604c3f6d608df74c2e76cb3fa4f21c359f6f49617512b3879fcd0431eb3d75eb

Sharing

Copy URL Twitter E-mail

General

Target

604c3f6d608df74c2e76cb3fa4f21c359f6f49617512b3879fcd0431eb3d75eb
Size

1020KB
MD5

0fbbfc6dea4979d69221a75ecd172cc0
SHA1

dc61cacec7a3ce73fb2146589d7ac720dc97f2d9
SHA256

604c3f6d608df74c2e76cb3fa4f21c359f6f49617512b3879fcd0431eb3d75eb
SHA512

6233721098ebc188eb8800a3877447679cb75106d7c8eea0d2c4466fa646d97bf044915bd08fa3dae75c8ba2bbdd9f58bbf9867857fd5484727d49855c39909d
SSDEEP

24576:eipFXnTPLVQ7HMaDk6HMM8IiFXlelVLIBqK:hXTPLVaMaDjCplLB

Score

N/A

Malware Config

Signatures

Files

604c3f6d608df74c2e76cb3fa4f21c359f6f49617512b3879fcd0431eb3d75eb
.dll windows x86

1ddd4b01e0d55642fcc1538421f50f7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
InitializeCriticalSection
GlobalAlloc
MulDiv
lstrcmpW
GlobalUnlock
FlushInstructionCache
RaiseException
GetLastError
SetLastError
DeleteCriticalSection
GetCurrentThreadId
lstrlenA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
GetCurrentProcess
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
Sleep
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
CloseHandle
CreateEventW
ResetEvent
EnterCriticalSection
lstrlenW
GetModuleFileNameW
LeaveCriticalSection
LCMapStringA
SetEvent
GetStdHandle
WriteFile
HeapReAlloc
HeapDestroy
HeapCreate
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleA
InterlockedCompareExchange

user32

ScreenToClient
UnregisterClassA
MoveWindow
GetWindow
DefWindowProcW
CallWindowProcW
UpdateWindow
SendMessageW
IsWindowVisible
ReleaseCapture
CreateWindowExW
IsWindow
ShowWindow
SetLayeredWindowAttributes
GetCursorPos
SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
SetWindowLongW
GetDlgItem
ReleaseDC
GetClassNameW
GetWindowLongW
InvalidateRect
RegisterClassExW
GetDC
GetClassInfoExW
BeginPaint
GetWindowTextLengthW
GetMessageW
RegisterWindowMessageW
TranslateMessage
GetWindowTextW
MonitorFromWindow
MapWindowPoints
SetFocus
GetMonitorInfoW
DispatchMessageW
EndPaint
ClientToScreen
DestroyWindow
UpdateLayeredWindow
DestroyAcceleratorTable
SetWindowTextW
GetWindowRect
CharNextW
FillRect
IsChild
SetCapture
PostMessageW
GetFocus
GetParent
InvalidateRgn
LoadCursorW
GetClientRect
CreateAcceleratorTableW

gdi32

DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush
BitBlt

ole32

OleUninitialize
OleInitialize
CoInitialize
CoTaskMemAlloc
CoGetClassObject
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoCreateInstance

oleaut32

OleCreateFontIndirect
SysAllocStringLen
SysAllocString
SysFreeString
DispCallFunc
SysStringLen
VariantClear
LoadTypeLi
VariantInit
LoadRegTypeLi
VarBstrCmp

shlwapi

PathFindFileNameW

gdiplus

GdipCloneBrush
GdipAlloc
GdipDisposeImage
GdipDeleteBrush
GdipFree
GdipDeletePath
GdipCreateHBITMAPFromBitmap
GdipFillPath
GdipCloneImage
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipSetPathGradientPresetBlend
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipSetClipRectI
GdipCreatePathGradientFromPath
GdipGetImageGraphicsContext
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI

Exports

Exports

CreateInstance

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 790KB - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ddd4b01e0d55642fcc1538421f50f7e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

shlwapi

gdiplus

Exports

Exports

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 790KB - Virtual size: 789KB

.reloc Size: 16KB - Virtual size: 15KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 790KB - Virtual size: 789KB

.reloc
Size: 16KB - Virtual size: 15KB

.rmnet
Size: 56KB - Virtual size: 60KB