2e0672c4d8d7b4e10a4e3bcaa87510c0c77255ff04ae3368310cf624e95febba

Sharing

Copy URL Twitter E-mail

General

Target

2e0672c4d8d7b4e10a4e3bcaa87510c0c77255ff04ae3368310cf624e95febba
Size

319KB
MD5

912aabe4a815d90afd4af6788f630f2a
SHA1

7621ffb7c157818aebfe1b95d363f6ee0867378c
SHA256

2e0672c4d8d7b4e10a4e3bcaa87510c0c77255ff04ae3368310cf624e95febba
SHA512

72ed60baf3eb4d3fb58b36b0d2f35a32312e510bd9ccbdd427ac2b8c4141dba3318c3ae304c4dde807d1ec00b63dbc45735d85fa9f71b7b916450ac3fe36cbaa
SSDEEP

6144:H9uLRNaFnxyidtru4FXUPsGCtCleOS1fEPxAPNenEBF:H9uLRNib8sXUPzl3wEPx2NE

Score

N/A

Malware Config

Signatures

Files

2e0672c4d8d7b4e10a4e3bcaa87510c0c77255ff04ae3368310cf624e95febba
.dll windows x86

66dd4cd47a25ca4dda9367864f4c1913

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringW
WriteFile
WideCharToMultiByte
CreateProcessA
TerminateProcess
MultiByteToWideChar
lstrlenW
WaitForSingleObject
GetLastError
GetProcAddress
GetPrivateProfileStringA
LoadLibraryA
GetModuleFileNameA
OutputDebugStringA
CloseHandle
FreeLibrary
VirtualQuery
CreateDirectoryA
CreateFileA
SetEndOfFile
CreateFileW
SetStdHandle
HeapReAlloc
GetConsoleCP
FlushFileBuffers
LoadLibraryExW
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
ReadFile
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
RtlUnwind
RaiseException
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
AreFileApisANSI
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
GetConsoleMode
ReadConsoleW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteExA
SHGetPathFromIDListA
SHGetFolderLocation

shlwapi

PathRemoveFileSpecA
PathFileExistsA
PathStripPathA
PathIsDirectoryA
PathAddBackslashA
StrCpyW

aqhttp

AQHTTP_Get
AQHTTP_DownloadFile
AQHTTP_Free

Exports

Exports

FixFromConfig
ParseConfig
SetCallbackProc
UpdateConfig

Sections

.text
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

66dd4cd47a25ca4dda9367864f4c1913

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

aqhttp

Exports

Exports

Sections

.text Size: 195KB - Virtual size: 195KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 11KB - Virtual size: 10KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 195KB - Virtual size: 195KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 11KB - Virtual size: 10KB

.rmnet
Size: 56KB - Virtual size: 60KB