ba9811b43d2bb45c0b7f17c6618d1506d52bc18e22a7c3b5917d64ded87576f4

Sharing

Copy URL Twitter E-mail

General

Target

ba9811b43d2bb45c0b7f17c6618d1506d52bc18e22a7c3b5917d64ded87576f4
Size

160KB
MD5

057e09d3f801baffbcf3bb3919f13fa0
SHA1

f1d14c7043004589ca23af50cfe0e63357bf9d9a
SHA256

ba9811b43d2bb45c0b7f17c6618d1506d52bc18e22a7c3b5917d64ded87576f4
SHA512

7e64bb1f2b0d1790d86bd9dc45d5112a698b1d7cecc266fa9e153fa7dba92bb6b8cd6f3e270d5972c7f8161d35c6a418d2284d7ccae929322a60697764aefe96
SSDEEP

3072:kFP+Cab4C3g3ESGo/KMz7OZOj+IH+M2zwusa/YY2LoNeqPRr96fP:KL72Ojvefz9savtNe4Z8P

Score

N/A

Malware Config

Signatures

Files

ba9811b43d2bb45c0b7f17c6618d1506d52bc18e22a7c3b5917d64ded87576f4
.dll windows x86

7bfe681fb80f0ad5a0bc875a0634a287

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
InterlockedIncrement
GetModuleFileNameW
GetProcAddress
lstrcpynW
lstrlenW
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
GetFileAttributesW
GetCurrentThreadId
Sleep
SetEvent
WideCharToMultiByte
CreateEventW
CloseHandle
ResetEvent
WriteFile
GetLocalTime
GetLastError
CreateFileW
MoveFileW
TerminateThread
GetTickCount
IsBadReadPtr
InterlockedDecrement
WaitForSingleObject
EnterCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoLoadLibrary
CoFreeLibrary
IIDFromString
CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream

oleaut32

SysFreeString
SysAllocStringByteLen

msvcp80

?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z

msvcr80

memcpy
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
memmove_s
_wsplitpath_s
wcsncat_s
towlower
_getpid
rand
srand
strncpy_s
_time64
_beginthreadex
_snwprintf
wcscpy_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_CxxThrowException
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
memset
__CxxFrameHandler3

shlwapi

wnsprintfW

wininet

HttpQueryInfoW
HttpOpenRequestW
InternetCrackUrlW
InternetReadFile
InternetOpenW
HttpSendRequestW
InternetCloseHandle
InternetConnectW

sensapi

IsNetworkAlive

Exports

Exports

CreateDownloader
DllCanUnloadNow
DllGetClassCount
DllGetClassInfo
DllGetClassObject
ReleaseDownloader

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7bfe681fb80f0ad5a0bc875a0634a287

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcp80

msvcr80

shlwapi

wininet

sensapi

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text Size: 72KB - Virtual size: 72KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 72KB