b327c8e95412cb6ffead5d3c71b58a65a86be8c4893f9d8b95aaa38b6c21cfb3

Sharing

Copy URL

Twitter E-mail

General

Target

b327c8e95412cb6ffead5d3c71b58a65a86be8c4893f9d8b95aaa38b6c21cfb3
Size

169KB
MD5

482d1c34de432be0bc6cbbeff6b5a083
SHA1

adeaba9cf1485384d23d7ba25042ad9f243d7fe0
SHA256

b327c8e95412cb6ffead5d3c71b58a65a86be8c4893f9d8b95aaa38b6c21cfb3
SHA512

e2d6a7b0340bec0e40571e3979bf5be8ed757da897d5f38f47fcf1c522cdb88f10ed9e054cb4eb9edcb2c96d2be52fe5f33ad58f05dc16ef0eab7e784509014e
SSDEEP

3072:a9YVJYERVcUtjb6enhJn1tjsbfPqbWmAic8cevNb9iGQoU5XvOIj:zcKP6evjsbHqqmAixcmQd5fb

Score

N/A

Malware Config

Signatures

Files

b327c8e95412cb6ffead5d3c71b58a65a86be8c4893f9d8b95aaa38b6c21cfb3
.dll windows x86

08ac93dc680352a2090c9dd218f235be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

vfprintf
exit
rewind
fputc
_stricmp
_itoa
_strlwr
_strnicmp
fseek
ftell
_mbsicmp
_mbsnbcmp
_strdup
_mbsstr
memmove
_mbsnbicmp
_EH_prolog
putc
_CxxThrowException
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
strncmp
_iob
fprintf
printf
sscanf
realloc
_except_handler3
time
srand
isalpha
isdigit
wcslen
memcpy
atoi
??2@YAPAXI@Z
calloc
??3@YAXPAX@Z
wcscmp
fwrite
fopen
fread
fclose
rand
__CxxFrameHandler
strcpy
strcmp
strrchr
free
sprintf
strcat
strstr
strncpy
strchr
malloc
memset
strlen
strncat

kernel32

GetFileSize
CreateFileA
GetModuleFileNameA
GetModuleHandleA
lstrcmpA
GetProcAddress
LoadLibraryA
LocalFree
LocalAlloc
SetFileTime
WriteFile
SetFilePointer
GetSystemDirectoryA
WideCharToMultiByte
MultiByteToWideChar
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetCurrentProcessId
ExitThread
CreateThread
GetTickCount
ReadFile
ResetEvent
WaitForSingleObject
FreeLibrary
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
SetEvent
GetCurrentProcess
MoveFileA
DeleteFileA
GetFileTime
Sleep
FindNextFileA
FindClose
FindFirstFileA
GetTempPathA
GetDriveTypeA
GetLogicalDrives
SetEndOfFile
MoveFileExA
SetFileAttributesA
QueryPerformanceCounter
CreateEventA
GetSystemTime
lstrcmpiA
GetVersionExA
GetLocaleInfoA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
SetNamedPipeHandleState
WaitNamedPipeW
FlushFileBuffers
CreateFileW
CreateProcessW
GetModuleFileNameW
GetLastError
GetCurrentThread
TlsSetValue
TlsAlloc
TlsFree
HeapFree
HeapAlloc
GetProcessHeap
TerminateThread
CloseHandle
RaiseException
InterlockedExchange
SetLastError
VirtualAlloc
SuspendThread
SetThreadContext
GetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
InterlockedCompareExchange
VirtualQuery
lstrlenA
lstrcatA
lstrcpyA
GetTempPathW

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
CallNextHookEx
SendMessageTimeoutA
RegisterWindowMessageA
ScreenToClient
GetCursorPos
IsWindowVisible
GetKeyboardLayout
KillTimer
AttachThreadInput
GetForegroundWindow
DrawTextW
wsprintfA
DrawTextA
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
ReleaseDC
GetDC
wsprintfW
GetKeyboardState
EnumThreadWindows
GetAncestor
GetSystemMetrics
WindowFromPoint
SendMessageA
EnumChildWindows
FillRect
GetClassNameA
ToAsciiEx
ExitWindowsEx

gdi32

CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
SetTextColor
SetBkColor
CreateCompatibleBitmap
DeleteDC
SelectObject
BitBlt
DeleteObject

advapi32

LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegFlushKey
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
IsTextUnicode
OpenProcessToken
RegDeleteValueA
RegDeleteKeyA
CryptGetProvParam
RegEnumValueW

ole32

CLSIDFromString
CoUninitialize
CoInitialize

oleaut32

VariantCopy
SysAllocString
GetErrorInfo
SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysStringLen

secur32

DecryptMessage
EncryptMessage

ws2_32

socket
connect
closesocket
select
gethostbyname
recv
WSAStartup
htons
WSAIoctl
inet_ntoa
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
getsockname
WSAGetLastError
getpeername
gethostbyaddr
WSASend
send

wininet

HttpSendRequestA
HttpSendRequestExA
InternetQueryDataAvailable
HttpSendRequestW
HttpOpenRequestA
InternetOpenUrlA
InternetReadFileExA
InternetWriteFile
InternetQueryOptionA
InternetOpenA
InternetCloseHandle
InternetSetCookieA
GetUrlCacheEntryInfoA
InternetConnectA
InternetReadFile
InternetSetStatusCallback

crypt32

CertDeleteCertificateFromStore
CertGetNameStringA
CertStrToNameA
CertCreateSelfSignCertificate
CertOpenStore
CertAddCertificateContextToStore
PFXExportCertStoreEx
CryptMemFree
CertFreeCertificateContext
PFXImportCertStore
CertEnumCertificatesInStore
CryptAcquireCertificatePrivateKey
CertCloseStore
CryptMemAlloc

Exports

Exports

NullExport

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08ac93dc680352a2090c9dd218f235be

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

oleaut32

secur32

ws2_32

wininet

crypt32

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 10KB - Virtual size: 356KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 10KB - Virtual size: 356KB

.reloc
Size: 15KB - Virtual size: 14KB