98e8bfb6ca4a02540cdce878c38b9617b347c3a894b928b51f14d13cdb58de34

Sharing

Copy URL Twitter E-mail

General

Target

98e8bfb6ca4a02540cdce878c38b9617b347c3a894b928b51f14d13cdb58de34
Size

111KB
MD5

51dcd6ae76b519cd237b493e0f08ba6a
SHA1

20b10e6e2bc66da1cb4231e1d7fa3271eb1b69b0
SHA256

98e8bfb6ca4a02540cdce878c38b9617b347c3a894b928b51f14d13cdb58de34
SHA512

c4c266577fde22ea8dadebc32b85de309ffb6b65adc2b81d2d169f7c032486a7af74ad3b4c9b6162a235ffe447dcac00e4873cbfbb27d3b2e4d9065ab68b9cee
SSDEEP

1536:i907smq2uwMDgLa8af2AB4uWGZkqRfXp15Fdalcd03sWjcdeWXEo/h:k04m+bDffTeupOMPd704x3

Score

N/A

Malware Config

Signatures

Files

98e8bfb6ca4a02540cdce878c38b9617b347c3a894b928b51f14d13cdb58de34
.dll windows x86

821565d6dbbf563f2ca4f97795ba21a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameA
EnumProcesses

kernel32

WaitForSingleObject
CloseHandle
CreateEventA
LoadLibraryA
SetLastError
Sleep
GetTickCount
GetCurrentThread
GetExitCodeThread
WriteFile
ReadFile
GetHandleInformation
ConnectNamedPipe
DisconnectNamedPipe
SetEvent
CreateFileA
DeleteFileA
CreateNamedPipeA
GetVersionExA
GetCurrentThreadId
FindClose
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
FindFirstFileA
FindNextFileA
ReadConsoleW
WriteConsoleW
WriteProcessMemory
ReadProcessMemory
GetLastError
GetCurrentProcess
OpenProcess
VirtualFreeEx
VirtualAllocEx
GetProcAddress
FreeLibrary
ExitThread
SetUnhandledExceptionFilter
ExitProcess
FlushFileBuffers
CreateFileW
GetTempPathA
ResumeThread
RaiseException
LoadLibraryExA
CreateRemoteThread
GetThreadId
GetModuleHandleA
CreateThread
TerminateThread
SetEnvironmentVariableA
ReleaseMutex
CreateMutexA
GetSystemTime
VirtualProtect
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetModuleFileNameW
GetTimeZoneInformation
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwind
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
CompareStringW
LCMapStringW
GetStringTypeW
SetStdHandle

user32

CharLowerA

advapi32

DuplicateToken
OpenThreadToken
ImpersonateNamedPipeClient
StartServiceA
QueryServiceStatusEx
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
EnumServicesStatusA

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0
control

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

821565d6dbbf563f2ca4f97795ba21a9

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 6KB - Virtual size: 14KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 6KB - Virtual size: 14KB

.reloc
Size: 5KB - Virtual size: 4KB