1b86a19e86f64954a7d01fbf76690da295131831ad9c00f8d0dcd2888d9ea00c

Sharing

Copy URL Twitter E-mail

General

Target

1b86a19e86f64954a7d01fbf76690da295131831ad9c00f8d0dcd2888d9ea00c
Size

1008KB
MD5

4593a81e828674e8f6b98aa7bcdfffe0
SHA1

11e96fe62e26cc9cc46e657bd46ffc65d8b1e1d9
SHA256

1b86a19e86f64954a7d01fbf76690da295131831ad9c00f8d0dcd2888d9ea00c
SHA512

ff1294cbf6630f30bb3ef230aeb54f137a8b63ba2f6990d9c5c90952e2bb30dde273ba55b3a595ec41233f2caee3423995c84ba5b81f69621be6ec558b1bb1a5
SSDEEP

24576:W4HQcUN4zWfNF437YyB1V3pTlIeFTVEqwn:ecPrYOfIeFTVEBn

Score

N/A

Malware Config

Signatures

Files

1b86a19e86f64954a7d01fbf76690da295131831ad9c00f8d0dcd2888d9ea00c
.dll windows x86

ae60371c9d65eda3f3467387e3a27af8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
sendto
recvfrom
htons
inet_addr
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
WSAGetLastError
closesocket
__WSAFDIsSet
select
ioctlsocket

advapi32

RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

kernel32

FindFirstFileA
lstrcmpA
WriteFile
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GlobalMemoryStatus
EnumResourceLanguagesA
ConvertDefaultLocale
GetModuleHandleA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetCurrentThread
SizeofResource
LockResource
LoadResource
FindResourceA
GlobalAddAtomA
LocalFree
lstrcpynA
GlobalUnlock
GlobalFree
SetLastError
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedDecrement
SetErrorMode
InterlockedIncrement
GlobalFlags
lstrcmpW
FindClose
GlobalGetAtomNameA
ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
GetCPInfo
GetOEMCP
RtlUnwind
HeapFree
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
IsBadReadPtr
ExitThread
CreateThread
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
GetCommandLineA
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
GetTimeZoneInformation
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadCodePtr
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetLocaleInfoW
WritePrivateProfileStringA
TerminateProcess
GetStdHandle
SetConsoleTitleA
WriteConsoleA
AllocConsole
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
CompareStringW
CompareStringA
QueryPerformanceFrequency
LoadLibraryA
GetProcAddress
FreeLibrary
FreeConsole
lstrcpyA
GetTickCount
SuspendThread
lstrcmpiA
QueryPerformanceCounter
GetVersion
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateWaitableTimerA
SetWaitableTimer
SleepEx
CancelWaitableTimer
ResumeThread
WaitForMultipleObjects
GetLastError
CreateDirectoryA
InitializeCriticalSection
GetCurrentDirectoryA
lstrcatA
Sleep
SwitchToThread
TerminateThread
SignalObjectAndWait
ResetEvent
SetEvent
WaitForSingleObject
CloseHandle
TryEnterCriticalSection
EnterCriticalSection
FormatMessageA
lstrlenA
LocalAlloc
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventA
GlobalFindAtomA

user32

RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
GetPropA
SetWindowLongA
GetDlgItem
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetPropA
GetClassInfoExA
GetClassLongA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
SetMenuItemBitmaps
DestroyMenu
ShowWindow
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostMessageA
UnregisterClassA
SendMessageA
MsgWaitForMultipleObjectsEx
PeekMessageA
MsgWaitForMultipleObjects
DispatchMessageA
PostQuitMessage
wsprintfA

gdi32

SetTextColor
SetMapMode
GetClipBox
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetStockObject
SelectObject
DeleteObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle

msvcr71

memchr
_iob
fprintf
abort
_fileno
fsetpos
fgetpos
fputc
fgetc
setvbuf
fgets
fseek
ftell
_setmode
fflush
fwrite
fread
fclose
fopen
time
qsort
memmove

Exports

Exports

CreateRSClient
FreeRSClient
GetDllVersion

Sections

.text
Size: 560KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ae60371c9d65eda3f3467387e3a27af8

Headers

File Characteristics

Imports

ws2_32

advapi32

kernel32

user32

gdi32

winspool.drv

comctl32

shlwapi

oleaut32

wininet

msvcr71

Exports

Exports

Sections

.text Size: 560KB - Virtual size: 556KB

.rdata Size: 144KB - Virtual size: 140KB

.data Size: 160KB - Virtual size: 182KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 68KB - Virtual size: 67KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 560KB - Virtual size: 556KB

.rdata
Size: 144KB - Virtual size: 140KB

.data
Size: 160KB - Virtual size: 182KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 68KB - Virtual size: 67KB

.rmnet
Size: 60KB - Virtual size: 60KB