2ded86c4f2736b6262d90aa0fb0f809e36b9e5345cd3ea210845b1df229316a1

Sharing

Copy URL Twitter E-mail

General

Target

2ded86c4f2736b6262d90aa0fb0f809e36b9e5345cd3ea210845b1df229316a1
Size

98KB
MD5

443301051577dfb16cc761d0095e719f
SHA1

638b42de5e6f0222282739f7d7675fa84ce5d405
SHA256

2ded86c4f2736b6262d90aa0fb0f809e36b9e5345cd3ea210845b1df229316a1
SHA512

656cad3f3a675566da8804b9dd4db0d892b3c971f78de67c4ceb8b0ea237a9a5dd4b2176cc2515d1a5310306035a797bde9fd8fded2b4cf1dacd5f9675f4ff65
SSDEEP

1536:q8dmZq81mOTRkP1n7ERKVf0lGMX+w9+crujfdryeIpG7qGuR6SbwG/YWX:q+mZO1gJX+K+wuDdrylpgqVR6SbwG/Y

Score

N/A

Malware Config

Signatures

Files

2ded86c4f2736b6262d90aa0fb0f809e36b9e5345cd3ea210845b1df229316a1
.dll windows x86

e2e8dbe586a17f0d6b49e9131aba0061

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
LocalAlloc
GetFileSize
ReadFile
MoveFileA
lstrcmpiA
Process32First
MapViewOfFile
CreateFileMappingA
HeapFree
UnmapViewOfFile
GetModuleHandleA
GlobalFree
GlobalUnlock
LocalFree
GlobalAlloc
GlobalSize
GetStartupInfoA
WaitForMultipleObjects
LocalSize
TerminateProcess
GlobalMemoryStatus
GetVersionExA
OpenEventA
GetCurrentProcess
SetFileAttributesA
CopyFileA
ExpandEnvironmentStringsA
GetModuleFileNameA
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrlenA
lstrcpyA
GetFileAttributesA
CreateDirectoryA
GetProcessHeap
HeapAlloc
GetTickCount
CancelIo
InterlockedExchange
ResetEvent
GetLastError
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
ResumeThread
Sleep
TerminateThread
CloseHandle
FreeLibrary
LoadLibraryA
GlobalLock
GetProcAddress

user32

DispatchMessageA
TranslateMessage
GetMessageA
CharNextA
wsprintfA
GetWindowTextA
MessageBoxA
LoadCursorA
SendMessageA
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
DestroyCursor
LoadMenuA
RegisterClassA
IsWindow
PostMessageA
GetUserObjectInformationA
IsWindowVisible
GetWindowThreadProcessId
CreateWindowExA

gdi32

GetStockObject

advapi32

GetLengthSid
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegSetValueExA
CloseServiceHandle
DeleteService
OpenServiceA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegOpenKeyA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
StartServiceA
AdjustTokenPrivileges
RegSaveKeyA
RegRestoreKeyA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA

msvcrt

_CxxThrowException
_strrev
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
srand
_access
wcstombs
atoi
_beginthreadex
strrchr
strcat
strcmp
_except_handler3
malloc
free
strncpy
sprintf
strcpy
rand
_stricmp
memcmp
strstr
strlen
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
puts
memcpy
__CxxFrameHandler
memmove
putchar
ceil
_ftol

ws2_32

send
inet_addr
connect
sendto
htonl
getsockname
select
recv
socket
gethostbyname
htons
setsockopt
WSACleanup
WSAStartup
closesocket

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

Exports

Exports

EndWork
Runing
Working
caonima

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2e8dbe586a17f0d6b49e9131aba0061

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ws2_32

msvcp60

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 4KB