleteCriticalSection
GetCurrentThreadId
WriteConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
IsProcessorFeaturePresent
GetStringTypeW
GetLocaleInfoW
CreateFileW
GetModuleFileNameW
GetStdHandle
SizeofResource
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetLastError
WriteFile
SetLastError
LocalAlloc
InterlockedExchange
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
Sleep
InitializeCriticalSection
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
CompareStringW
GetCPInfo
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

PostMessageA
GetForegroundWindow
IsWindow
GetKeyState
KillTimer
SetTimer
CallNextHookEx
RegisterWindowMessageA
CharLowerBuffA
GetWindowLongA
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetClassNameA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

crashHandler
initXTN

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8bf42dc33a29874c96a7af59ae1e3ed2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 207KB - Virtual size: 207KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 7KB - Virtual size: 17KB

.shared Size: 512B - Virtual size: 8B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 21KB - Virtual size: 20KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 207KB - Virtual size: 207KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 7KB - Virtual size: 17KB

.shared
Size: 512B - Virtual size: 8B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 21KB - Virtual size: 20KB

.rmnet
Size: 56KB - Virtual size: 60KB