f87620acc899d35681f6f423dd79d99dc806696b08119c2d85ba180bc30f5253

Sharing

Copy URL Twitter E-mail

General

Target

f87620acc899d35681f6f423dd79d99dc806696b08119c2d85ba180bc30f5253
Size

18KB
MD5

806830c2fcd7b984882e669c5361a264
SHA1

e0506fbe3a57b2474e10e432e666bf15cb782b06
SHA256

f87620acc899d35681f6f423dd79d99dc806696b08119c2d85ba180bc30f5253
SHA512

4b09d37135c3156c0932ad106322cbd2b2e912cbe1763851aa02f42271ec3049c42e2e0b6ded3c3cd463c882058ee168043e7af43acdf98f07a3bc85891a3437
SSDEEP

384:ecLeB77mZ9P/bF0emaSvrvsz5dsq8e9eag0qCMbcta:VPT6YSz0zsq8e9AXbs

Score

N/A

Malware Config

Signatures

Files

f87620acc899d35681f6f423dd79d99dc806696b08119c2d85ba180bc30f5253
.dll windows x86

aa2da5bdd42eb100be35126392d4e412

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryW
CreateFileA
CreateFileW
CreateFileMappingA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
FindFirstFileA
FindNextFileA
FreeLibrary
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetSystemDirectoryA
GetVolumeInformationA
HeapAlloc
HeapFree
HeapReAlloc
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MoveFileA
MoveFileExA
OpenFileMappingA
RemoveDirectoryA
SetFilePointer
Sleep
SleepEx
UnmapViewOfFile
VirtualAlloc
VirtualProtect
WriteFile
lstrcatA
lstrcmpW
lstrcpyA

user32

CreateDialogParamW
CreateWindowExW
DefWindowProcW
ExitWindowsEx
FindWindowW
GetAsyncKeyState
GetClassInfoExW
GetCursorPos
GetDlgItem
IsDialogMessageW
IsWindowVisible
KillTimer
RegisterClassExW
SendMessageA
SetLayeredWindowAttributes
SetTimer
SetWindowLongA
SetWindowTextW
ShowWindow
wsprintfA

advapi32

RegDeleteKeyA

wininet

FtpCreateDirectoryA
FtpPutFileA
FtpSetCurrentDirectoryA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA

wintrust

WinVerifyTrust

shell32

SHGetFolderPathA
ShellExecuteExA
StrRChrA

ntdll

RtlAdjustPrivilege

Exports

Exports

AddProcessExclusion
GetChangeRect
GetChangedWindowList
IsTitleBarButtonPressed
RemoveProcessExclusion
SetButtonXOffset
SetSingleWindow
ShowTitleBarButton
StartHooks
StopHooks

Sections

.code
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edat
Size: 512B - Virtual size: 322B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

aa2da5bdd42eb100be35126392d4e412

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

wintrust

shell32

ntdll

Exports

Exports

Sections

.code Size: 12KB - Virtual size: 12KB

.idat Size: 2KB - Virtual size: 2KB

.edat Size: 512B - Virtual size: 322B

.reloc Size: 1KB - Virtual size: 1KB

.code
Size: 12KB - Virtual size: 12KB

.idat
Size: 2KB - Virtual size: 2KB

.edat
Size: 512B - Virtual size: 322B

.reloc
Size: 1KB - Virtual size: 1KB