71c251c81030da5b0e12720883ca902e974839731979e012b7c3d0af859c7665

Sharing

Copy URL Twitter E-mail

General

Target

71c251c81030da5b0e12720883ca902e974839731979e012b7c3d0af859c7665
Size

286KB
MD5

0d340adc048bea85cc6c0e6ecbb82b50
SHA1

fe3d0b067005a85b730ccc7f853281702bebc381
SHA256

71c251c81030da5b0e12720883ca902e974839731979e012b7c3d0af859c7665
SHA512

f0cac8406b832b7cb9529a3b730b16f18d6a875d88fea9fe936db73cb72d19bbd0b5fcdfc9e1a9e9ccedb7e712ee3902325f69f7714f2b397fd58ce1facdb4a4
SSDEEP

6144:yUlin6gmYnhok5BmJ0/R3UxRJO2sdi5VtJLi1cCxKDxXkQznPQS:Rli6psN5Sf3W/ZxWkQLP

Score

N/A

Malware Config

Signatures

Files

71c251c81030da5b0e12720883ca902e974839731979e012b7c3d0af859c7665
.dll windows x86

e9f228f542d51ba645a748b0dd2396a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_CxxThrowException
__CxxFrameHandler3
wcsstr
memmove
wcsrchr
_vscwprintf
_vsnwprintf
wcsncmp
fputws
_wfopen
fclose
calloc
_XcptFilter
_amsg_exit
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_lock
_unlock
_wcslwr
wcspbrk
wcschr
memmove_s
_stricmp
_wcsicmp
towlower
iswctype
wcsspn
memcpy_s
realloc
free
iswspace
wcstok_s
_wcsnicmp
__dllonexit
_onexit
malloc
_except_handler4_common
memset

kernel32

EnterCriticalSection
DelayLoadFailureHook
QueryDosDeviceW
GetLogicalDriveStringsW
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
ReleaseMutex
LoadLibraryW
OpenProcess
InitializeCriticalSection
CreateMutexW
IsWow64Process
WaitForSingleObject
LoadLibraryExW
GetVersionExA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
Sleep
OutputDebugStringA
GetModuleHandleA
DeleteCriticalSection
VirtualProtect
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CopyFileExW
SetFileAttributesW
DeviceIoControl
GetFileInformationByHandle
CreateDirectoryW
lstrcmpiW
EncodePointer
FindClose
FindNextFileW
GetCurrentThreadId
GetModuleHandleExW
GetModuleFileNameW
SearchPathW
GetFileAttributesW
SetLastError
LocalAlloc
VirtualQuery
GetCurrentDirectoryW
LocalFree
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
GetProcAddress
FreeLibrary
GetModuleHandleW
GetLastError
GetCurrentProcessId
GetProcessId
TlsSetValue
ExitThread
GetProcessIdOfThread
GetThreadId
InterlockedIncrement
HeapAlloc
GetProcessHeap
InterlockedDecrement
HeapFree
GetSystemDirectoryW
GetWindowsDirectoryW
GetLongPathNameW
GetFullPathNameW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
TlsGetValue
TlsAlloc
OpenEventW
WaitForSingleObjectEx
CloseHandle
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
TerminateProcess
DecodePointer
CreateFileW
GetFileSizeEx
OutputDebugStringW
TlsFree
FindFirstFileW

api-ms-win-downlevel-shlwapi-l1-1-0

StrCmpNCW
StrCmpNICW
StrDupW
PathSkipRootW
PathIsUNCW
PathGetArgsW
StrCmpIW
PathFindFileNameW
StrCmpICW
StrCmpCW
StrCmpICA

api-ms-win-downlevel-advapi32-l1-1-0

RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

ntdll

RtlNtStatusToDosError
NtQueryObject

iertutil

ord58
ord303
ord45
ord321
ord101
ord137
ord751
ord308
ord298
ord305
ord121
ord573
ord170
ord134
ord50

Exports

Exports

AcRedirNotify
AcRedirNotifySetEnabled
AcRedirSetEnabled
IEShims_CreateWindowEx
IEShims_GetOriginatingThreadId
IEShims_InDllMainContext
IEShims_Initialize
IEShims_SetRedirectRegistryForThread
IEShims_Uninitialize

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e9f228f542d51ba645a748b0dd2396a3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

api-ms-win-downlevel-shlwapi-l1-1-0

api-ms-win-downlevel-advapi32-l1-1-0

ntdll

iertutil

Exports

Exports

Sections

.text Size: 205KB - Virtual size: 204KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 205KB - Virtual size: 204KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB

.rmnet
Size: 56KB - Virtual size: 60KB