bd5d59e7d9fee2b0d8389c059040370068fe1e3e24e1804c514ca332ad70da44

Sharing

Copy URL Twitter E-mail

General

Target

bd5d59e7d9fee2b0d8389c059040370068fe1e3e24e1804c514ca332ad70da44
Size

268KB
MD5

0e41e232a5a578da000abf64a89c6431
SHA1

666ed4f630ac9012d8058a7f4b2dc7b83b630408
SHA256

bd5d59e7d9fee2b0d8389c059040370068fe1e3e24e1804c514ca332ad70da44
SHA512

c28fd45e3cc6d92c0d406b3726d7c2b3dfcf481f637189073ea8d5a16d12439c141e93feb9b23e9c7f4e66e113be153f8bb452184550263c17bb174eec0c8f08
SSDEEP

6144:KpbebpzT+4gkCS2IRLOWxTJ5wZd82XzER8nP:KpbCzT+7kCnIRZU2ZRw

Score

N/A

Malware Config

Signatures

Files

bd5d59e7d9fee2b0d8389c059040370068fe1e3e24e1804c514ca332ad70da44
.dll windows x86

6911af7f6f908862be25767a0f2bab30

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
LoadLibraryExA
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceA
SetErrorMode
lstrlenA
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
GetCurrentThreadId
GetCurrentProcessId
Sleep
GetVersionExA
GetModuleHandleA
TlsFree
OpenEventA
OpenMutexA
OpenSemaphoreA
CreateEventA
CreateMutexA
CreateSemaphoreA
WaitForSingleObject
SetEvent
GetModuleFileNameW
GetVersion
WaitForMultipleObjects
CreateThread
SetWaitableTimer
VirtualProtect
TlsAlloc
ReleaseMutex
HeapFree
GetProcessHeap
HeapAlloc
FileTimeToSystemTime
CreateFileA
CreateFileW
GetFileSize
GetCPInfo
lstrcmpA
CompareStringA
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
TlsGetValue
TlsSetValue
RaiseException
ReleaseSemaphore
ResetEvent
PulseEvent
HeapCreate
HeapDestroy
HeapValidate
HeapReAlloc
HeapSize
SetLastError
CreateFileMappingA
lstrlenW
MapViewOfFile
UnmapViewOfFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualFree
VirtualAlloc
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
FindClose
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsW
lstrcpyW
ExpandEnvironmentStringsA
lstrcpyA
GetTickCount
LoadLibraryA
GetProcAddress
GetCurrentThread
GetCurrentProcess
OpenProcess
GetLastError
CreateWaitableTimerA
CloseHandle
GetSystemInfo

user32

CharUpperBuffW
wsprintfA
GetSystemMetrics
CharLowerBuffA
OemToCharBuffA
CharToOemBuffA
CharLowerBuffW
CharUpperBuffA
ExitWindowsEx

advapi32

AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
GetLengthSid
CopySid
SetThreadToken
DuplicateToken
OpenProcessToken
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
AllocateAndInitializeSid
GetTokenInformation
EqualSid
FreeSid
InitializeAcl
LookupAccountSidA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
InitializeSecurityDescriptor

ole32

CoInitialize
CoUninitialize

msvcr80

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_onexit
_lock
__dllonexit
strchr
wcschr
memset
memcpy
free
malloc
toupper
realloc
__CxxFrameHandler3
_stricmp
strstr
wcsstr
??3@YAXPAX@Z
wcstombs
_time32
memmove
strncmp
_strnicmp
srand
rand
strrchr
wcsrchr
??_V@YAXPAX@Z
??2@YAPAXI@Z
_wcslwr
strtol
strtoul
towupper
towlower
tolower
wcsncmp
_wcsicmp
_wcsupr
longjmp
_setjmp3
memcmp
sprintf
memchr
_except_handler4_common
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock

Exports

Exports

PragueLoad
PragueUnload

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6911af7f6f908862be25767a0f2bab30

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcr80

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 8KB

.text Size: 88KB - Virtual size: 88KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 88KB - Virtual size: 88KB