aa1b516a546185f89b2da524bb593c51d4ebebbfb7bb83a7990e6da50df533a6

Sharing

Copy URL

Twitter E-mail

General

Target

aa1b516a546185f89b2da524bb593c51d4ebebbfb7bb83a7990e6da50df533a6
Size

148KB
MD5

246ee48e6365e7ca619c184a08fb2c40
SHA1

1f3a18648961d22836316e6275c9fc5c785ee405
SHA256

aa1b516a546185f89b2da524bb593c51d4ebebbfb7bb83a7990e6da50df533a6
SHA512

0f69fc9253889f6cf415ddc1660ea2483ea20354d642e7e9e4d1c93a2efe7390b20d452ca185cc98ed1d1793ec9dc31112ab3b6985c1fe99e8125ff219ba66ee
SSDEEP

3072:xHNIjFagzS+8NDdeA9DQ2G/O2pB+zcZbvdpe7VNS:/IjoE8bP0NpBw0FpeR

Score

N/A

Malware Config

Signatures

Files

aa1b516a546185f89b2da524bb593c51d4ebebbfb7bb83a7990e6da50df533a6
.dll windows x86

e99bd711f8e9a2c70ff67ef84568ff10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

msvcrt

??3@YAXPAX@Z
memcpy
memmove
ceil
_ftol
strlen
strstr
__CxxFrameHandler
memset
_strnset
_strrev
_strnicmp
_strupr
_strcmpi
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
_beginthreadex
wcstombs
realloc
strncat
wcscpy
_errno
strncmp
_snprintf
atoi
strncpy
strrchr
strcat
_except_handler3
free
strcmp
strcpy
malloc
strchr
memcmp
??2@YAPAXI@Z

kernel32

SetEvent
InterlockedExchange
CancelIo
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
GetWindowsDirectoryA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
DeleteFileA
GetLastError
CreateDirectoryA
GetDriveTypeA
FindClose
DeleteCriticalSection
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
Sleep
GetModuleFileNameA
SetLastError
GetSystemDirectoryA
ExitProcess
GetCurrentProcess
GetVersion
DeviceIoControl
CreateThread
lstrcpyA
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetLocalTime
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateThread
CreateEventA
MoveFileExA
MoveFileA
GetTickCount
WaitForSingleObject
GlobalUnlock
GlobalLock
GlobalSize
GlobalFree
GlobalAlloc
CreateProcessA
CreatePipe
TerminateProcess
PeekNamedPipe
OutputDebugStringA
GlobalMemoryStatusEx
GetSystemInfo
OpenEventA
SetErrorMode
SetUnhandledExceptionFilter
FreeConsole
LocalSize
lstrcmpiA
GetCurrentThreadId
InitializeCriticalSection
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
CreateRemoteThread
VirtualFree
LocalFree
RaiseException

user32

OpenDesktopA
PostMessageA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
IsWindowVisible
GetWindowThreadProcessId
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
GetCursorInfo
GetCursorPos
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
wsprintfA
ExitWindowsEx
MessageBoxA
GetWindowTextA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
EnumWindows
LoadCursorA
DestroyCursor
SystemParametersInfoA
keybd_event
BlockInput
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

RegOpenKeyA
RegQueryValueExA
RegSetValueExA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
RegOpenKeyExA
RegCloseKey
RegQueryValueA
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
GetTokenInformation
LookupAccountSidA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

ws2_32

getpeername
getsockname
bind
WSACleanup
__WSAFDIsSet
ioctlsocket
send
inet_ntoa
recvfrom
gethostname
recv
select
ntohs
closesocket
WSAStartup
connect
htons
socket
gethostbyname
inet_addr

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

netapi32

NetUserAdd
NetLocalGroupAddMembers

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.da
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e99bd711f8e9a2c70ff67ef84568ff10

Headers

File Characteristics

Imports

shlwapi

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcp60

netapi32

wininet

psapi

wtsapi32

Sections

.text Size: 96KB - Virtual size: 96KB

.rsrc Size: 28KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 8KB

.da Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.text Size: 4KB - Virtual size: 4KB

.text
Size: 96KB - Virtual size: 96KB

.rsrc
Size: 28KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 8KB

.da
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 4KB