36068811ff71e3cedf9d6decd06062d96f773acb7efb1e3e732c3f71079cbb90_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

36068811ff71e3cedf9d6decd06062d96f773acb7efb1e3e732c3f71079cbb90_unpacked
Size

330KB
MD5

4322f102bf0aff7e49e1f4dafc1349ba
SHA1

de225cf56eba92f8dd1e26af2ec6d96b9ffbb28e
SHA256

e7a4c50fcef73588e4dd5b477f7d543b84a0ff777bdd3326a6b001c69f4bbd6c
SHA512

79d9b0e855dc59965a8588865c72f0cd9836dc34534b1aabda207344599fba0fe9d9bd2bac847b1e443cd17a1bc8a98be7c14462d8089bb8997f68ed263ba9a4
SSDEEP

6144:A154+auDmZF4XICwCkvMg7U7JDOwWosP4zhvMLgdVvM:M5IF4XIiHg0OJ4Go

Score

N/A

Malware Config

Signatures

Files

36068811ff71e3cedf9d6decd06062d96f773acb7efb1e3e732c3f71079cbb90_unpacked
.dll windows x86

a799a0897ff978e9fc4a5839e5ec9d06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
ExitProcess
lstrlenW
CreateDirectoryA
GetTickCount
OpenEventA
TerminateProcess
CreateEventA
TerminateThread
lstrcatW
CreateFileA
WinExec
GetSystemDirectoryA
GetFileAttributesA
IsBadCodePtr
SetEvent
CreateThread
CloseHandle
TlsAlloc
WaitForSingleObject
ResumeThread
GetModuleFileNameW
TlsSetValue
GetCommandLineA
GetCommandLineW
IsBadReadPtr
TlsGetValue
IsBadWritePtr
GetCurrentProcessId
GetCurrentThreadId
SetLastError
GetCurrentProcess
Process32First
GetModuleHandleW
ReadProcessMemory
VirtualProtectEx
Process32Next
lstrcmpiW
CreateToolhelp32Snapshot
WriteProcessMemory
VirtualFree
VirtualAlloc
AddVectoredExceptionHandler
ExpandEnvironmentStringsA
SearchPathA
GetTempPathA
CreateDirectoryW
FindFirstFileW
WriteFile
ReadFile
CreateFileW
FindFirstFileA
RemoveDirectoryA
FindClose
FindNextFileA
FindNextFileW
GetSystemTimeAsFileTime
GetVolumeInformationA
GetSystemInfo
GetVersionExA
SetFilePointer
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
MultiByteToWideChar
EnterCriticalSection
DeleteCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
FreeLibrary
SetCurrentDirectoryA
GetCurrentDirectoryA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
CreateFileMappingW
OpenFileMappingW
OpenFileMappingA
GetLocalTime
OpenProcess
VirtualFreeEx
VirtualAllocEx
GetThreadContext
CreateRemoteThread
GetWindowsDirectoryW
CallNamedPipeA
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
lstrcmpA
LocalFree
GetWindowsDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
CreateProcessA
MoveFileExA
GetLastError
lstrcpyW
GetModuleHandleA
lstrcpynA
lstrlenA
DeleteFileA
SetErrorMode
lstrcmpiA
lstrcpyA
lstrcatA
SuspendThread
GetModuleFileNameA
LoadLibraryA
GetProcAddress
Sleep
GetCurrentThread
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
GetFileSize
GlobalSize
GetModuleHandleExA

user32

GetWindowInfo
SendMessageA
GetAncestor
GetWindowLongA
SendMessageTimeoutA
SetWindowPos
SendMessageTimeoutW
SetThreadDesktop
IsWindow
PostMessageA
SendMessageW
MapWindowPoints
GetWindowThreadProcessId
IsRectEmpty
GetUserObjectInformationA
GetThreadDesktop
GetWindowRect
GetWindowDC
GetCursorPos
GetParent
PostMessageW
GetClassLongA
wvsprintfA
MessageBoxA
wsprintfW
CreateDesktopA
GetTopWindow
GetWindow
DispatchMessageA
SetClassLongA
GetSubMenu
MenuItemFromPoint
GetMenu
GetMenuItemRect
TrackPopupMenuEx
GetMenuState
GetMenuItemCount
CloseClipboard
GetClipboardData
SetWinEventHook
EmptyClipboard
OpenClipboard
SetClipboardData
GetSystemMetrics
HiliteMenuItem
EndMenu
ActivateKeyboardLayout
FindWindowExA
IsWindowEnabled
RedrawWindow
PrintWindow
GetClassNameA
ChildWindowFromPointEx
SetWindowLongA
IsWindowVisible
GetForegroundWindow
GetKeyState
FindWindowA
MoveWindow
GetMessageA
UnhookWinEvent
RegisterWindowMessageA
EnumWindows
TranslateMessage
wsprintfA
ReleaseDC
GetCursorInfo
GetDC
GetIconInfo
DrawIconEx

gdi32

BitBlt
CreateCompatibleBitmap
TextOutA
GetTextMetricsA
GdiFlush
DeleteObject
SelectObject
Ellipse
CreatePen
GetStockObject
DeleteDC
CreateCompatibleDC
SetViewportOrgEx
CreateDIBSection

advapi32

RegSetValueExW
OpenProcessToken
GetUserNameW
GetTokenInformation
IsTextUnicode
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegNotifyChangeKeyValue
RegDeleteValueA
RegEnumValueA
CryptGetHashParam
RegOpenKeyA
CredEnumerateA
CredFree
CryptHashData
RegSetValueA
LookupPrivilegeValueA
ConvertStringSecurityDescriptorToSecurityDescriptorA
AdjustTokenPrivileges
InitiateSystemShutdownExA
CryptReleaseContext
CryptAcquireContextA
CryptImportKey
CryptCreateHash
CryptDestroyKey
CryptVerifySignatureA
CryptDestroyHash

shell32

SHGetFolderPathW
ShellExecuteA
SHGetFolderPathA
DoEnvironmentSubstA

shlwapi

StrRChrIA
StrStrIA
PathFindFileNameW
PathFindFileNameA
StrToIntA
StrCmpNIA
StrChrA
StrStrIW
StrCmpIW
SHDeleteKeyA
StrStrA
StrChrIA
StrCmpNA
StrCmpNIW
PathUnquoteSpacesA

wininet

InternetWriteFile
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
HttpEndRequestA
HttpAddRequestHeadersA
FindCloseUrlCache
HttpSendRequestA
InternetOpenA
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntry
InternetCloseHandle
HttpOpenRequestW
HttpOpenRequestA
InternetQueryOptionA
InternetSetStatusCallbackA
InternetAttemptConnect
InternetSetOptionA
InternetReadFile
InternetQueryDataAvailable
InternetConnectA
HttpQueryInfoA
HttpSendRequestExA

ws2_32

shutdown
htons
recv
send
gethostbyname
WSAStartup
connect
inet_addr
select
setsockopt
socket
closesocket

msvcrt

_except_handler3

iphlpapi

GetAdaptersInfo

avifil32

AVIMakeCompressedStream
AVIFileRelease
AVIStreamWrite
AVIStreamSetFormat
AVIFileCreateStreamA
AVIStreamRelease
AVIFileOpenA
AVIFileInit
AVIFileEndRecord

ole32

CoInitializeEx
OleInitialize
CoTaskMemFree
StgOpenStorage
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantInit
SysFreeString

crypt32

CertOpenSystemStoreA
CryptUnprotectData
PFXExportCertStoreEx
CertAddCertificateContextToStore
CertCloseStore
PFXImportCertStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDeleteCertificateFromStore

netapi32

NetUserGetInfo

comdlg32

GetSaveFileNameA

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a799a0897ff978e9fc4a5839e5ec9d06

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

wininet

ws2_32

msvcrt

iphlpapi

avifil32

ole32

oleaut32

crypt32

netapi32

comdlg32

Sections

.text Size: 147KB - Virtual size: 147KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 3KB - Virtual size: 288KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 147KB - Virtual size: 147KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 3KB - Virtual size: 288KB

.reloc
Size: 9KB - Virtual size: 8KB