ac4b470c6e1e4b219c0b313a2a0306618e893f7c8099c5491d3fc98e88562e7c

Sharing

Copy URL

Twitter E-mail

General

Target

ac4b470c6e1e4b219c0b313a2a0306618e893f7c8099c5491d3fc98e88562e7c
Size

1.1MB
MD5

a13071370c89934af72d7b26fea48714
SHA1

0fd6f94b323e498089cdc2dbb537b0faf80a4b4d
SHA256

ac4b470c6e1e4b219c0b313a2a0306618e893f7c8099c5491d3fc98e88562e7c
SHA512

9e025116f0e671ea3c857776ada9f07498d70fd8bf856db297fe58134c7f3f0c8fde41e457a117beb784bea8b602f6fb2c84d6f9d647f222d0404a828f093d2d
SSDEEP

24576:abdXhl3mkzyA+kNL5C8WoZL9FBaKvh2awxVD2:a5r3mkS85C8WMLVaUwxA

Score

N/A

Malware Config

Signatures

Files

ac4b470c6e1e4b219c0b313a2a0306618e893f7c8099c5491d3fc98e88562e7c
.dll windows x86

2c82d1a19812db1467f92cfe02bd1870

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??0exception@@QAE@ABQBD@Z
wcscat_s
swprintf_s
_ftol2_sse
_vsnprintf
_CxxThrowException
_ftol2
_vsnwprintf
__CxxFrameHandler3
sprintf_s
__RTDynamicCast
memset
memmove_s
wcscpy_s
_resetstkoflw
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
memcpy
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
??1type_info@@UAE@XZ
_amsg_exit
_initterm
vswprintf_s
rand_s
_wtol
_wcsicmp
_strupr
_XcptFilter
_callnewh
??0exception@@QAE@ABV0@@Z
towlower
iswdigit
iswxdigit
memcpy_s
free
_wcsdup
malloc

ntdll

RtlNtStatusToDosError
WinSqmAddToStream
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwTraceMessage

api-ms-win-core-localregistry-l1-1-0

RegGetValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

FindResourceExW
FormatMessageW
HeapAlloc
GetProcessHeap
HeapFree
DeleteFileW
CreateDirectoryW
GlobalAlloc
GetSystemDirectoryW
GetFileSizeEx
MulDiv
HeapDestroy
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
GetTickCount64
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
DisableThreadLibraryCalls
HeapReAlloc
CreateThread
FreeLibrary
GetSystemWow64DirectoryW
SizeofResource
LoadResource
FindResourceW
GetVersionExA
InterlockedExchange
WideCharToMultiByte
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalFree
ResetEvent
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GetFileMUIPath
GetUserDefaultLocaleName
SetEnvironmentVariableW
GetFileSize
ReadFile
GetTempPathW
GetTempFileNameW
WriteFile
CreateProcessW
ExpandEnvironmentStringsW
LockResource
HeapSize
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDriveTypeW
GetDiskFreeSpaceExW
GetVolumeInformationW
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetVolumePathNamesForVolumeNameW
CreateFileW
DeviceIoControl
GlobalFree
CreateEventW
GetComputerNameW
lstrcmpW
CopyFileW
MultiByteToWideChar
MoveFileW
LoadLibraryA
CloseHandle

rpcrt4

NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllGetClassObject
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate

user32

SetForegroundWindow
GetParent
IsWindowVisible
SetPropW
RemovePropW
GetPropW
KillTimer
PostMessageW
SetWindowLongW
InvalidateRect
GetSysColor
UpdateWindow
GetAncestor
ChangeWindowMessageFilterEx
RegisterWindowMessageW
MessageBoxW
SystemParametersInfoW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
DestroyIcon
GetWindowLongW
DrawFocusRect
IntersectRect
InflateRect
SetRect
TrackMouseEvent
EndPaint
BeginPaint
FillRect
SetWindowPos
ReleaseDC
SetDlgItemTextW
GetDlgItem
SetTimer
SendMessageW
ShowWindow
SetWindowTextW
SetFocus
LoadStringW
GetWindowRect
LoadImageW
GetWindowTextW
UnregisterClassA
GetClientRect
GetSystemMetrics
GetDC
GetWindowTextLengthW
EnableWindow

ole32

CoTaskMemFree
CoCreateGuid
CoWaitForMultipleHandles
CoInitialize
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
CoGetObject
StringFromGUID2
CoCreateInstance
IIDFromString

oleaut32

BSTR_UserFree
VariantClear
BSTR_UserSize
SysFreeString
SysAllocString
VariantInit
BSTR_UserUnmarshal
BSTR_UserMarshal

wlanapi

WlanScan
WlanOpenHandle
WlanHostedNetworkQueryStatus
WlanHostedNetworkQueryProperty
WlanFreeMemory
WlanCloseHandle
WlanQueryInterface
WlanConnect
WlanGetNetworkBssList
WlanReasonCodeToString
WlanEnumInterfaces
WlanGetAvailableNetworkList
WlanRegisterNotification
WlanDisconnect
WlanSetProfile
WlanGetProfileList
WlanGetProfile

bcrypt

BCryptCreateHash
BCryptDestroyHash
BCryptFinishHash
BCryptGetProperty
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

shell32

SHGetDesktopFolder
SHGetFolderPathW
SHBindToParent
ord155
SHGetKnownFolderPath

gdi32

EndDoc
GetObjectW
SelectObject
DeleteObject
GetTextExtentPoint32W
EndPage
TextOutW
GetTextMetricsW
GdiAlphaBlend
CreateCompatibleDC
CreateDIBSection
BitBlt
CreateFontIndirectW
CreateFontW
SetTextColor
DeleteDC
CreateSolidBrush
SetBkColor
GetDeviceCaps
StartDocW
StartPage

wlanhlp

WlanParseProfileXmlBasicSettings
WlanGenerateProfileXmlBasicSettings

wlanutil

WlanStringToSsid
WlanSsidToDisplayName

xmllite

CreateXmlReader

crypt32

CryptProtectData
CryptUnprotectData

uxtheme

SetWindowTheme
CloseThemeData
DrawThemeBackground
GetThemeMetric
DrawThemeParentBackground
OpenThemeData
IsAppThemed

shlwapi

StrRetToBufW
PathFileExistsW

windowscodecs

WICCreateImagingFactory_Proxy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
LaunchWriteToUSBWizard
RunWcnWizardForDeviceW

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 194KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 670KB - Virtual size: 670KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c82d1a19812db1467f92cfe02bd1870

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

kernel32

rpcrt4

user32

ole32

oleaut32

wlanapi

bcrypt

shell32

gdi32

wlanhlp

wlanutil

xmllite

crypt32

uxtheme

shlwapi

windowscodecs

Exports

Exports

Sections

.text Size: 249KB - Virtual size: 249KB

.orpc Size: 512B - Virtual size: 193B

.data Size: 194KB - Virtual size: 195KB

.rsrc Size: 670KB - Virtual size: 670KB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 249KB - Virtual size: 249KB

.orpc
Size: 512B - Virtual size: 193B

.data
Size: 194KB - Virtual size: 195KB

.rsrc
Size: 670KB - Virtual size: 670KB

.reloc
Size: 27KB - Virtual size: 26KB