5e7b566b0b1ee56350feddfa4283a9c14994898875f4158c98d801aba2149fd7

Sharing

Copy URL

Twitter E-mail

General

Target

5e7b566b0b1ee56350feddfa4283a9c14994898875f4158c98d801aba2149fd7
Size

957KB
MD5

08eca14a23aeec052608f618a5d343e0
SHA1

0053a3f987da0dd25ad7d3283d4cd57716733f37
SHA256

5e7b566b0b1ee56350feddfa4283a9c14994898875f4158c98d801aba2149fd7
SHA512

271bfce0a1f8d7f71b7dcdb78fa1ce8a3a7a7d0b9974db685f99cff72b61e2af6ee90952136f9e9f5e17fa69228b11b9abe42d28aafe4def9d188a060a0a5a61
SSDEEP

24576:xc5aRvH2bD5axXUXoef5WmgEXRgTft1KZL/L9GtXkNRz7q6PTZjA6as+7VDasXS:xOoUXdPuB1KZLL9GtXkNlq6xJdCVDw

Score

N/A

Malware Config

Signatures

Files

5e7b566b0b1ee56350feddfa4283a9c14994898875f4158c98d801aba2149fd7
.dll windows x86

f818b89802ec6150a98a53085906dd42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_ftol2
bsearch
memcpy_s
memmove_s
_wcsupr
qsort
_wcsrev
_wcslwr
swscanf_s
wcsncmp
wcsnlen
iswalpha
iswspace
towupper
_wcsnicmp
_vscwprintf
wcsrchr
_wcsicmp
memcpy
memset
memcmp
__CxxFrameHandler3
?terminate@@YAXXZ
_wcstoui64
_purecall
_vsnwprintf
wcstoul
memmove
wcschr
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter

kernel32

FlushFileBuffers
GetTempPathW
GetFileSizeEx
GetLastError
SetLastError
SetVolumeLabelW
ReadFileEx
EnterCriticalSection
GlobalFree
FindClose
ResetEvent
GetExitCodeThread
CreateEventW
WaitForMultipleObjects
IsDebuggerPresent
FindNextFileW
DeleteCriticalSection
CloseHandle
WriteFileEx
GetVolumeNameForVolumeMountPointW
DeleteFileW
LocalFree
GetSystemTime
SetFileAttributesW
GetVolumeInformationW
CreateThread
lstrcmpW
CompareStringW
CreateFileW
GetTimeZoneInformation
ReadFile
GetFileAttributesW
LeaveCriticalSection
FormatMessageW
InitializeCriticalSectionAndSpinCount
GetVolumePathNameW
GetPriorityClass
WriteFile
GetCurrentThread
OutputDebugStringW
SetEvent
WaitForSingleObject
CreateDirectoryW
GetSystemWindowsDirectoryW
SetFilePointerEx
MoveFileExW
SystemTimeToTzSpecificLocalTime
SetErrorMode
SetEndOfFile
VirtualQuery
WaitForMultipleObjectsEx
HeapReAlloc
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileInformationByHandle
GetModuleHandleW
CopyFileExW
DeviceIoControl
LoadLibraryExW
FreeLibrary
GetDriveTypeW
HeapAlloc
HeapFree
GetModuleHandleExW
GetProcessHeap
GetProcAddress
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter
GetFileSize
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
CreateSemaphoreExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateSemaphoreW
ReleaseSemaphore
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
RemoveDirectoryW
GetVersionExW
SetThreadIdealProcessor
GetSystemInfo
DuplicateHandle
UnlockFileEx
LockFileEx
SetFilePointer
LocalAlloc
GetOverlappedResult
GetHandleInformation
VirtualFree
VirtualAlloc
GetSystemDirectoryW
GetTickCount
InitializeCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FindFirstFileW
SetPriorityClass
GetTempFileNameW
GetFullPathNameW

ntdll

RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlImpersonateSelf
NtQueryInformationFile
NtSetSecurityObject
RtlSetControlSecurityDescriptor
NtQueryDirectoryFile
NtOpenFile
RtlCompareMemory
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlReAllocateHeap
NtCreateFile
RtlEnterCriticalSection
RtlDosPathNameToNtPathName_U
RtlAllocateHeap
RtlFreeHeap
NtSetInformationFile
NtClose
RtlNtStatusToDosError
RtlInitUnicodeString
NtShutdownSystem
RtlGetVersion
NtSetInformationThread
NtSetInformationProcess
RtlAdjustPrivilege
NtYieldExecution
RtlRaiseStatus
DbgPrintEx
RtlDowncaseUnicodeChar
NtQuerySystemInformation

advapi32

LookupPrivilegeValueW
RegCloseKey
RegEnumKeyExW
RegFlushKey
RegOpenKeyExW
RegEnumValueW
AdjustTokenPrivileges
DuplicateTokenEx
SetThreadToken
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetAclInformation
WriteEncryptedFileRaw
RevertToSelf
RegQueryValueExW
GetSecurityInfo
RegQueryInfoKeyW
RegUnLoadKeyW
RegLoadKeyW
CryptGetUserKey
InitiateSystemShutdownExW
CryptDecrypt
GetLengthSid
CryptDestroyKey
CryptGenKey
FreeSid
SetSecurityInfo
AddAccessAllowedAce
CryptEncrypt
AllocateAndInitializeSid
InitializeAcl
CryptImportKey
CryptReleaseContext
CopySid
CryptGetKeyParam
GetTokenInformation
CryptSetKeyParam
OpenThreadToken
CryptAcquireContextW
CryptExportKey
OpenProcessToken

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringLen
VariantInit
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
SysAllocString
SysFreeString
SafeArrayPutElement

rpcrt4

UuidFromStringW
I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW
UuidCreate

shlwapi

SHCreateStreamOnFileW

winhttp

WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpCrackUrl

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

Exports

Exports

CreateDlpManager
CreateDlpRegistrar
DllMain

Sections

.text
Size: 722KB - Virtual size: 721KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f818b89802ec6150a98a53085906dd42

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

ntdll

advapi32

ole32

oleaut32

rpcrt4

shlwapi

winhttp

version

Exports

Exports

Sections

.text Size: 722KB - Virtual size: 721KB

.data Size: 1KB - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 81KB - Virtual size: 84KB

.reloc Size: 35KB - Virtual size: 34KB

.text Size: 109KB - Virtual size: 112KB

.text
Size: 722KB - Virtual size: 721KB

.data
Size: 1KB - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 81KB - Virtual size: 84KB

.reloc
Size: 35KB - Virtual size: 34KB

.text
Size: 109KB - Virtual size: 112KB