6da2b03f9b050192d2c12be6374f5813313cbdaa4ff9b66436ca4ae2c22c60c0

Sharing

Copy URL

Twitter E-mail

General

Target

6da2b03f9b050192d2c12be6374f5813313cbdaa4ff9b66436ca4ae2c22c60c0
Size

39KB
MD5

0082209cf3a73f9b0cc09aa49f1989ef
SHA1

6418fb44d45d0718c6eece5de82618cb2da34eeb
SHA256

6da2b03f9b050192d2c12be6374f5813313cbdaa4ff9b66436ca4ae2c22c60c0
SHA512

e059f2cdcc170a7379ab707470280540dd9c4da499df1c4241d50f1e0c4ab0a9a0ae6f85108ed004688b341c7dd59ed5c892f80e9b0d1b5fb310b5cde814a7f4
SSDEEP

768:VEL406dCeGoOIfLZT0Y+RxdHSlgJDtNONve:yL4NUeGopfVTl+Rxdylfv

Score

N/A

Malware Config

Signatures

Files

6da2b03f9b050192d2c12be6374f5813313cbdaa4ff9b66436ca4ae2c22c60c0
.dll windows x86

bb8cbda5726591ee3a1f71ed46ea74b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

isleadbyte
__mb_cur_max
mbtowc
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
fclose
_wtoi
fgetws
feof
_wfopen
wcsncmp
??_V@YAXPAX@Z
??_U@YAPAXI@Z
strstr
_strcmpi
time
wcslen
wcsstr
??2@YAPAXI@Z
rand
srand
strlen
memcpy
memset
_wcslwr
_errno
_iob
_snprintf
_itoa
wctomb
ferror
_isatty
_write
_lseeki64
_fileno
??3@YAXPAX@Z
__pioinfo
__badioinfo
wcscmp
_except_handler3

kernel32

GetTickCount
WaitForSingleObject
CloseHandle
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
OutputDebugStringA
SetFileTime
SystemTimeToFileTime
SetEndOfFile
WideCharToMultiByte
DeleteFileA
GetPrivateProfileStringW
GlobalFree
GetTempPathW
CreateEventW
GetExitCodeThread
LoadLibraryA
WriteProcessMemory
VirtualAllocEx
GetModuleFileNameA
GetCurrentProcess
CreateThread
IsDebuggerPresent
GetModuleFileNameW
RaiseException
GetProcAddress
GetModuleHandleA
CreateProcessA
GetSystemDirectoryA
CreatePipe
SetFilePointer
GetFileSize
GetLastError
CreateFileA
WriteFile
CreateFileW
ReadFile
GetLocalTime

advapi32

RegOpenKeyExW
RegCreateKeyExA
RegCloseKey
RegQueryValueExW
RegEnumKeyW
RegOpenKeyExA
RegSetValueExW

shell32

SHGetSpecialFolderPathW

winhttp

WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryOption
WinHttpReadData
WinHttpQueryHeaders
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpAddRequestHeaders

iphlpapi

GetAdaptersInfo

ws2_32

gethostname
gethostbyname
inet_addr
inet_ntoa

shlwapi

PathUnExpandEnvStringsW

Exports

Exports

QueryInfo
StartEvora

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb8cbda5726591ee3a1f71ed46ea74b6

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

shell32

winhttp

iphlpapi

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB