NSGetModule
Static task
static1
Behavioral task
behavioral1
Sample
8aeb30e49c6197342039898982300f51e571b04dd5a4dcd93bd593acb5ba842a.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8aeb30e49c6197342039898982300f51e571b04dd5a4dcd93bd593acb5ba842a.dll
Resource
win10v2004-20220812-en
General
-
Target
8aeb30e49c6197342039898982300f51e571b04dd5a4dcd93bd593acb5ba842a
-
Size
533KB
-
MD5
41368499c50696db4e956f6823b9a87d
-
SHA1
b098ed420b837d9c0fdfe8e0ffa6aa3c7299f076
-
SHA256
8aeb30e49c6197342039898982300f51e571b04dd5a4dcd93bd593acb5ba842a
-
SHA512
8f8f1afe3da603715d40f4dbd14d5c3fb1b51a5f07c9af375972fc8d6cf2e04d99bbcb1d8221a4303b3229ee1d976770a4657f25c672753fc810379386f27926
-
SSDEEP
6144:Ayvwbc5esNrh7SB+BQJS5jXpIksl194SHjwvM4FQXKJbW2TB+xGYVjF2J/+7rVHS:RLlIkslT4SHjwvtfTkjF2tSMl4gZmL4z
Malware Config
Signatures
Files
-
8aeb30e49c6197342039898982300f51e571b04dd5a4dcd93bd593acb5ba842a.dll windows x86
a505f6ccd02bcc6e80b740d9890d59d4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegEnumValueW
CheckTokenMembership
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
GetSidSubAuthorityCount
FreeSid
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
GetSidSubAuthority
RegFlushKey
GetSecurityDescriptorSacl
xpcom
NS_CStringGetMutableData
NS_Free
NS_CStringSetDataRange
NS_NewNativeLocalFile
NS_StringContainerInit2
NS_CStringCopy
NS_Alloc
NS_CStringContainerInit2
NS_CStringCloneData
NS_CStringToUTF16
NS_StringContainerFinish
NS_StringContainerInit
NS_StringCopy
NS_StringSetDataRange
NS_StringSetData
NS_StringGetData
NS_CStringContainerFinish
NS_CStringContainerInit
NS_CStringGetData
NS_CStringSetData
NS_GetServiceManager
NS_GetComponentManager
NS_GetMemoryManager
NS_Realloc
nspr4
PR_AtomicIncrement
PR_SetError
PR_Free
PR_Malloc
PR_Now
PR_GetRandomNoise
PR_snprintf
PR_AtomicDecrement
plc4
PL_strlen
PL_Base64Decode
PL_Base64Encode
wininet
InternetGetConnectedState
InternetReadFile
InternetOpenW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
HttpQueryInfoW
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
kernel32
GetThreadLocale
SetEndOfFile
GetConsoleOutputCP
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
LoadResource
LockResource
SizeofResource
GetLastError
SetLastError
lstrlenW
FindResourceExW
FindResourceW
RaiseException
lstrlenA
MultiByteToWideChar
ReleaseMutex
CreateMutexW
CloseHandle
LocalFree
WaitForSingleObject
GetSystemTimeAsFileTime
lstrcmpiW
GetCurrentProcess
VerifyVersionInfoW
VerSetConditionMask
HeapFree
GetModuleHandleA
ExitProcess
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
WideCharToMultiByte
LCMapStringW
ReadFile
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
WriteFile
GetModuleFileNameA
InterlockedExchange
InitializeCriticalSection
HeapSize
SetHandleCount
GetStartupInfoA
Sleep
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
WriteConsoleA
user32
wvsprintfW
CharLowerBuffW
UnregisterClassA
shell32
SHGetFolderPathW
Exports
Exports
Sections
.text Size: 258KB - Virtual size: 257KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 195KB - Virtual size: 196KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE