a8d0a30389d3836b05497570784a64b5f63fef289131192307a704b2c6152d11

Sharing

Copy URL Twitter E-mail

General

Target

a8d0a30389d3836b05497570784a64b5f63fef289131192307a704b2c6152d11
Size

74KB
MD5

1588e1927d0e3cfcb02bdf8c8ad15df7
SHA1

9c62ac21925bbbc5c153e144ff928909f4542fb6
SHA256

a8d0a30389d3836b05497570784a64b5f63fef289131192307a704b2c6152d11
SHA512

10029e537e0f733e03f25efc247ac2d8e5702ffb1b9b3d55c1b7fb3dded899a0c5d1c9f7c23ec09db92fd8eded7cb1626911098776bf74a95dc2fb7f90a9e6f8
SSDEEP

1536:DWKOPn7C+H3PjNJhbHczgHg/Fy741vocL:qNP7Cqbbm/Fr1

Score

N/A

Malware Config

Signatures

Files

a8d0a30389d3836b05497570784a64b5f63fef289131192307a704b2c6152d11
.dll windows x86

e76ceebd9ed3b501b44dbb8ce825fa7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
CreateFileA
CreateEventA
SleepEx
PulseEvent
WriteFile
OpenEventA
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
DisableThreadLibraryCalls
ReadDirectoryChangesW
GetFileAttributesExA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
InterlockedIncrement
InterlockedDecrement
FreeLibraryAndExitThread
VirtualFree
VirtualProtect
VirtualAlloc
Process32Next
MapViewOfFile
CreateToolhelp32Snapshot
Module32Next
Module32First
GetCurrentProcessId
VirtualQuery
GetSystemInfo
GetProcAddress
Thread32Next
Thread32First
QueryDosDeviceA
OpenProcess
TerminateProcess
lstrlenW
GetVersionExA
FindNextFileA
FindFirstFileA
MultiByteToWideChar
ReadFile
CreatePipe
GetModuleHandleA
GetLastError
GetFileSize
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CloseHandle
CreateThread
WaitForSingleObject
ReleaseMutex
GetTempPathA
GetTempFileNameA
Sleep
CreateProcessA
WinExec
CopyFileA
SetFileAttributesA
FreeLibrary
CreateMutexA
LoadLibraryA
Process32First

user32

GetWindowThreadProcessId
CallNextHookEx
PrintWindow
UnhookWindowsHookEx
SetTimer
GetWindowRect
GetClientRect
IsRectEmpty
GetWindowDC
GetDC
GetDesktopWindow
MessageBoxA
ShowWindow
KillTimer
SendMessageA
GetDlgItem
SetWindowPos
OffsetRect
GetParent
EnumWindows
EnumChildWindows
GetClassNameA
GetWindowTextA
EnumDesktopWindows
IsWindow
DialogBoxParamA
GetDlgItemTextA
SetDlgItemTextA
SetWindowsHookExA

gdi32

GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
CreateCompatibleDC
DeleteObject
DeleteDC

advapi32

RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegCloseKey

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear

msvcp60

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

wininet

HttpEndRequestA
HttpSendRequestA
HttpAddRequestHeadersA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestExA
InternetWriteFile
HttpQueryInfoA
InternetCrackUrlA
InternetOpenA
InternetConnectA

urlmon

URLDownloadToFileA

ws2_32

WSACleanup
closesocket
setsockopt

shell32

SHGetFolderPathA

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

_mbsrchr
_mbsnbcpy
_mbsicmp
_mbstok
atoi
strlen
_mbschr
__CxxFrameHandler
strcat
strcpy
sprintf
??2@YAPAXI@Z
clock
_mbsstr
memmove
_mbslwr
wcsstr
abs
_ltoa
strstr
atol
printf
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
memset
strncpy
memcmp
_ismbcprint
_snprintf
_mbsupr
_CxxThrowException
_mbscmp
free
wcscmp
memcpy
_memicmp
_initterm
_adjust_fdiv
malloc

gdiplus

GdiplusStartup
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToStream

comctl32

ord17

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

Exports

Exports

?GetOS@Utility@@SAKXZ
_LOADLIBRARY_DUMMY

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e76ceebd9ed3b501b44dbb8ce825fa7c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp60

wininet

urlmon

ws2_32

shell32

psapi

shlwapi

msvcrt

gdiplus

comctl32

iphlpapi

rpcrt4

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB