bbd0a43706a8bf6c4f89bf2c8e9f3cbc1f50ff12d0e63bdb8ae23a40a99f70d0

Sharing

Copy URL Twitter E-mail

General

Target

bbd0a43706a8bf6c4f89bf2c8e9f3cbc1f50ff12d0e63bdb8ae23a40a99f70d0
Size

172KB
MD5

91288d2fde8d46bc30eadecac70f4180
SHA1

64ee6f56c0a5c000b6c827afa56cef5eeef1a0e5
SHA256

bbd0a43706a8bf6c4f89bf2c8e9f3cbc1f50ff12d0e63bdb8ae23a40a99f70d0
SHA512

2b2bc3e974ba1c3ecbe749fd3849f8fcaad52fedb8c5b6b99bdd15a8b689e1ea657500cf8718698a7e69d713afc0c39865c9d0b97a3a1966b57d285b9fc565f4
SSDEEP

1536:0R2vosELiCaFsFFmmDyUL3fbV157PfCe5t1L4xP6mzNms/YzI4pghtz4QhZM3j:G2vosnN6DyUx37yDp/YzJUt5hu

Score

N/A

Malware Config

Signatures

Files

bbd0a43706a8bf6c4f89bf2c8e9f3cbc1f50ff12d0e63bdb8ae23a40a99f70d0
.dll windows x86

40b70a7e2a24f5fc2032aad2a7ca3dd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memcpy
_vsnprintf
iswxdigit

kernel32

GetSystemDefaultLCID
TlsGetValue
GetStartupInfoW
GetSystemDirectoryA
LocalFlags
GetCommandLineA
EnumSystemLocalesW
SetLocaleInfoA
SetCriticalSectionSpinCount
GetModuleFileNameW
FindFirstVolumeW
SetTimerQueueTimer
CancelTimerQueueTimer
GetCalendarInfoA
LocalFlags
ReadConsoleOutputCharacterA
DeleteAtom
WriteProfileSectionA
SetThreadPriorityBoost
LocalUnlock

msvcrt

strtod
__dllonexit
free
_onexit
_wrename
fwscanf
_strnicoll
_strrev
isleadbyte
_strncoll
_atoldbl
_fullpath
malloc

winmm

mciGetDeviceIDFromElementIDW
midiStreamClose
mciSendStringW
waveOutOpen
mixerGetNumDevs
waveOutPause
mciGetYieldProc
mciSendCommandA
timeGetTime
waveOutClose
mixerGetDevCapsA
midiOutGetDevCapsW
auxGetDevCapsA
midiInGetNumDevs
waveInGetDevCapsW
midiOutMessage
waveOutGetDevCapsW
joySetThreshold
mciGetDeviceIDFromElementIDA
joyGetPos

secur32

VerifySignature
DeleteSecurityContext
ApplyControlToken
AcquireCredentialsHandleA
AddSecurityPackageW
AcceptSecurityContext
ImpersonateSecurityContext
DecryptMessage
QueryCredentialsAttributesW
QuerySecurityPackageInfoW
EncryptMessage
InitializeSecurityContextA
ImportSecurityContextA
InitSecurityInterfaceA

Exports

Exports

ArcClipboardNavigate
DecryptCopyTableParameters
LeaveKernel
OemCertUNCServerValid
PolyDragCloseThreadTag
PrepareFloodAutoAs
SHFreeFree
ValidateWindowsPriority

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

H
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text/BA
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40b70a7e2a24f5fc2032aad2a7ca3dd2

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

msvcrt

winmm

secur32

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 81KB

.data Size: 3KB - Virtual size: 7KB

H Size: 40KB - Virtual size: 39KB

.text/BA Size: 16KB - Virtual size: 16KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 82KB - Virtual size: 81KB

.data
Size: 3KB - Virtual size: 7KB

H
Size: 40KB - Virtual size: 39KB

.text/BA
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 512B - Virtual size: 4KB