405d28384bc087743a2bc37694cd995684de5d315c32499ed4abc9bdc9d598f9

Sharing

Copy URL Twitter E-mail

General

Target

405d28384bc087743a2bc37694cd995684de5d315c32499ed4abc9bdc9d598f9
Size

90KB
MD5

884af986ffd0f2b13866d11dac4af143
SHA1

4a82cde90ccd6b2ae2511d8d2754db170df71814
SHA256

405d28384bc087743a2bc37694cd995684de5d315c32499ed4abc9bdc9d598f9
SHA512

095cc3ee9a54af85f515b06e8fbd7e94fbcf20fb8b67c2c53e43c548f2b325ea14505cba5d37bb067665d7cd3cb87e422df0acd0dc508ec2bc637f3d758f1214
SSDEEP

1536:UL5wkzZM/OF0+lLHl72C/0JDpn4B8nq3ZLtnfpFFtXMCW:MLZIS0+ZHlaCMJD5PMZLtnf7DMCW

Score

N/A

Malware Config

Signatures

Files

405d28384bc087743a2bc37694cd995684de5d315c32499ed4abc9bdc9d598f9
.dll windows x86

d9e918548ef75d99144ad07522bbf694

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

MD5Init
MD5Update
MD5Final
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
CryptImportKey
CryptDestroyKey
CryptHashData
CryptSignHashW
CryptDestroyHash
CreateProcessAsUserA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo

cabinet

ord23
ord22
ord20

ntdll

RtlEqualUnicodeString
RtlAdjustPrivilege
ZwSetInformationToken
ZwDuplicateToken
ZwAdjustPrivilegesToken
ZwOpenProcessToken
RtlInitUnicodeString
ZwQueryVolumeInformationFile
qsort
RtlImageNtHeader
ZwAlertThread
strchr
_wcsicmp
_wcslwr
wcsstr
wcschr
RtlRemoveVectoredExceptionHandler
RtlAddVectoredExceptionHandler
sscanf
RtlGetFrame
RtlPushFrame
RtlPopFrame
strtoul
RtlIpv4AddressToStringA
RtlReleasePebLock
RtlAcquirePebLock
_strlwr
ZwWaitForSingleObject
ZwDelayExecution
_snprintf
ZwSetSystemPowerState
ZwCreateEventPair
ZwSetHighWaitLowEventPair
ZwWaitHighEventPair
ZwSetLowEventPair
RtlComputeCrc32
strstr
strncpy
_stricmp
ZwSetEvent
ZwUnmapViewOfSection
ZwOpenEvent
ZwOpenSection
ZwMapViewOfSection
ZwCreateEvent
ZwCreateSection
vsprintf
ZwQueryInformationProcess
RtlTimeToSecondsSince1970
RtlTimeToSecondsSince1980
ZwQueryInformationToken
RtlRandom
RtlImageDirectoryEntryToData
RtlExitUserThread
RtlIpv4StringToAddressA
RtlNtStatusToDosError
strpbrk
_strnicmp
_wcsnicmp
strrchr
wcsrchr
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
memcpy
memset
ZwQuerySystemInformation
ZwSetEaFile
ZwQueryEaFile
ZwClose
RtlFreeUnicodeString
ZwOpenFile
RtlDosPathNameToNtPathName_U
swprintf
sprintf
_allmul

ws2_32

setsockopt
WSASend
WSASendTo
WSARecvFrom
WSAStartup
shutdown
WSASocketA
WSAIoctl
listen
bind
getsockname
WSASocketW
WSAGetLastError
closesocket
WSARecv

shlwapi

PathFileExistsA
PathRemoveBackslashA
SHRegCreateUSKeyA
SHRegCloseUSKey
SHSetValueA
PathRemoveBackslashW
StrStrIA
PathFindFileNameA
PathRemoveExtensionA
SHGetValueA

urlmon

ObtainUserAgentString
CoInternetSetFeatureEnabled
CreateURLMonikerEx
UrlMkSetSessionOption

kernel32

SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LocalFree
GetVersionExA
GetLocaleInfoA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
ReleaseMutex
CreateMutexA
WaitForSingleObject
CreateWaitableTimerA
SetWaitableTimer
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
SetUnhandledExceptionFilter
GetCommandLineA
GetModuleFileNameA
OpenProcess
ExpandEnvironmentStringsW
FindClose
FindNextFileW
FindFirstFileW
ReadFile
GetFileSize
DeleteFileA
WaitForMultipleObjects
SetInformationJobObject
CreateJobObjectW
FlushFileBuffers
SetEndOfFile
WriteFile
CreateFileA
GetTempPathA
AssignProcessToJobObject
FreeLibrary
MultiByteToWideChar
CreateThread
Sleep
VirtualProtect
GetTickCount
GetSystemInfo
GetProcAddress
CloseHandle
TerminateProcess
ResumeThread
SetThreadContext
GetThreadContext
WriteProcessMemory
VirtualAllocEx
CreateProcessA
LoadLibraryA
ExitProcess
VirtualAlloc
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetSystemTimeAsFileTime
GetLastError
BindIoCompletionCallback
VirtualFree

user32

ExitWindowsEx
PostMessageW
SetTimer
DestroyWindow
PostQuitMessage
KillTimer
DefWindowProcW
RegisterClassW
CreateWindowExW
GetMessageW
GetClassNameW
TranslateMessage
DispatchMessageW
UnregisterClassW
GetClientRect
ChildWindowFromPoint
wsprintfW
SendMessageW
GetSystemMetrics

ole32

CreateBindCtx
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
CoTaskMemAlloc

shell32

ShellExecuteA
SHFileOperationW

secur32

InitializeSecurityContextW
AcceptSecurityContext
AcquireCredentialsHandleW
FreeCredentialsHandle
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
QueryContextAttributesW
DecryptMessage

crypt32

CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CryptEncodeObject
CryptExportPublicKeyInfo
CryptDecodeObject
CertDuplicateCertificateContext
CertGetCertificateChain
CertSetCertificateContextProperty
CertCreateCertificateContext
CryptSignAndEncodeCertificate

wintrust

WinVerifyTrust

mswsock

AcceptEx

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9e918548ef75d99144ad07522bbf694

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

cabinet

ntdll

ws2_32

shlwapi

urlmon

kernel32

user32

ole32

shell32

secur32

crypt32

wintrust

mswsock

oleaut32

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 10KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 224B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 10KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 224B

.reloc
Size: 5KB - Virtual size: 5KB