f76e614723432398d1b7d2c4224728204b3bd9c5725e8200a925e8cbf349344c_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

f76e614723432398d1b7d2c4224728204b3bd9c5725e8200a925e8cbf349344c_unpacked
Size

1.6MB
MD5

6c34779503414210378371d250a3a1af
SHA1

5a53aec49078644cc086568f06584625f7180394
SHA256

f76e614723432398d1b7d2c4224728204b3bd9c5725e8200a925e8cbf349344c
SHA512

670765cf7a858a017e466a1ccdc84dfa7de206287a57a8cdb17d31d8acaeb345f4a775b6f76b87fd92174ed8d5f7ac3f529a1e954fc671042b85bbc62f8358e5
SSDEEP

49152:xwsB2iNVLJE1RPOhehm8F2Kp/yTBXEbIeQP:ymNdepOhImC

Score

N/A

Malware Config

Signatures

Files

f76e614723432398d1b7d2c4224728204b3bd9c5725e8200a925e8cbf349344c_unpacked
.dll windows x86

37c8d7f9cc13a6af4c213e2dd87637a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsQuery_A
DnsFree

kernel32

CreateEventA
GetFileAttributesW
MoveFileExW
DeleteFileA
AreFileApisANSI
GetTempPathA
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
FlushFileBuffers
MultiByteToWideChar
ReadFile
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
WideCharToMultiByte
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
TryEnterCriticalSection
GetStdHandle
GetCurrentProcess
GetVolumeNameForVolumeMountPointW
LocalAlloc
GetTimeZoneInformation
ReleaseMutex
SetLastError
WaitForMultipleObjects
VirtualAlloc
VirtualFree
GetFileSizeEx
RemoveDirectoryW
SetFileAttributesW
SetFilePointerEx
GetFileType
GetConsoleMode
WriteConsoleW
CreateToolhelp32Snapshot
GetCurrentThread
CreateProcessW
Thread32First
Thread32Next
GetModuleHandleA
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
GetThreadContext
SetThreadContext
FlushInstructionCache
InterlockedExchange
OpenThread
SuspendThread
ResumeThread
VirtualQuery
ResetEvent
DecodePointer
LoadLibraryExW
GetModuleHandleExW
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
RaiseException
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetConsoleCP
ReadConsoleW
SetStdHandle
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
CompareStringW
LCMapStringW
SetEnvironmentVariableA
OpenProcess
CreateRemoteThread
GetLocalTime
GetSystemTime
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindNextFileW
FindFirstFileW
FindClose
LocalFree
GetNativeSystemInfo
InterlockedDecrement
GetTempPathW
GetSystemDefaultLCID
GetComputerNameW
GetModuleFileNameW
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
GetVersionExW
ExitThread
CreateThread
ExitProcess
GetCurrentProcessId
CreateEventW
WaitForSingleObject
InitializeCriticalSection
AddVectoredExceptionHandler
DuplicateHandle
lstrcmpiA
TerminateProcess
Sleep
SetEvent
CloseHandle
DeleteFileW
CreateFileW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToSystemTime
GetDriveTypeW
FindFirstFileExW
FileTimeToLocalFileTime
lstrlenA
lstrcmpiW
WriteFile
GetLastError
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
GetModuleHandleW
VirtualProtect
Process32NextW
EncodePointer
Process32FirstW
CreateDirectoryW

advapi32

SetNamedSecurityInfoW
RegDeleteKeyW
GetLengthSid
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
LookupPrivilegeValueW
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegDeleteKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
GetSecurityDescriptorSacl
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
InitiateSystemShutdownExW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA

shlwapi

wvnsprintfW
PathAddBackslashW
PathRemoveFileSpecW
PathRemoveBackslashW
PathRenameExtensionW
StrCmpNIA
PathIsURLW
SHDeleteValueW
UrlUnescapeA
PathAddExtensionW
wvnsprintfA
PathCombineW
PathMatchSpecW
PathSkipRootW

shell32

SHGetFolderPathA
ShellExecuteW
SHGetFolderPathW

user32

MsgWaitForMultipleObjects
CharLowerA
GetUserObjectInformationW
GetProcessWindowStation
PeekMessageW
DispatchMessageW
TranslateMessage
CharUpperW
MessageBoxA
ExitWindowsEx

ole32

StringFromGUID2
CLSIDFromString
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoCreateInstance
CoUninitialize

ws2_32

WSAIoctl
WSASetLastError
WSAStartup
socket
shutdown
setsockopt
send
select
recv
listen
connect
bind
inet_ntoa
WSAGetLastError
ntohs
closesocket
accept
inet_addr
htons
freeaddrinfo
getaddrinfo
getsockname
getpeername
WSAAddressToStringW

crypt32

CryptUnprotectData

wininet

InternetOpenA
DeleteUrlCacheEntryA
InternetSetOptionW
InternetSetOptionA
InternetQueryOptionW
InternetCrackUrlA
InternetQueryOptionA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW
InternetReadFile

oleaut32

SysFreeString
VariantClear
SysAllocString

Exports

Exports

_Run@4
__injectEntryForThreadEntry@4

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37c8d7f9cc13a6af4c213e2dd87637a2

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

kernel32

advapi32

shlwapi

shell32

user32

ole32

ws2_32

crypt32

wininet

oleaut32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 326KB - Virtual size: 326KB

.data Size: 48KB - Virtual size: 77KB

.vmp0 Size: 4KB - Virtual size: 3KB

.reloc Size: 50KB - Virtual size: 50KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 326KB - Virtual size: 326KB

.data
Size: 48KB - Virtual size: 77KB

.vmp0
Size: 4KB - Virtual size: 3KB

.reloc
Size: 50KB - Virtual size: 50KB