f01ba8c51348573a67df9c2172c2954487bdb22d9926a6a81b5bc350b37881ec

Sharing

Copy URL Twitter E-mail

General

Target

f01ba8c51348573a67df9c2172c2954487bdb22d9926a6a81b5bc350b37881ec
Size

152KB
MD5

73783c7c668b841e6ab46007ab4b93da
SHA1

3c12977abe6ca1dd92b57632174800505228f6bf
SHA256

f01ba8c51348573a67df9c2172c2954487bdb22d9926a6a81b5bc350b37881ec
SHA512

d552278b8e1aa1a42644cb48f6679ac579cd89c55b9b04413b2429ce9aa467590158e3507102e71a6a5ad868cdf95bc786836e70c349627fb2b4f738ff5b21e8
SSDEEP

3072:pqFsTZH2yyalR4hTDoPYEPGcUo6cfsu4V6WLXnXKMIZYDBRwFijWwISuOMxrJA9:pqWFWyrP4FqJwcfA9XXQQqSGHa

Score

N/A

Malware Config

Signatures

Files

f01ba8c51348573a67df9c2172c2954487bdb22d9926a6a81b5bc350b37881ec
.dll windows x86

66ac06c559e74f88c1e5cc21b682cc83

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
Sleep
OpenEventA
CreateDirectoryA
OpenFileMappingA
UnmapViewOfFile
CreateFileA
WaitForSingleObject
CopyFileA
WriteFile
GlobalFree
GetComputerNameA
WriteProcessMemory
GetCommandLineA
CreateFileMappingA
HeapFree
GetProcAddress
CloseHandle
EnterCriticalSection
GetTickCount
InterlockedIncrement
ReadProcessMemory
GetModuleFileNameA
CreateMutexW
GetModuleHandleA
HeapAlloc
GetVolumeInformationA
InterlockedCompareExchange
LoadLibraryA
MapViewOfFile
GetProcessHeap
LeaveCriticalSection
TerminateProcess
CreateProcessA
GetLastError
LocalFree
GetCurrentProcess
ExitProcess
SetLastError
GlobalAlloc
CreateEventA

ole32

CoTaskMemAlloc
OleCreate
CoInitialize
CoCreateInstance
OleSetContainedObject
CoCreateGuid
CoSetProxyBlanket
CoUninitialize

user32

PeekMessageA
GetCursorPos
GetWindowThreadProcessId
GetMessageA
PostQuitMessage
SetWindowsHookExA
TranslateMessage
ClientToScreen
DestroyWindow
SetTimer
DispatchMessageA
DefWindowProcA
GetClassNameA
SendMessageA
SetWindowLongA
CreateWindowExA
UnhookWindowsHookEx
KillTimer
GetWindow
GetWindowLongA
FindWindowA
GetSystemMetrics
GetParent
RegisterWindowMessageA
ScreenToClient

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegQueryValueExA
SetTokenInformation
OpenProcessToken
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
DuplicateTokenEx
RegOpenKeyExA
GetUserNameA
RegCloseKey

shell32

SHGetFolderPathA

Exports

Exports

winCommsPath

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66ac06c559e74f88c1e5cc21b682cc83

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 944B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 944B

.reloc
Size: 8KB - Virtual size: 6KB