661494244654c7ef0c8dbaf5fe96a75b58fe30eefeb46f2bfaf837f1f71d2483

Sharing

Copy URL Twitter E-mail

General

Target

661494244654c7ef0c8dbaf5fe96a75b58fe30eefeb46f2bfaf837f1f71d2483
Size

84KB
MD5

9e0ebbb324eb25b7ffbc2861d1918c92
SHA1

2fafa63deb73e457e3d80b572ee8e0bf30797032
SHA256

661494244654c7ef0c8dbaf5fe96a75b58fe30eefeb46f2bfaf837f1f71d2483
SHA512

4aee66bf7148bb7c9642251a5498f83575f2ae18dfb771de36a09ecf7c65ea718cf8e222b9e66e76fb2b986824840a14f684f635520b50f197abba072f6b0e2e
SSDEEP

1536:r7YvlFFR6tWZ87LT0XwqK0BiQdrxKIf79ThMu:3YtB6tW0HgwqK0BieX71hM

Score

N/A

Malware Config

Signatures

Files

661494244654c7ef0c8dbaf5fe96a75b58fe30eefeb46f2bfaf837f1f71d2483
.dll windows x86

2457ad600b76cabfa54f280a61ea6c21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
InterlockedCompareExchange
GetCurrentProcessId
VirtualQuery
lstrlenW
InterlockedDecrement
VirtualProtect
GetVersion
MoveFileExA
GetLocalTime
GetVolumeInformationW
GetLargestConsoleWindowSize
AddRefActCtx
BackupWrite
FindNextFileW
GetDiskFreeSpaceW
GetLocaleInfoW
CreateEventA
ChangeTimerQueueTimer
GlobalFlags
FindNextVolumeW
HeapUnlock
CreateJobObjectW
WriteConsoleInputA
GetShortPathNameA
GetCurrentDirectoryW
GlobalAlloc
SuspendThread
SetLocalTime
GetLogicalDriveStringsW
InitializeCriticalSection
GetNumberFormatA
GetProfileIntW
GetVolumeNameForVolumeMountPointW
RegisterWaitForSingleObject
CopyFileW
PurgeComm
GetComputerNameA
GetHandleInformation
IsBadReadPtr
OpenEventW
HeapDestroy
CancelWaitableTimer
IsProcessorFeaturePresent
SetFileApisToOEM
WriteConsoleA
ReleaseSemaphore
FindCloseChangeNotification
CreateRemoteThread
SetComputerNameA
SetEnvironmentVariableW
FindFirstVolumeW
SetCommMask
ActivateActCtx
RaiseException
GetAtomNameA
LocalFlags
SetConsoleCursorPosition
GetCurrentProcess
GetTempPathW
GetSystemDefaultLangID
SetCommBreak
OpenFile
GetModuleFileNameW
GetCommConfig
WriteConsoleW
GlobalFindAtomA
LockFile
GetDiskFreeSpaceA
CreateWaitableTimerW
VerifyVersionInfoA
SetCurrentDirectoryA
SwitchToThread
AddAtomA
WriteFile
GetTickCount
InterlockedExchange
CreateDirectoryA
CreateFileMappingA
GetSystemDirectoryA
GetVolumeInformationA
LoadLibraryA
SetLastError
GetLastError
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
CreateMutexA
CloseHandle
GetModuleHandleA
GetProcAddress
MapViewOfFile
CreateFileA
InterlockedIncrement
HeapCompact
HeapAlloc

ole32

CoAllowSetForegroundWindow
CoGetObjectContext
CreateOleAdviseHolder
OleRun
CoRegisterMessageFilter
OleGetAutoConvert
StgIsStorageFile
OleLoad
OleRegGetUserType
CoGetMalloc
CoUnmarshalInterface
CreateItemMoniker
OleDestroyMenuDescriptor
OleLockRunning
CoInitialize
CoTaskMemFree

user32

GetWindowRgn
GetNextDlgTabItem
EnumDisplaySettingsA
SetRect
InvertRect
CreateWindowExW
FrameRect
ClientToScreen
OpenIcon
CharToOemA
ReleaseDC
GetDC
ShowScrollBar
GetUserObjectInformationW
GetScrollRange
FindWindowExA
GetLastActivePopup
GetShellWindow
CharNextA
GetMessageTime
TrackMouseEvent
DrawStateA
IsChild
PostThreadMessageA
GetWindowTextA
CharUpperA
DrawTextExW
GetMenuItemCount
InsertMenuItemA
SetCaretPos
NotifyWinEvent
WaitMessage
IsWindowVisible
CopyImage
VkKeyScanW
GetDialogBaseUnits
GetCursor
DefFrameProcA
PostThreadMessageW
TrackPopupMenu
MessageBoxIndirectW
SwitchToThisWindow
GetInputState
SetCapture
RegisterHotKey
IsDlgButtonChecked
GetSystemMenu
IsMenu
GetWindowPlacement
IsCharAlphaNumericA
MapVirtualKeyW
CheckMenuRadioItem
IsDialogMessageW
WindowFromDC
ToAsciiEx
MapDialogRect
DrawIcon
OemToCharA
ToUnicodeEx
GetCaretPos
SetRectEmpty
CreateAcceleratorTableA
GetWindowDC
CharPrevA
PtInRect
SetCursor
GetCaretBlinkTime
PostQuitMessage
UnhookWinEvent
CallNextHookEx
DestroyCursor
RegisterWindowMessageA
GetWindowThreadProcessId
FindWindowA
KillTimer
CreateWindowExA
SetWinEventHook
UnhookWindowsHookEx
DispatchMessageA
GetMessageA
TranslateMessage
DestroyWindow
RegisterClassExA
SendMessageA
SetTimer
GetClassNameA
DefWindowProcA

shlwapi

UrlCanonicalizeW
SHRegGetValueW
SHGetValueW
StrToIntW
StrChrA
StrDupW
PathIsUNCServerShareW
PathAddBackslashA
StrCpyNW
PathMatchSpecW
AssocQueryStringW
wvnsprintfW
StrNCatW
PathUndecorateW
PathFindFileNameW
UrlCombineW
SHStrDupW
StrStrIW
UrlUnescapeW
PathStripPathW

advapi32

RegSetValueExA
ChangeServiceConfig2W
RegOpenKeyA
CredFree
StartServiceA
CredWriteW
CredGetSessionTypes
GetServiceKeyNameW
RegOpenKeyW
RegSetValueW
SaferSetLevelInformation
CredReadW
CreateProcessAsUserW
ImpersonateLoggedOnUser
RegOpenKeyExA
RegDeleteValueA
SetSecurityInfo
RegCloseKey
RegCreateKeyExA
GetUserNameA
ImpersonateSelf

shell32

CommandLineToArgvW
SHAddToRecentDocs
SHBrowseForFolderW
SHCreateDirectoryExW
SHOpenFolderAndSelectItems
SHGetSettings
SHGetMalloc
SHGetFolderLocation
SHGetFolderPathA

Exports

Exports

Asynccrt3xx

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2457ad600b76cabfa54f280a61ea6c21

Headers

File Characteristics

Imports

kernel32

ole32

user32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB