5874850a5ce0d319c82acea596b8ee210a44ad2b9c392c4e5bb91d1d03872443

Sharing

Copy URL Twitter E-mail

General

Target

5874850a5ce0d319c82acea596b8ee210a44ad2b9c392c4e5bb91d1d03872443
Size

99KB
MD5

289b8bfbb451004536f3a9e85656d451
SHA1

3fe898b9164038a88fd351819e2986017e9f563b
SHA256

5874850a5ce0d319c82acea596b8ee210a44ad2b9c392c4e5bb91d1d03872443
SHA512

c6c26cd71856b95c3f08cc0ee12dd2d3fa6e4ff8f7edcd44c995a695fa2a718747c5da0629711320c3327d03f6f39f0197988f9a6f2453bbb08b0af84d51d040
SSDEEP

3072:cT93OLvzFMIw67PgjbxYLu1yjJ9NjGBDOa9p:+93OLvzSeWxYLueJ9NaMa9p

Score

N/A

Malware Config

Signatures

Files

5874850a5ce0d319c82acea596b8ee210a44ad2b9c392c4e5bb91d1d03872443
.dll windows x86

a8275c371fb37c30d71dcce9ec9b6107

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
ioctlsocket
select
WSAGetLastError
connect
htons
socket
send
gethostbyname
recv
shutdown
__WSAFDIsSet
inet_addr
sendto
closesocket

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

urlmon

ObtainUserAgentString

kernel32

LoadLibraryA
DeleteCriticalSection
GetVersionExA
CloseHandle
GetTempPathA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleExA
SetEvent
Sleep
CreateEventA
ResetEvent
GetModuleFileNameA
CreateThread
GetTickCount
VirtualProtect
MoveFileExA
GetTempFileNameA
GetEnvironmentVariableA
CopyFileA
SetFileAttributesA
OpenEventA
CreateRemoteThread
VirtualAllocEx
GetCurrentProcessId
WriteProcessMemory
WaitNamedPipeA
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
CreateNamedPipeA
SetNamedPipeHandleState
WaitForMultipleObjects
GetProcAddress
GetLastError
IsBadWritePtr
CreateProcessA
OpenProcess
InitializeCriticalSection
WriteFile
WaitForSingleObject
FreeLibrary
CreateFileA
lstrcpyA
lstrcmpiA
lstrcatA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
CreateEventW
lstrcmpA
GetComputerNameExA
GetLocalTime
MultiByteToWideChar
lstrlenW
lstrcatW
lstrcpynA
FlushInstructionCache
GetModuleHandleA
GetCurrentProcess
WideCharToMultiByte
lstrcpyW
GetSystemDirectoryA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
RegOpenKeyW
RegCreateKeyW
OpenProcessToken
CryptExportKey
RegDeleteValueA
CryptAcquireContextW
RegOpenKeyA
InitializeSecurityDescriptor
RegSetValueExA
CheckTokenMembership
CryptReleaseContext
CryptImportKey
CryptEncrypt
FreeSid
AllocateAndInitializeSid
RegCloseKey
RegEnumKeyA
RegCreateKeyExA
RegQueryValueExA
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptGenKey
CryptCreateHash
CryptGetHashParam

wininet

HttpOpenRequestW
HttpAddRequestHeadersA
HttpSendRequestW
InternetTimeFromSystemTimeA
HttpSendRequestA
InternetOpenA
InternetConnectW
InternetReadFile
InternetOpenW
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA
InternetCrackUrlW
InternetCloseHandle

dnsapi

DnsFree
DnsQuery_A

ole32

OleUninitialize
OleInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

Exports

Exports

Init

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8275c371fb37c30d71dcce9ec9b6107

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

psapi

crypt32

urlmon

kernel32

advapi32

wininet

dnsapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 9KB - Virtual size: 82KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 9KB - Virtual size: 82KB

.reloc
Size: 5KB - Virtual size: 4KB