52c6985187531849e49935dc8e3478362ec1d0723f4c1fe52d3b5372daabbd2c_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

52c6985187531849e49935dc8e3478362ec1d0723f4c1fe52d3b5372daabbd2c_unpacked
Size

1.2MB
MD5

8309dd02682f77dca892f4a35eff5184
SHA1

9038a36dbbaebf5ad9033ffef0e454c87ce01746
SHA256

52c6985187531849e49935dc8e3478362ec1d0723f4c1fe52d3b5372daabbd2c
SHA512

3e48fc17cb65894d2c010976b4ec2876df770be745bd6072af1dcd46885c159ea2ccd0e40dbc8c18c0e07ac3b0d14d5e63ee14b44b02b3e3c00a9d649e6d3564
SSDEEP

24576:7G9sAxLMsxicVJ8+o9XgQCz2bmIUeZp/f6TW+IHdQ:7XAxViKJ6W26IUgp/CTW+IHdQ

Score

N/A

Malware Config

Signatures

Files

52c6985187531849e49935dc8e3478362ec1d0723f4c1fe52d3b5372daabbd2c_unpacked
.dll windows x86

93b24fda7ca7bf0295b86247dc98a127

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32FirstW
Process32NextW
VirtualProtect
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryA
GetLastError
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
CreateMutexA
CreateEventW
GetCurrentProcessId
ExitProcess
ExitThread
VirtualFree
GetModuleFileNameW
GetComputerNameW
GetSystemDefaultLCID
FlushFileBuffers
ReadFile
SetEndOfFile
WriteFile
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
GetTickCount
GetFileSizeEx
RemoveDirectoryW
SetFileAttributesW
SetFilePointerEx
VirtualAlloc
GetVolumeNameForVolumeMountPointW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetCurrentThread
CreateProcessW
FreeLibrary
Thread32First
Thread32Next
MultiByteToWideChar
WideCharToMultiByte
ReleaseMutex
CreateMutexW
WaitForMultipleObjects
SystemTimeToFileTime
GetTimeZoneInformation
GetVersion
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
GetThreadContext
SetThreadContext
GetCurrentProcess
InterlockedCompareExchange
CreateToolhelp32Snapshot
HeapCreate
FlushInstructionCache
InterlockedExchange
OpenThread
SuspendThread
ResumeThread
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
InterlockedDecrement
GetModuleHandleExW
AreFileApisANSI
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
ReadConsoleW
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetStdHandle
SetFilePointer
GetStringTypeW
CompareStringW
LCMapStringW
OutputDebugStringW
LoadLibraryW
HeapSize
SetEnvironmentVariableA
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
OpenProcess
CreateRemoteThread
DuplicateHandle
CopyFileW
lstrcmpiA
SetLastError
CreateFileW
CreateDirectoryW
lstrlenW
lstrcatW
lstrcmpW
TerminateProcess
FindNextFileW
FindFirstFileW
FindClose
GetLocalTime
GetSystemTime
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateThread
LocalFree
GetNativeSystemInfo
GetVersionExW
DeleteFileW
ExpandEnvironmentStringsW
GetUserDefaultUILanguage
MoveFileExW
lstrcmpiW
Sleep
WaitForSingleObject
ResetEvent
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToSystemTime
GetDriveTypeW
FindFirstFileExW
FileTimeToLocalFileTime
SetEvent
GetFileAttributesW
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetTempPathW
GetCurrentDirectoryW
GetConsoleCP

advapi32

GetTokenInformation
RegCloseKey
RegCreateKeyExW
RegDeleteKeyA
RegSetValueExW
GetLengthSid
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
RegQueryValueExW
RegOpenKeyExW
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegSetValueExA

shlwapi

wvnsprintfW
wvnsprintfA
SHDeleteValueW
SHDeleteKeyW
PathAddExtensionW
UrlUnescapeA
StrCmpNIA
PathSkipRootW
PathCombineW
PathRemoveFileSpecW
PathRenameExtensionW
PathIsURLW
PathAddBackslashW
PathRemoveBackslashW

shell32

SHGetFolderPathW
ShellExecuteW

user32

ExitWindowsEx
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
CharLowerA
CharUpperW

ole32

CLSIDFromString
StringFromGUID2

ws2_32

WSAAddressToStringW
WSAIoctl
setsockopt
WSASetLastError
WSAStartup
socket
shutdown
send
listen
connect
bind
ntohs
gethostbyname
inet_addr
htons
closesocket
accept
select
recv
WSAGetLastError

wininet

InternetSetOptionW
InternetSetOptionA
InternetQueryOptionW
InternetQueryOptionA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetCrackUrlA
InternetOpenA
InternetConnectA
DeleteUrlCacheEntryA

Exports

Exports

_Run@4
__injectEntryForThreadEntry@4

Sections

.text
Size: 796KB - Virtual size: 795KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93b24fda7ca7bf0295b86247dc98a127

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

shell32

user32

ole32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 796KB - Virtual size: 795KB

.rdata Size: 281KB - Virtual size: 280KB

.data Size: 39KB - Virtual size: 63KB

.vmp0 Size: 49KB - Virtual size: 49KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 796KB - Virtual size: 795KB

.rdata
Size: 281KB - Virtual size: 280KB

.data
Size: 39KB - Virtual size: 63KB

.vmp0
Size: 49KB - Virtual size: 49KB

.reloc
Size: 41KB - Virtual size: 41KB