e6330b82cbd95f5a16ec5799a631db4003d880c0eaa149bd6d81ba4b8aeb5707_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

e6330b82cbd95f5a16ec5799a631db4003d880c0eaa149bd6d81ba4b8aeb5707_unpacked
Size

1.2MB
MD5

e62007aa2df44572d8f8ab3119d8973f
SHA1

65d6ec4a6cf94e9d7b5091aa59e43bb68603dfa3
SHA256

53084554be522fae16133fd08f99d76ddd46958ac6be3275688bc009659a812d
SHA512

9280ece8f32ef9fe9d30da2a617ecb0b548ae3f9787febddc9e067b90f664d4309161551db0bd11fec3950fd583adc6ec1746acea6f9e16b43ba91f4d50de4ea
SSDEEP

24576:qG9zIGE71OxjF7E6bz22JSK3I6p/Z6TtnhcC6H9w:qWILShhSQI6p/gTthcC6H9w

Score

N/A

Malware Config

Signatures

Files

e6330b82cbd95f5a16ec5799a631db4003d880c0eaa149bd6d81ba4b8aeb5707_unpacked
.dll windows x86

46fe67762dc8644a446a4f5b5f323e93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetModuleHandleW
GetProcAddress
LoadLibraryA
GetLastError
SetLastError
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
CreateMutexA
CreateEventW
GetCurrentProcessId
ExitProcess
ExitThread
VirtualFree
GetModuleFileNameW
GetComputerNameW
GetSystemDefaultLCID
GetCurrentThread
SetThreadPriority
FlushFileBuffers
ReadFile
SetEndOfFile
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
GetTickCount
GetFileSizeEx
RemoveDirectoryW
SetFileAttributesW
SetFilePointerEx
VirtualAlloc
GetVolumeNameForVolumeMountPointW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
CreateProcessW
FreeLibrary
Thread32First
Thread32Next
MultiByteToWideChar
WideCharToMultiByte
ReleaseMutex
CreateMutexW
WaitForMultipleObjects
SystemTimeToFileTime
GetTimeZoneInformation
GetModuleHandleA
GetVersion
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
GetThreadContext
SetThreadContext
GetCurrentProcess
InterlockedCompareExchange
Process32NextW
HeapCreate
FlushInstructionCache
InterlockedExchange
OpenThread
SuspendThread
ResumeThread
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
InterlockedDecrement
GetModuleHandleExW
AreFileApisANSI
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
ReadConsoleW
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetConsoleCP
SetStdHandle
SetFilePointer
CompareStringW
LCMapStringW
OutputDebugStringW
LoadLibraryW
HeapSize
SetEnvironmentVariableA
Process32FirstW
CreateToolhelp32Snapshot
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
OpenProcess
CreateRemoteThread
DuplicateHandle
CopyFileW
lstrcmpiA
CreateDirectoryW
lstrlenW
lstrcatW
lstrcmpW
TerminateProcess
FindNextFileW
FindFirstFileW
FindClose
GetLocalTime
GetSystemTime
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateThread
LocalFree
GetNativeSystemInfo
GetVersionExW
WriteFile
DeleteFileW
CreateFileW
ExpandEnvironmentStringsW
MoveFileExW
lstrcmpiW
Sleep
GetFileAttributesW
CreateFileMappingA
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToSystemTime
GetDriveTypeW
FindFirstFileExW
FileTimeToLocalFileTime
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetTempPathW
WaitForSingleObject
ResetEvent
SetEvent
GetCurrentDirectoryW
GetStringTypeW

advapi32

GetTokenInformation
RegDeleteKeyA
RegDeleteKeyW
GetLengthSid
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
RegCreateKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

shlwapi

wvnsprintfW
wvnsprintfA
SHDeleteValueW
PathAddExtensionW
UrlUnescapeA
StrCmpNIA
PathSkipRootW
PathCombineW
PathRemoveBackslashW
PathRemoveFileSpecW
PathRenameExtensionW
PathIsURLW
PathAddBackslashW

shell32

SHGetFolderPathW
ShellExecuteW

user32

ExitWindowsEx
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
CharLowerA
CharUpperW
CharLowerBuffA

ole32

CLSIDFromString
StringFromGUID2

ws2_32

WSAAddressToStringW
setsockopt
WSAGetLastError
WSASetLastError
WSAStartup
shutdown
socket
send
listen
connect
bind
ntohs
gethostbyname
closesocket
accept
freeaddrinfo
getaddrinfo
select
recv
inet_addr
htons
WSAIoctl

wininet

InternetSetOptionW
DeleteUrlCacheEntryA
InternetSetOptionA
InternetQueryOptionW
InternetQueryOptionA
InternetReadFile
DeleteUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetCloseHandle
InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA

Exports

Exports

_Run@4
__injectEntryForThreadEntry@4

Sections

.text
Size: 801KB - Virtual size: 800KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46fe67762dc8644a446a4f5b5f323e93

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

shell32

user32

ole32

ws2_32

wininet

Exports

Exports

Sections

.text Size: 801KB - Virtual size: 800KB

.rdata Size: 283KB - Virtual size: 282KB

.data Size: 39KB - Virtual size: 63KB

.vmp0 Size: 38KB - Virtual size: 37KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 801KB - Virtual size: 800KB

.rdata
Size: 283KB - Virtual size: 282KB

.data
Size: 39KB - Virtual size: 63KB

.vmp0
Size: 38KB - Virtual size: 37KB

.reloc
Size: 42KB - Virtual size: 41KB