6eaada25ea1a4c45ca4de64ac7c7e8d370ed80156042f96f2acf88bdcbe40110

Sharing

Copy URL

Twitter E-mail

General

Target

6eaada25ea1a4c45ca4de64ac7c7e8d370ed80156042f96f2acf88bdcbe40110
Size

44KB
MD5

23143d5c21c16c305bc34616ada28d60
SHA1

7c9f86270e02b89fbc8a1722b0cff9978a9b7f6a
SHA256

6eaada25ea1a4c45ca4de64ac7c7e8d370ed80156042f96f2acf88bdcbe40110
SHA512

763a2a63773fc749de7d23d49984a12a48bc1da74ec66670bc6c0d9a2ca37f49b12ff8bdc0ed41a7466a71771e03d79af6283eade25e319380589d8242a10638
SSDEEP

768:ecMOUIHUKtTRulWDHcZ1Rj9KbpVSYWBBBRtfVBPX0pdG/YdX1f1/KbXJ:e2jt4lWu1JobpVVWBB7tfryFybJ

Score

N/A

Malware Config

Signatures

Files

6eaada25ea1a4c45ca4de64ac7c7e8d370ed80156042f96f2acf88bdcbe40110
.dll windows x86

c6650bbc554f20870c5556fe78410234

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

shlwapi

StrCmpW

imm32

ImmGetContext

psapi

GetModuleFileNameExA

ole32

CreateStreamOnHGlobal

avicap32

capCreateCaptureWindowA

winmm

waveInStop

shell32

ShellExecuteA

msvcrt

free

user32

IsWindow

advapi32

RegCloseKey

gdi32

BitBlt

ws2_32

listen

Exports

Exports

guocyok888
DoService
ServiceMain

Sections

.guoc
Size: 24KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocy
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guoc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

guocy
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocy
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edrftg
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocyok
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c6650bbc554f20870c5556fe78410234

Headers

File Characteristics

Imports

kernel32

shlwapi

imm32

psapi

ole32

avicap32

winmm

shell32

msvcrt

user32

advapi32

gdi32

ws2_32

Exports

Exports

Sections

.guoc Size: 24KB - Virtual size: 67KB

.guocy Size: 1024B - Virtual size: 7KB

.guoc Size: 1024B - Virtual size: 1KB

guocy Size: - Virtual size: 4KB

.guocy Size: 3KB - Virtual size: 3KB

.rsrc Size: - Virtual size: 4KB

.edrftg Size: 2KB - Virtual size: 3KB

.guocyok Size: 3KB - Virtual size: 4KB

.guoc
Size: 24KB - Virtual size: 67KB

.guocy
Size: 1024B - Virtual size: 7KB

.guoc
Size: 1024B - Virtual size: 1KB

guocy
Size: - Virtual size: 4KB

.guocy
Size: 3KB - Virtual size: 3KB

.rsrc
Size: - Virtual size: 4KB

.edrftg
Size: 2KB - Virtual size: 3KB

.guocyok
Size: 3KB - Virtual size: 4KB