a1e5be44426fa43c9654f0ccd9646cb8a74c6bf96a1b2629fab72b2126981e69

Sharing

Copy URL Twitter E-mail

General

Target

a1e5be44426fa43c9654f0ccd9646cb8a74c6bf96a1b2629fab72b2126981e69
Size

85KB
MD5

8194dd23d379b97f998ed81493450ac2
SHA1

6e6dfe3f654d82444de719792b18b92afc0560f2
SHA256

a1e5be44426fa43c9654f0ccd9646cb8a74c6bf96a1b2629fab72b2126981e69
SHA512

35d3cbd3ec8d058aefd4a7bcf7362ff866d8e8e45e9e665acd155db1673304bcb08685bf58b433b426c81d32c1ccf615bd4677910865bcfca188755d456f5b60
SSDEEP

1536:fANTQHNQbbZvXP9IqwQj95OXyjhtxI1zGC3i:fggUf02Bj/xszGqi

Score

N/A

Malware Config

Signatures

Files

a1e5be44426fa43c9654f0ccd9646cb8a74c6bf96a1b2629fab72b2126981e69
.dll windows x86

c3a6a94077c8ea13b436e9b85c7d80b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
WriteFile
ReadFile
GetCurrentThread
CreatePipe
GetModuleHandleA
DeleteFileA
FreeLibrary
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
FindNextFileA
FindFirstFileA
GetCurrentThreadId
GetVersionExA
WinExec
SetFileAttributesW
GetLogicalDriveStringsA
MoveFileW
DeleteFileW
CreateDirectoryW
GetTickCount
RemoveDirectoryW
GetTempPathA
GetLocalTime
HeapFree
GetProcessHeap
SetEvent
HeapAlloc
CreateEventA
InitializeCriticalSection
GlobalFree
GlobalAlloc
GetComputerNameA
lstrlenA
WideCharToMultiByte
OpenThread
GetExitCodeThread
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetCurrentProcessId
Thread32Next
TerminateThread
Thread32First
CreateToolhelp32Snapshot
ExitProcess
MoveFileA
GetTempFileNameA
ReadProcessMemory
RtlUnwind
LCMapStringW
LCMapStringA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
GetFileSize
GetSystemTime
EnterCriticalSection
LeaveCriticalSection
CreateProcessA
OpenProcess
WaitForSingleObject
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
MultiByteToWideChar
GetModuleFileNameA
CreateMutexA
GetLastError
GetCurrentProcess
GetSystemDirectoryA
ExitThread
GetWindowsDirectoryA
lstrcatA
WritePrivateProfileStringA
SetFileAttributesA
CopyFileA
CloseHandle
Sleep
CreateThread
GetDriveTypeA
CreateFileA
DeviceIoControl
lstrcpyA

user32

CloseDesktop
CloseWindowStation
SetThreadDesktop
OpenDesktopA
ExitWindowsEx
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
wsprintfA
SetProcessWindowStation

advapi32

ClearEventLogA
DeleteService
DuplicateTokenEx
OpenEventLogA
CloseEventLog
LogonUserA
CreateProcessAsUserA
OpenSCManagerA
OpenServiceA
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
ChangeServiceConfig2A
StartServiceA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyA
RegSetValueExA

msvcrt

sprintf
sscanf
??3@YAXPAX@Z
strncpy
malloc
free
__CxxFrameHandler
_ftol
??2@YAPAXI@Z
_vsnprintf
atoi
_findclose
strftime
localtime
_i64toa
_wfindnexti64
_wfindfirsti64
swprintf
wcscmp
wcslen
_atoi64
_close
_read
_eof
_lseeki64
_filelengthi64
_wopen
_wfindnext
wcscat
wcscpy
_wfindfirst
_write
atol
strncmp
rand
srand
_stricmp
__dllonexit
_onexit
_initterm
_adjust_fdiv

ws2_32

htonl
htons
select
__WSAFDIsSet
closesocket
recv
recvfrom
inet_ntoa
gethostname
socket
bind
ioctlsocket
connect
setsockopt
shutdown
send
sendto
inet_addr
gethostbyname
WSAStartup

urlmon

URLDownloadToFileA

psapi

GetModuleFileNameExA
GetMappedFileNameA

userenv

LoadUserProfileA

wininet

InternetConnectA
HttpOpenRequestA
InternetCrackUrlA
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
HttpSendRequestA
InternetOpenA
InternetCloseHandle

Exports

Exports

InitSQLConnect
SQLAlloc
SQLClose
SQLExecute
SQLFree
SQLQuery
Uninstall

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3a6a94077c8ea13b436e9b85c7d80b6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

urlmon

psapi

userenv

wininet

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 3KB