f7568b4904c0764f7dca093075220d18576aa857da23a68630a1bd78ed83209e

Sharing

Copy URL Twitter E-mail

General

Target

f7568b4904c0764f7dca093075220d18576aa857da23a68630a1bd78ed83209e
Size

1.2MB
MD5

965de6e114d152b1eab1b4d4d08feff6
SHA1

7fb399f834419d1960599fb82fc94ae183c1b8f7
SHA256

f7568b4904c0764f7dca093075220d18576aa857da23a68630a1bd78ed83209e
SHA512

0398ef2fc4a5ec06edfa56adbe9cbd49084ff5ce8013d6f43bd6b239881ce99c2909d1b5a73d694863372ebb3fbec61b66487e8c8c75fa02224881e07d0d2acf
SSDEEP

24576:ddktXY/HNjmdn4Ks//ufdyq+LjhRgmL4fcDeIHLFCS:T9k4Wfsq+LVuWVLFCS

Score

N/A

Malware Config

Signatures

Files

f7568b4904c0764f7dca093075220d18576aa857da23a68630a1bd78ed83209e
.dll windows x86

95dbd02cd78f325db038a53a996bed02

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameA
GetTempPathA
GetEnvironmentVariableA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetFileTime
GetEnvironmentStrings
ExpandEnvironmentStringsA
GetExitCodeProcess
GetEnvironmentVariableW
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
TerminateThread
CreateEventA
LeaveCriticalSection
GetTempPathW
InterlockedExchange
EnterCriticalSection
WaitForMultipleObjects
DeleteCriticalSection
DeleteFileW
GetVersionExA
FreeLibrary
LoadLibraryA
CreateProcessW
GetLogicalDrives
GetDriveTypeA
SetFilePointer
SystemTimeToFileTime
CreateDirectoryW
WideCharToMultiByte
CreateFileW
GetCurrentDirectoryW
LocalFileTimeToFileTime
ConnectNamedPipe
CreateNamedPipeW
QueryPerformanceCounter
SetThreadPriority
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
CreateSemaphoreA
ReleaseSemaphore
GetProcessAffinityMask
FindFirstFileW
FindClose
FindNextFileW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
LocalFree
FormatMessageA
GetCurrentProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
VirtualQuery
GetFileSize
ReadFile
CreateFileA
WriteFile
SetEndOfFile
GetCurrentThread
lstrcmpA
GetVersion
OpenProcess
GetModuleHandleA
GetProcAddress
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
WaitForSingleObject
CreateThread
DeleteFileA
GetTickCount
MoveFileA
MoveFileExA
GetLastError
lstrlenA
OpenEventA
SetEvent
CloseHandle
Sleep
GetProcessHeap
HeapFree
GetSystemInfo
GetModuleHandleW
VirtualProtect
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
TerminateProcess
GetStringTypeW
GetStringTypeA
SetStdHandle
GetCurrentDirectoryA
GetFullPathNameW
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
VirtualAlloc
GetModuleFileNameA
HeapAlloc
GetCommandLineA
OutputDebugStringA
RaiseException
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetTimeZoneInformation
HeapReAlloc
GetCPInfo
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetCurrentProcessId
ExitThread

user32

ExitWindowsEx
GetIconInfo
GetDC
GetCursorInfo
GetCursorPos
GetDesktopWindow
DrawIcon

gdi32

SelectObject
CreateDIBSection
DeleteObject
CreateCompatibleDC

advapi32

ImpersonateSelf
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegOpenKeyW
RegQueryValueExW
RegEnumKeyW
RegSetValueExW
RegEnumValueW
RegDeleteValueW
RegCreateKeyW
OpenProcessToken
RegOpenKeyExA
RegDeleteKeyA
RegOpenKeyExW
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteExA
ShellExecuteExW

ole32

CoInitialize
CoGetObject
CoCreateInstance
CoTaskMemFree

ntdll

ZwQuerySystemInformation

wininet

HttpQueryInfoA
InternetCloseHandle
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetGetConnectedState

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

iphlpapi

GetIfTable
GetAdaptersAddresses

Sections

.text
Size: 980KB - Virtual size: 979KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95dbd02cd78f325db038a53a996bed02

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ntdll

wininet

rpcrt4

iphlpapi

Sections

.text Size: 980KB - Virtual size: 979KB

.rdata Size: 196KB - Virtual size: 195KB

.data Size: 28KB - Virtual size: 276KB

.rodata Size: 4KB - Virtual size: 2KB

.reloc Size: 52KB - Virtual size: 50KB

.text
Size: 980KB - Virtual size: 979KB

.rdata
Size: 196KB - Virtual size: 195KB

.data
Size: 28KB - Virtual size: 276KB

.rodata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 52KB - Virtual size: 50KB