c19df7bb0246fd45e5ede83cf3aaf913560d2aee9a04f7bafc4d5e56cfe9ba63

Sharing

Copy URL Twitter E-mail

General

Target

c19df7bb0246fd45e5ede83cf3aaf913560d2aee9a04f7bafc4d5e56cfe9ba63
Size

209KB
MD5

4080eeaec4140ed1667c650a730cdff7
SHA1

718c5a638ecb7c8ac78091dae0c25f40c0fe386c
SHA256

c19df7bb0246fd45e5ede83cf3aaf913560d2aee9a04f7bafc4d5e56cfe9ba63
SHA512

e95039b5202e342778465acea697cc15912c27793e985aa1d41b6d0ad0df88f6bad8f800c44c8eddcfba1da2a6694fa72dc75e2ccaacca62b86c6b7df292cec0
SSDEEP

6144:aweHmVWOiqqkj5JXmsxiI1ICexBoV4vZCl:aw/liqqkj5JXaIqCwBdvG

Score

N/A

Malware Config

Signatures

Files

c19df7bb0246fd45e5ede83cf3aaf913560d2aee9a04f7bafc4d5e56cfe9ba63
.dll windows x86

a6fff7dd2539cb15bd187ba38c767c55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_vsnwprintf
__CxxFrameHandler3
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
_ltow
_itow_s
swprintf_s
_wcsicmp
_wcsnicmp
wcscpy_s
wcscat_s
memmove_s
??0exception@@QAE@ABQBD@Z
memset
__RTDynamicCast
_purecall
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
malloc
_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
memmove
memcpy_s
memcpy

kernel32

SetUnhandledExceptionFilter
DisableThreadLibraryCalls
GetLastError
InterlockedIncrement
InterlockedDecrement
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
CloseHandle
SetEvent
OpenThread
OpenProcess
ExpandEnvironmentStringsW
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
SystemTimeToFileTime
GetSystemTime
CreateThread
GetProcessHeap
DeleteFileW
GetVersionExW
GetFileAttributesW
CreateProcessW
CreateFileW
WriteFile
CreateDirectoryW
GetFileSize
ReadFile
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
ReleaseSemaphore
CreateSemaphoreW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

advapi32

StartTraceW
RegOpenKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey
OpenTraceW
EnableTraceEx
ControlTraceW
CreateWellKnownSid
EventAccessControl
EventAccessRemove
ProcessTrace
CloseTrace
DuplicateToken
DuplicateTokenEx
SetThreadToken
OpenProcessToken
OpenThreadToken
RevertToSelf
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegOpenKeyExW
RegQueryValueExW

mpclient

MpAllocMemory
MpConfigOpen
MpConfigGetValueAlloc
MpConfigClose
MpConfigGetValue
MpConfigRegisterForNotifications
MpConfigUnregisterNotifications
MpFreeMemory
MpClientUtilExportFunctions
MpUtilsExportFunctions
MpHandleClose
MpManagerVersionQuery
MpManagerOpen
MpConfigSetValue

psapi

GetModuleFileNameExW

tdh

TdhGetProperty
TdhGetPropertySize

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

MpPluginGetState
MpPluginInitialize
MpPluginReportThreadStatus
MpPluginSetEngine
MpPluginSetState
MpPluginSetUserInformation
MpPluginShutdown
MpPluginStop

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6fff7dd2539cb15bd187ba38c767c55

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

mpclient

psapi

tdh

version

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 131KB

.data Size: 63KB - Virtual size: 63KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 132KB - Virtual size: 131KB

.data
Size: 63KB - Virtual size: 63KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 12KB - Virtual size: 12KB