a330e956c2b1ca5ce9929e193a20bf4db11f2a4b7944e04e612f6c1f6ebfa0ad

Sharing

Copy URL

Twitter E-mail

General

Target

a330e956c2b1ca5ce9929e193a20bf4db11f2a4b7944e04e612f6c1f6ebfa0ad
Size

2.0MB
MD5

d1ba2da66d3d9a0d847af2fee886156a
SHA1

30997f5a4413ee51a95aab3b7d20cb5524cc323a
SHA256

a330e956c2b1ca5ce9929e193a20bf4db11f2a4b7944e04e612f6c1f6ebfa0ad
SHA512

5129172b0f662c0e83ee6ff70f940876190517c1a3e8f58daa0379cb23173de08ea85e41007115e56606ca43500f817e42eedd40c1b4c9e7094e809600c01716
SSDEEP

49152:0UTKwhDqWTGbRDFZhAEsGnqJeonKW4xPJkvHyggqH:uwRlaFqJHngWHygg

Score

N/A

Malware Config

Signatures

Files

a330e956c2b1ca5ce9929e193a20bf4db11f2a4b7944e04e612f6c1f6ebfa0ad
.dll windows x86

04363f78e3a5eab7f6818100032b5759

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ReleaseMutex
CreateMutexW
GetLongPathNameW
TerminateProcess
GetExitCodeProcess
GetCurrentThread
lstrcmpW
lstrcpynW
GetStartupInfoW
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
GetStdHandle
GetVersion
GetBinaryTypeW
FileTimeToLocalFileTime
OpenMutexW
OutputDebugStringW
CreatePipe
GetCommandLineW
FormatMessageA
LoadLibraryA
GetModuleFileNameA
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
CreateThread
FormatMessageW
GetStringTypeW
GetLogicalDriveStringsW
DuplicateHandle
ReadProcessMemory
GetProcessTimes
GetVersionExW
GetSystemInfo
QueueUserWorkItem
ResetEvent
SwitchToThread
MoveFileExW
GetTickCount
WaitForMultipleObjects
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
WritePrivateProfileStringW
MoveFileW
DeleteFileW
GetFileAttributesExW
CreateFileW
GetTempFileNameW
GetTempPathW
CreateProcessW
LoadLibraryW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
SystemTimeToFileTime
FindFirstFileExA
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
WriteConsoleW
GetConsoleMode
GetConsoleCP
SetFilePointerEx
QueryPerformanceFrequency
CreateProcessA
ExitProcess
GetSystemTimeAsFileTime
GetFileTime
FlushFileBuffers
ReadFile
WriteFile
GetFileSize
Sleep
GetCurrentProcessId
GetCurrentProcess
OpenProcess
LocalFree
LocalAlloc
GetPrivateProfileStringW
CopyFileW
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
WideCharToMultiByte
SetFileAttributesW
FindNextFileW
FindFirstFileW
GetFullPathNameW
lstrlenW
FindClose
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
CloseHandle
SizeofResource
LoadResource
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetLastError
GetFileType
SetStdHandle
FindFirstFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
RtlUnwind
GetSystemWindowsDirectoryW
FreeResource
CreateDirectoryW
SetFileTime
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
DeviceIoControl
GetPrivateProfileIntW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TryEnterCriticalSection
AreFileApisANSI
HeapCreate
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetCurrentThreadId
RaiseException
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetFileAttributesW
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
GetSystemTime
QueryPerformanceCounter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
DecodePointer
CreateEventW
TlsFree
TlsSetValue
TlsGetValue
FindNextFileA
SetEvent
TlsAlloc

user32

ShowWindow
GetShellWindow
FindWindowW
PtInRect
GetMessageW
GetWindowThreadProcessId
TranslateMessage
DispatchMessageW
PeekMessageW
UnregisterClassW
SetWindowLongW
CharNextW
LoadCursorW
SetTimer
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
IsWindowVisible
PostMessageW
PostThreadMessageW
GetParent
ScreenToClient
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetAsyncKeyState
SendMessageTimeoutW
GetWindow
FindWindowExW
SendMessageW
wsprintfW
GetWindowLongW
KillTimer
DefWindowProcW
CopyRect
OffsetRect
UnionRect
EqualRect
SetCursor
DrawFocusRect
MsgWaitForMultipleObjects
CallWindowProcW
PostQuitMessage
RegisterClassExW

gdi32

DeleteObject
RestoreDC
SaveDC
SelectObject
CreateDIBSection
GetObjectW
CreateCompatibleDC
OffsetViewportOrgEx
RectVisible
SetViewportOrgEx
DeleteDC
BitBlt
CreateCompatibleBitmap

advapi32

RegCloseKey
StartServiceW
CreateServiceW
RegOpenKeyW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
EqualSid
GetTokenInformation
OpenThreadToken
GetUserNameW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
DuplicateTokenEx
LookupPrivilegeValueW
GetLengthSid
CreateWellKnownSid
AdjustTokenPrivileges
SetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
UnlockServiceDatabase
QueryServiceLockStatusW
LockServiceDatabase
DeleteService
ChangeServiceConfig2W
ChangeServiceConfigW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
ord165
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoInitializeSecurity
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUI4FromStr
VarDateFromStr
SysAllocStringLen

shlwapi

SHGetValueW
StrStrIW
StrStrIA
SHGetValueA
PathAppendW
StrCmpIW
StrTrimA
StrCmpNIW
SHSetValueA
PathFileExistsW
PathFileExistsA
PathRemoveFileSpecW
AssocQueryStringW
PathIsRootW
PathIsRelativeW
PathFindFileNameW
PathFindExtensionW
PathIsDirectoryW
PathCombineW
wnsprintfW

comctl32

_TrackMouseEvent

wtsapi32

WTSQueryUserToken

dbghelp

MakeSureDirectoryPathExists

wininet

InternetCrackUrlW
InternetGetConnectedState

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

iphlpapi

GetAdaptersInfo

gdiplus

GdipCreateFromHDC
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageWidth
GdipGetImageHeight
GdipDeleteGraphics
GdipFillRectangleI
GdipDrawImageRectRect

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Exports

Exports

CreateTrayClient
GetBrowserVisitor
GetLuaExplain
luaopen_LDSBasic

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04363f78e3a5eab7f6818100032b5759

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wtsapi32

dbghelp

wininet

psapi

version

secur32

crypt32

wintrust

iphlpapi

gdiplus

urlmon

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 287KB - Virtual size: 286KB

.data Size: 35KB - Virtual size: 45KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 65KB - Virtual size: 64KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 287KB - Virtual size: 286KB

.data
Size: 35KB - Virtual size: 45KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 65KB - Virtual size: 64KB