d2ae62130b4f2aede5731e3a370dbd578c24bf26e60f9bfb081d177a83106bd3

Sharing

Copy URL Twitter E-mail

General

Target

d2ae62130b4f2aede5731e3a370dbd578c24bf26e60f9bfb081d177a83106bd3
Size

980KB
MD5

4674d19526a6b54f3e5dacac659a5e16
SHA1

0110426ef2368e12b389a1977b800344bafc21f5
SHA256

d2ae62130b4f2aede5731e3a370dbd578c24bf26e60f9bfb081d177a83106bd3
SHA512

35726b91267e37096b998057388ae954250d65517b38d5a4c6c606660c451a7998e9a07605c431a4ffa23ab2c8c06ed0e182de93103f405ad270b5a608a747d6
SSDEEP

24576:ntzZJNZMGjzFywVreabVz4BQLZaxiewUF1Ur4K7tjXwtIz5n2DaObD6qYjXoHFjq:hlxzboQPO40db

Score

N/A

Malware Config

Signatures

Files

d2ae62130b4f2aede5731e3a370dbd578c24bf26e60f9bfb081d177a83106bd3
.dll windows x86

c37a39653ee5d23821dc1269e932dbbe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pncrt

rand
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
fseek
ftell
fread
fclose
strtok
atoi
sprintf
_splitpath
strstr
strncpy
strchr
strrchr
__CxxFrameHandler
_beginthreadex
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
time
srand
__dllonexit
iscntrl
_strnicmp
_fstat
difftime
strftime
localtime
asctime
clock
fflush
sscanf
tolower
_ismbcspace
realloc
malloc
_stricmp
printf
_mbctype
strncmp
getenv
isdigit
strtoul
_vsnprintf
wcslen
_strdup
isspace
free
atof
_fsopen
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
toupper
memmove
_snprintf
_ftime
strtol
atol
fwrite
fopen
fprintf
rename
_chmod
_mkdir
_chdir
_getcwd
_stat
_putenv
_strcmpi
_fileno
_ultoa
_itoa
_errno
_rmdir
_unlink

ole32

ReleaseStgMedium
CoCreateInstance
CoInitialize
StringFromCLSID
CoUninitialize

user32

GetMessageA
DispatchMessageA
CharLowerA
CharUpperA
CharPrevA
GetSystemMetrics
PostMessageA
RegisterClipboardFormatA
GetIconInfo
LoadImageA
MessageBoxA
FindWindowA
PeekMessageA
DestroyWindow
RegisterClassA
RegisterWindowMessageA
CreateWindowExA
GetWindowLongA
SetWindowLongA
DefWindowProcA
LoadStringA
UnregisterClassA
GetClassInfoExA
RegisterClassExA
MsgWaitForMultipleObjects
PostQuitMessage
TranslateMessage
PostThreadMessageA
CharNextA
wsprintfA

advapi32

RegSetValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyA
RegQueryValueA
RegSetValueExA
RegEnumValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiDeleteDeviceInterfaceData
SetupDiGetClassDevsA
SetupDiOpenDeviceInterfaceA
SetupDiCreateDeviceInfoList

oleaut32

SysFreeString

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

kernel32

GetDiskFreeSpaceExA
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
RemoveDirectoryA
EnterCriticalSection
GetTickCount
LeaveCriticalSection
GetFileAttributesA
SetFileAttributesA
DeleteCriticalSection
InitializeCriticalSection
ReadFile
CreateFileA
GetFileSize
lstrcmpiA
lstrlenA
LoadLibraryA
GetCurrentProcess
GetProcAddress
OpenProcess
TerminateProcess
FreeLibrary
FindFirstChangeNotificationA
FindCloseChangeNotification
WaitForMultipleObjects
FindNextChangeNotification
SetEvent
WaitForSingleObject
TerminateThread
CreateEventA
CloseHandle
InterlockedDecrement
InterlockedIncrement
GetLastError
GetCurrentThreadId
SetThreadPriority
WideCharToMultiByte
SetVolumeLabelA
GetDriveTypeA
GetVersionExA
InterlockedExchange
Sleep
MulDiv
ResetEvent
SetErrorMode
CopyFileExA
WriteFile
GlobalUnlock
GlobalLock
GetModuleFileNameA
GetDiskFreeSpaceA
CreateDirectoryA
GetTempPathA
GetSystemInfo
GetWindowsDirectoryA
GetVersion
QueryDosDeviceA
DeviceIoControl
GetLogicalDriveStringsA
GetLogicalDrives
GetPrivateProfileStringA
GetVolumeInformationA
GetSystemDirectoryA
MultiByteToWideChar
MoveFileA
GlobalAlloc
lstrcpyA
GlobalFree

Exports

Exports

CanUnload2
OnInstallPDGenXfer
OnUninstallPDGenXfer
RMACreateInstance
SetDLLAccessPath

Sections

.text
Size: 788KB - Virtual size: 785KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c37a39653ee5d23821dc1269e932dbbe

Headers

File Characteristics

Imports

pncrt

ole32

user32

advapi32

version

setupapi

oleaut32

shell32

kernel32

Exports

Exports

Sections

.text Size: 788KB - Virtual size: 785KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 44KB - Virtual size: 42KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 44KB - Virtual size: 41KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 788KB - Virtual size: 785KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 44KB - Virtual size: 42KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 44KB - Virtual size: 41KB

.rmnet
Size: 60KB - Virtual size: 60KB