93dcf371443ad057ccc5799138b800cf42fd4a799c180d58072bb4ed7dafe57a

Sharing

Copy URL Twitter E-mail

General

Target

93dcf371443ad057ccc5799138b800cf42fd4a799c180d58072bb4ed7dafe57a
Size

2.7MB
MD5

04fe2d14413aacf090d7f5ef911d7b09
SHA1

d9cca8123369331ec0f54c957a8baf8ac7c14a07
SHA256

93dcf371443ad057ccc5799138b800cf42fd4a799c180d58072bb4ed7dafe57a
SHA512

9e636109d1e953345f9503eb27606503ca37a2c35b71a3dad3253c16f0d25e61e167293536d8b01d3b33222de007f560adeb97f0d9a4b5e536e11eabac6bf0ae
SSDEEP

49152:vSvKAhjVITg6BAlunVUyG4WNSKpZClPzJfqpNclGp+sptHY6ZNjnQmR:v2K3Tg6BAlunSiWQKpZ6PtblpmtHY6v

Score

N/A

Malware Config

Signatures

Files

93dcf371443ad057ccc5799138b800cf42fd4a799c180d58072bb4ed7dafe57a
.dll windows x86

e6db8a8f1a0d5045b591e736741fe1e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetSystemInfo
VirtualProtect
GetCurrentDirectoryA
QueryPerformanceFrequency
CloseHandle
CreateWaitableTimerA
GetSystemTime
CreateThread
GetComputerNameA
GetFileSize
lstrlenA
SetThreadExecutionState
GetVolumeInformationA
ReadProcessMemory
lstrcatA
DeviceIoControl
lstrcpyA
VirtualQueryEx
VirtualProtectEx
WriteProcessMemory
CreateProcessA
GetLastError
VirtualAllocEx
ResumeThread
GetThreadContext
SetThreadContext
VirtualQuery
InterlockedCompareExchange
GetCurrentThread
FlushInstructionCache
VirtualAlloc
GetCurrentThreadId
DebugBreak
SuspendThread
SetLastError
OpenMutexA
GetModuleFileNameA
QueryDosDeviceA
Process32First
GetTickCount
IsBadReadPtr
OpenProcess
WideCharToMultiByte
CreateFileW
MultiByteToWideChar
FindFirstFileA
lstrcmpiA
FindClose
Process32Next
ProcessIdToSessionId
CreateToolhelp32Snapshot
GetVersionExA
GetCurrentProcessId
DeleteFileA
lstrcmpA
FreeLibrary
LoadLibraryW
GetModuleHandleA
VirtualFree
TerminateThread
CreateMutexA
ReleaseMutex
GetNativeSystemInfo
HeapAlloc
HeapFree
GetProcessHeap
IsWow64Process
OpenEventA
lstrlenW
lstrcpynA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GetPrivateProfileIntA
Module32First
MoveFileA
CreatePipe
Module32Next
GetTempPathA
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
GetConsoleMode
GetConsoleCP
RtlUnwind
ExitThread
GetProcAddress
GetPrivateProfileStringA
ReadFile
TerminateProcess
CreateEventA
Sleep
WriteFile
GetSystemTimeAsFileTime
SetEvent
WaitForSingleObject
QueryPerformanceCounter
GetCurrentProcess
SystemTimeToFileTime
SetWaitableTimer
SetFilePointer
GetLogicalDriveStringsA
CreateFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RaiseException
LeaveCriticalSection
EnterCriticalSection
HeapSize
GetModuleFileNameW
GetStdHandle
ExitProcess
GetModuleHandleW
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
HeapReAlloc
DecodePointer
EncodePointer

user32

EnumDisplaySettingsA
GetDC
GetWindowLongA
AllowSetForegroundWindow
GetWindowThreadProcessId
GetSystemMetrics
SystemParametersInfoA
MessageBoxA
EnumChildWindows
GetWindowTextA
GetClassNameA
GetWindowRect
ReleaseDC
EnumWindows

gdi32

GetDeviceCaps

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegEnumKeyExA
OpenProcessToken
RegCloseKey
RegEnumKeyA
GetUserNameA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA

shell32

ShellExecuteExA

psapi

GetProcessImageFileNameA
EnumProcessModules
GetModuleFileNameExA
EnumProcesses

shlwapi

StrStrIA
SHSetValueA
SHDeleteKeyA
SHRegGetValueA
StrStrIW

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesA

ws2_32

htons
inet_ntoa

urlmon

URLOpenBlockingStreamA

winmm

timeGetTime

powrprof

CallNtPowerInformation

wintrust

CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

run
www_mircl_com

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6db8a8f1a0d5045b591e736741fe1e2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

psapi

shlwapi

setupapi

wtsapi32

ws2_32

urlmon

winmm

powrprof

wintrust

version

Exports

Exports

Sections

.text Size: 270KB - Virtual size: 270KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 2.4MB - Virtual size: 8.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 270KB - Virtual size: 270KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 2.4MB - Virtual size: 8.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 39KB - Virtual size: 39KB