4725899291a15bc9d733887fa385bac1bdc3c0e9d8ace193ac3972747be76608_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

4725899291a15bc9d733887fa385bac1bdc3c0e9d8ace193ac3972747be76608_unpacked
Size

2.1MB
MD5

8dce0c3db36340e53116a7ce5e1d70f0
SHA1

8a864bd2fb410b1402d47e42e6dd2d8d7a5093e2
SHA256

4725899291a15bc9d733887fa385bac1bdc3c0e9d8ace193ac3972747be76608
SHA512

549e88c8b643a32991d997feb6c87ce7e750e1f101eb9088ea069f4afe14ad4563e102a8861704689e635d897b15c100a9d8b7c559b7d3258fd2585f334ab80a
SSDEEP

49152:8M1MrZ11JLzEvX53ka1sx/MqOaPZT3vc/prh:8M1MrZ11JLz053O/8

Score

N/A

Malware Config

Signatures

Files

4725899291a15bc9d733887fa385bac1bdc3c0e9d8ace193ac3972747be76608_unpacked
.dll windows x86

7712549caee7be20ba1aadfd9015d599

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateEventA
ResetEvent
SetEndOfFile
ReadFile
FlushFileBuffers
WriteFile
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
GetTickCount
SetFileAttributesW
VirtualAlloc
GetFileSizeEx
VirtualFree
SetFilePointerEx
RemoveDirectoryW
GetVolumeNameForVolumeMountPointW
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
LoadLibraryA
OutputDebugStringA
Thread32Next
Thread32First
GetCurrentThread
CreateProcessW
FreeLibrary
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
CreateMutexW
ReleaseMutex
SetLastError
WaitForMultipleObjects
GetComputerNameW
LocalAlloc
GetCurrentProcessId
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleW
LoadLibraryW
VirtualProtect
WriteProcessMemory
VirtualAllocEx
CreateRemoteThread
DuplicateHandle
VirtualFreeEx
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateDirectoryW
TerminateProcess
CreateFileW
lstrcmpiA
FindClose
FindNextFileW
FindFirstFileW
GetCurrentThreadId
GetSystemTime
GetLocalTime
SetEvent
GetFileAttributesW
MoveFileExW
LocalFree
GetNativeSystemInfo
GetVersionExW
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
PeekNamedPipe
GetFileInformationByHandle
FileTimeToSystemTime
GetDriveTypeW
FindFirstFileExW
FileTimeToLocalFileTime
CreateEventW
ExitThread
ExitProcess
GetModuleFileNameW
GetTimeZoneInformation
AddVectoredExceptionHandler
Sleep
WaitForSingleObject
LeaveCriticalSection
lstrlenA
SetEnvironmentVariableA
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
ReadConsoleW
GetConsoleCP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetCurrentDirectoryW
GetStartupInfoW
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
RaiseException
LoadLibraryExW
SetConsoleMode
ReadConsoleInputA
IsProcessorFeaturePresent
IsDebuggerPresent
EnterCriticalSection
DeleteFileW
SetConsoleCtrlHandler
InterlockedDecrement
DecodePointer
EncodePointer
GetCommandLineA
GetModuleHandleExW
VirtualQuery
ResumeThread
SuspendThread
OpenThread
InterlockedExchange
FlushInstructionCache
GetCurrentProcess
SetThreadContext
GetThreadContext
TryEnterCriticalSection
GetFullPathNameW
GetFullPathNameA
ExpandEnvironmentStringsW
lstrcmpiW
GetTempPathW
CreateFileA
GetFileSize
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
HeapDestroy
GetFileAttributesA
HeapCreate
GetVersion
GetModuleHandleA
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
SystemTimeToFileTime
DeleteFileA
AreFileApisANSI
GetTempPathA
GetVersionExA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
HeapValidate

advapi32

CryptAcquireContextW
RegDeleteKeyW
RegDeleteKeyA
GetLengthSid
DeregisterEventSource
RegisterEventSourceA
ReportEventA
SetNamedSecurityInfoW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
InitiateSystemShutdownExW

shlwapi

PathAddBackslashW
StrCmpNIA
PathRemoveBackslashW
PathCombineW
PathMatchSpecW
UrlUnescapeA
PathAddExtensionW
wvnsprintfA
wvnsprintfW
PathRemoveFileSpecW
PathRenameExtensionW
PathIsURLW
PathSkipRootW

shell32

SHGetFolderPathA
ShellExecuteW
SHGetFolderPathW

user32

CharLowerA
CharUpperW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
ExitWindowsEx

ws2_32

inet_addr
freeaddrinfo
getaddrinfo
getpeername
getsockname
closesocket
accept
ntohs
WSAGetLastError
inet_ntoa
recv
select
send
socket
connect
setsockopt
bind
listen
WSASetLastError
shutdown
WSAAddressToStringW
htons
WSAIoctl
WSAStartup

crypt32

CryptUnprotectData

wininet

HttpOpenRequestA
FindNextUrlCacheEntryW
InternetQueryOptionA
InternetSetOptionA
InternetConnectA
InternetOpenA
DeleteUrlCacheEntryW
HttpQueryInfoA
InternetQueryOptionW
HttpSendRequestA
InternetReadFile
DeleteUrlCacheEntryA
InternetCloseHandle
InternetCrackUrlA
FindFirstUrlCacheEntryW
InternetSetOptionW
FindCloseUrlCache

dnsapi

DnsFree
DnsQuery_A

ole32

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CLSIDFromString
StringFromGUID2
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
VariantClear

Exports

Exports

_Run@4

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7712549caee7be20ba1aadfd9015d599

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

shell32

user32

ws2_32

crypt32

wininet

dnsapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 313KB - Virtual size: 312KB

.data Size: 66KB - Virtual size: 97KB

.reloc Size: 124KB - Virtual size: 123KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 313KB - Virtual size: 312KB

.data
Size: 66KB - Virtual size: 97KB

.reloc
Size: 124KB - Virtual size: 123KB