7aa5318a4cf3534ee34f0c542620c03608a95040e8a44ac71150c8e48e6e7ddc_unpacked

Sharing

Copy URL

Twitter E-mail

General

Target

7aa5318a4cf3534ee34f0c542620c03608a95040e8a44ac71150c8e48e6e7ddc_unpacked
Size

2.1MB
MD5

bea0168685e05268cfea4f63a298f16b
SHA1

ff82700ee26bbaf5a3357c5f5070fda9f80f9993
SHA256

47b26e0172dff4ae1905455029926314ac685e0ce854c4230fc35a7cdf0fe259
SHA512

789c2d061a0b72162d3b1cd444b10ff89ad6d889efa452c349adbaea2345192df36d62609d0959e76893899b3e55b2a0e25ad86484f8770a21d20c647c143e60
SSDEEP

49152:YZ54VVdEe/9fSvwNMVEy2rElG6CaP3TYeLiuOAGm5d:YjCdENvzVB2glGnKLiu

Score

N/A

Malware Config

Signatures

Files

7aa5318a4cf3534ee34f0c542620c03608a95040e8a44ac71150c8e48e6e7ddc_unpacked
.dll windows x86

f15b198070f97d99b9914102b6db0b8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsQuery_A
DnsFree

kernel32

GetSystemDefaultLCID
GetCurrentProcessId
AddVectoredExceptionHandler
GetModuleFileNameW
ExitProcess
ExitThread
CreateEventW
GetComputerNameW
GetLastError
CreateEventA
ResetEvent
SetEndOfFile
ReadFile
FlushFileBuffers
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
GetTickCount
SetFileAttributesW
VirtualFree
GetFileSizeEx
VirtualAlloc
SetFilePointerEx
RemoveDirectoryW
GetVolumeNameForVolumeMountPointW
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
LoadLibraryA
Thread32Next
Thread32First
GetCurrentThread
CreateProcessW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
CreateMutexW
ReleaseMutex
WaitForMultipleObjects
GetTimeZoneInformation
LocalAlloc
DeleteFileA
AreFileApisANSI
GetTempPathA
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageA
GetSystemTimeAsFileTime
UnlockFileEx
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
GetProcAddress
InterlockedCompareExchange
QueryPerformanceCounter
SystemTimeToFileTime
UnmapViewOfFile
MapViewOfFile
SetFilePointer
HeapCompact
GetFileSize
CreateFileA
GetFullPathNameA
GetFullPathNameW
TryEnterCriticalSection
GetVersion
GetModuleHandleA
GlobalMemoryStatus
FlushConsoleInputBuffer
SetLastError
GetThreadContext
SetThreadContext
GetCurrentProcess
FlushInstructionCache
InterlockedExchange
OpenThread
SuspendThread
ResumeThread
VirtualQuery
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
LoadLibraryExW
GetModuleHandleExW
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
RaiseException
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
TlsGetValue
TlsSetValue
TlsFree
GetConsoleCP
ReadConsoleW
SetStdHandle
GetStringTypeW
CompareStringW
LCMapStringW
SetEnvironmentVariableA
LoadLibraryW
VirtualProtect
VirtualAllocEx
CreateRemoteThread
VirtualFreeEx
DuplicateHandle
WriteProcessMemory
OpenProcess
Process32NextW
CreateToolhelp32Snapshot
Process32FirstW
TerminateProcess
CreateDirectoryW
lstrcmpiA
FindNextFileW
FindClose
FindFirstFileW
SetEvent
GetCurrentThreadId
GetSystemTime
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
InterlockedDecrement
LocalFree
GetNativeSystemInfo
GetVersionExW
CreateFileW
CloseHandle
WriteFile
DeleteFileW
ExpandEnvironmentStringsW
MoveFileExW
lstrcmpiW
GetFileAttributesW
WaitForSingleObject
Sleep
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToSystemTime
GetDriveTypeW
FindFirstFileExW
FileTimeToLocalFileTime
lstrlenA
GetTempPathW
UnlockFile
TlsAlloc

advapi32

GetSidSubAuthority
RegDeleteKeyW
RegDeleteKeyA
GetLengthSid
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
InitiateSystemShutdownExW
GetSidSubAuthorityCount
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExA

shlwapi

wvnsprintfA
wvnsprintfW
SHDeleteValueW
PathAddExtensionW
PathRenameExtensionW
PathRemoveFileSpecW
PathIsURLW
PathRemoveBackslashW
PathAddBackslashW
StrCmpNIA
PathCombineW
PathSkipRootW
PathMatchSpecW
UrlUnescapeA

shell32

SHGetFolderPathA
SHGetFolderPathW
ShellExecuteW

user32

GetUserObjectInformationW
GetProcessWindowStation
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CharLowerA
ExitWindowsEx
MessageBoxA
CharUpperW

ole32

CoInitialize
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeEx
StringFromGUID2
CLSIDFromString

ws2_32

send
socket
WSAAddressToStringW
shutdown
WSASetLastError
bind
listen
recv
select
WSAStartup
inet_ntoa
WSAGetLastError
ntohs
closesocket
accept
getpeername
getsockname
freeaddrinfo
getaddrinfo
htons
inet_addr
WSAIoctl
setsockopt
connect

crypt32

CryptUnprotectData

wininet

DeleteUrlCacheEntryA
InternetReadFile
InternetSetOptionW
InternetQueryOptionW
InternetQueryOptionA
InternetSetOptionA
DeleteUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW
InternetCloseHandle
InternetCrackUrlA
HttpQueryInfoA
InternetConnectA
HttpAddRequestHeadersA
InternetOpenA
HttpOpenRequestA
HttpSendRequestA
FindFirstUrlCacheEntryW

oleaut32

SysAllocString
SysFreeString
VariantClear

Exports

Exports

_Run@4
__injectEntryForThreadEntry@4

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f15b198070f97d99b9914102b6db0b8d

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

kernel32

advapi32

shlwapi

shell32

user32

ole32

ws2_32

crypt32

wininet

oleaut32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 66KB - Virtual size: 95KB

.vmp0 Size: 66KB - Virtual size: 65KB

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 66KB - Virtual size: 95KB

.vmp0
Size: 66KB - Virtual size: 65KB

.reloc
Size: 53KB - Virtual size: 53KB