ac0171904cfed9c3a33050e4c69445d119c5abc3a1212b0b906622f84a188f36

Sharing

Copy URL Twitter E-mail

General

Target

ac0171904cfed9c3a33050e4c69445d119c5abc3a1212b0b906622f84a188f36
Size

297KB
MD5

49acaa9e393ccdaf5e5ed907af53cce0
SHA1

a2cc8f569a3b55985e7f26e69870f45ae399c278
SHA256

ac0171904cfed9c3a33050e4c69445d119c5abc3a1212b0b906622f84a188f36
SHA512

edd8f2d251d37ea57975ba1dda8ef5693a85227154e3b6fb5d221537cd6f8d193e3604ff4f3689f09b15bce47dd2208a3f797e3fe22b017b16e4f30479825cb7
SSDEEP

6144:kx13QzRcEIS3oNOjuyOzNfU6o3/1cJn5uL4:k/UhWJNfU5/or

Score

N/A

Malware Config

Signatures

Files

ac0171904cfed9c3a33050e4c69445d119c5abc3a1212b0b906622f84a188f36
.dll windows x86

d351feecffcb51f7048af6996dd6abe5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
GetVolumePathNamesForVolumeNameW
UnhandledExceptionFilter
GetModuleHandleA
GetConsoleMode
GetDriveTypeW
LocalReAlloc
DisableThreadLibraryCalls
GetProcessHeap
HeapAlloc
HeapFree
GetComputerNameW
GetLastError
ResetEvent
LocalFree
SetEvent
WriteFile
WriteConsoleW
GetStdHandle
GetLogicalDrives
CreateFileW
Sleep
QueryPerformanceCounter
GetComputerNameExW
IsValidCodePage
ReplaceFileA
ReadFile
VirtualProtect
VirtualAlloc
GetSystemInfo
MultiByteToWideChar
CloseHandle
FreeLibrary
DeleteCriticalSection
GetModuleHandleW
GetModuleFileNameW
SwitchToThread
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseMutex
SetLastError
FileTimeToSystemTime
ReleaseSemaphore
CreateSemaphoreW
GetSystemDefaultLangID
MapViewOfFile
WideCharToMultiByte
OutputDebugStringA
LocalAlloc
CreateEventW

user32

CreateWindowExW
SetWindowLongW
RegisterClassW

gdi32

GetBkColor
SetLayout

advapi32

OpenProcessToken
EqualSid
LookupAccountNameW
OpenSCManagerW
RegCloseKey
QueryServiceConfigW
QueryServiceStatus
CloseServiceHandle
GetTokenInformation
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
RegOpenKeyW
SetSecurityDescriptorDacl
AddAccessAllowedAce
RegOpenKeyExW
RegQueryValueExW
OpenServiceW
OpenThreadToken

ole32

CoCreateGuid
CoTaskMemFree
CLSIDFromProgID

msvcrt

iswdigit
wcstoul
malloc
exit
wcsrchr
wcscspn
memset
free
memmove
qsort
wcsspn
wcschr
bsearch

secur32

GetUserNameExW

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingW

ws2_32

WSASocketW
WSASendTo

Exports

Exports

ForThat
TheTheVersionOn

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d351feecffcb51f7048af6996dd6abe5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

msvcrt

secur32

rpcrt4

ws2_32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 38KB

.data Size: 6KB - Virtual size: 125KB

.rsrc Size: 80KB - Virtual size: 79KB

.reloc Size: 2KB - Virtual size: 876B

.text
Size: 40KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 125KB

.rsrc
Size: 80KB - Virtual size: 79KB

.reloc
Size: 2KB - Virtual size: 876B