498b4a77d094fc0be1a70876fde24c5fc1e6fa84dc2203999c66fd5fe84907a5

Sharing

Copy URL Twitter E-mail

General

Target

498b4a77d094fc0be1a70876fde24c5fc1e6fa84dc2203999c66fd5fe84907a5
Size

190KB
MD5

0ac0a19f181d461d6bf571968c415b90
SHA1

3877f1a18fff1aeea062242eac0cd127522a897a
SHA256

498b4a77d094fc0be1a70876fde24c5fc1e6fa84dc2203999c66fd5fe84907a5
SHA512

56be5779eed2184100014d0b9595ed991151733b7149ffe3a939208a525d1ea1a71f4fd5bc404d852dac19233fa7030648674cf46ad166916b42b180eb90ef95
SSDEEP

3072:2ZnwthPiBIvibLXVA1Ch20bU+G85S+0i4/CQbHLm6JrG3asjPiLP:kn0l9vibLlAr0bAy0mjKD

Score

N/A

Malware Config

Signatures

Files

498b4a77d094fc0be1a70876fde24c5fc1e6fa84dc2203999c66fd5fe84907a5
.dll windows x86

5a0c9f6bcba485d65f92bcf3fdde638d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetTickCount
GetPrivateProfileStringW
GetPrivateProfileIntW
DeleteFileW
VirtualFree
CreateThread
WaitForSingleObject
TerminateThread
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
SetFilePointer
GetModuleFileNameA
DeleteFileA
GetFileSize
GetLocalTime
WriteFile
FormatMessageA
GetCurrentProcessId
TerminateProcess
GetACP
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetProcessHeap
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LocalFree
LocalAlloc
lstrcpynW
VirtualAlloc
CloseHandle
GetCurrentProcess
CreateFileW
HeapReAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

shlwapi

PathRemoveFileSpecA
PathFileExistsW
PathRemoveFileSpecW

libcurl

curl_easy_setopt
curl_global_cleanup
curl_easy_cleanup
curl_easy_perform
curl_easy_init
curl_global_init

crypt32

CertGetNameStringW
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CryptMsgClose

Exports

Exports

DtlPlugStart
DtlPlugStop
PlugCrashCallback

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a0c9f6bcba485d65f92bcf3fdde638d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

shlwapi

libcurl

crypt32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.rmnet
Size: 56KB - Virtual size: 60KB