9e435d0a0bf3d4e8567f96875f18677c46c96d394e63a4bd1ac82e75fdd64298

Sharing

Copy URL Twitter E-mail

General

Target

9e435d0a0bf3d4e8567f96875f18677c46c96d394e63a4bd1ac82e75fdd64298
Size

564KB
MD5

96a0b841fffd911f2b6be375de8b9d30
SHA1

a2a5bb36727d0f510bcba6a8bf33b047f1052372
SHA256

9e435d0a0bf3d4e8567f96875f18677c46c96d394e63a4bd1ac82e75fdd64298
SHA512

37074ae4afec7658e786025431b5232a83b41216ad32f4ca94284d4b7d777a37c1149c050b642e323cf7b90e513c0d7f7cf6fabbb6b746df56e90ce951e1095b
SSDEEP

12288:PTYZG/oacILzAu5ZS/SIHiBQw5m413lM2SsK:PTY+xzIpiSOfvtK

Score

N/A

Malware Config

Signatures

Files

9e435d0a0bf3d4e8567f96875f18677c46c96d394e63a4bd1ac82e75fdd64298
.dll windows x86

d13b0398821abaf3fef9be74926cca9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winhttp

WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSetOption

ws2_32

inet_addr
WSAStartup
gethostbyname
WSACleanup
inet_ntoa
ntohl
htons

shlwapi

StrCatW

psapi

GetModuleFileNameExW

kernel32

Sleep
InitializeCriticalSection
CloseHandle
GetModuleHandleA
WriteFile
CreateFileW
GetTickCount
ReadFile
GetFileSize
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
CreateFileA
LocalFree
LocalAlloc
GetLastError
GetProcAddress
LoadLibraryA
FreeLibrary
GetFileSizeEx
SetEndOfFile
SetFilePointer
LoadLibraryW
OpenProcess
GetCurrentProcess
SystemTimeToFileTime
lstrcatA
GetEnvironmentVariableA
TerminateProcess
GetModuleFileNameW
DeleteFileW
CopyFileA
MoveFileA
DeleteFileA
ExitThread
GetCurrentProcessId
FileTimeToSystemTime
WideCharToMultiByte
LoadLibraryExA
VirtualFree
GetFileAttributesW
InterlockedExchange
RaiseException
GetOEMCP
GetACP
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FreeEnvironmentStringsW
GetCPInfo
LCMapStringW
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
DecodePointer
EncodePointer
DeleteCriticalSection
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
GetEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
ExitProcess
IsValidCodePage
HeapSize
VirtualQuery
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetConsoleCP
FlushFileBuffers
GetConsoleMode
SetStdHandle
WriteConsoleW
GetProcessHeap
GetModuleFileNameA
MultiByteToWideChar
GetFileType
QueryPerformanceCounter
GetStartupInfoW

user32

GetWindowThreadProcessId
PeekMessageA
TranslateMessage
DispatchMessageA
InvalidateRect
LoadIconA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
BeginPaint
RegisterWindowMessageA
DrawTextA
EndPaint
MessageBoxA
GetForegroundWindow
GetSystemMetrics
GetDC
ReleaseDC
wsprintfW
LoadCursorA
CopyIcon
SetSystemCursor
DestroyCursor
SystemParametersInfoA
GetLastInputInfo
wsprintfA
GetClientRect
DefWindowProcA

gdi32

SetDIBits
CreateRectRgn
CreateSolidBrush
FillRgn
SetTextColor
SetBkColor
GetStockObject
GetObjectA
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteObject
DeleteDC
CreateDCA

advapi32

RegQueryValueExA
RegCloseKey
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
RegOpenKeyExA

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoUninitialize

oleaut32

GetErrorInfo
VariantClear
SysFreeString
VariantInit

Exports

Exports

F33ced1
F33ced12
F33ced2
F33ced3
F33ced4
F33ced5
F33ced6
F33ced7
F33ced8

Sections

.text
Size: - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

shared
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.textbss
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d13b0398821abaf3fef9be74926cca9c

Headers

DLL Characteristics

File Characteristics

Imports

version

winhttp

ws2_32

shlwapi

psapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 417KB

shared Size: - Virtual size: 15KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 41KB - Virtual size: 93KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 30KB - Virtual size: 30KB

.textbss Size: 4KB - Virtual size: 7KB

.text
Size: - Virtual size: 417KB

shared
Size: - Virtual size: 15KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 41KB - Virtual size: 93KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 30KB - Virtual size: 30KB

.textbss
Size: 4KB - Virtual size: 7KB