ed0cbb1c37b4ebb9e8261f5c783ae5fc82f4394324a24967aeec9f9a8179ca3f

Sharing

Copy URL

Twitter E-mail

General

Target

ed0cbb1c37b4ebb9e8261f5c783ae5fc82f4394324a24967aeec9f9a8179ca3f
Size

159KB
MD5

0ccfbcc67c84014ac8f67565b69e6590
SHA1

d1a95ebefd40245dcc54f728d1b9bd38db0546cd
SHA256

ed0cbb1c37b4ebb9e8261f5c783ae5fc82f4394324a24967aeec9f9a8179ca3f
SHA512

195b2902c5cb9d9c0b41045f1f26d531db4b6400205b758c12e108a397b76416c19bdb3ff5bc26d62bbcd470d80cb6dd6608229544285c063c3e77df30cde91d
SSDEEP

3072:AVlGRgdcvLXNc+mh4amow4w9JTd9+sbyQWKsOf8HxSGTJ859uNiXPRTVW:VbNnmaamN91d9+sb3WKsOIxtTa58NMRQ

Score

N/A

Malware Config

Signatures

Files

ed0cbb1c37b4ebb9e8261f5c783ae5fc82f4394324a24967aeec9f9a8179ca3f
.dll windows x86

cd56930fd12339131aada4a154b7f77d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??1type_info@@UAE@XZ
_CxxThrowException
putc
vfprintf
exit
rewind
fputc
_stricmp
_itoa
_strlwr
_strnicmp
strlen
fseek
ftell
_mbsicmp
_mbsnbcmp
memset
malloc
strchr
strncpy
_adjust_fdiv
_initterm
_onexit
__dllonexit
strncmp
_iob
fprintf
printf
sscanf
realloc
_except_handler3
time
srand
isalpha
isdigit
wcslen
memcpy
atoi
??2@YAPAXI@Z
calloc
??3@YAXPAX@Z
wcscmp
_mbsstr
memmove
_mbsnbicmp
_EH_prolog
strstr
strcat
free
strrchr
strcmp
strcpy
sprintf
__CxxFrameHandler
fwrite
fopen
fread
fclose
rand
strncat

kernel32

GetFileSize
CreateFileA
GetModuleFileNameA
GetModuleHandleA
lstrcmpA
GetProcAddress
LoadLibraryA
LocalFree
LocalAlloc
SetFileTime
GetSystemDirectoryA
WriteFile
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
ReadFile
Thread32First
CreateToolhelp32Snapshot
GetCurrentProcessId
ExitThread
CreateThread
GetTickCount
GetTempPathW
ResetEvent
WaitForSingleObject
FreeLibrary
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
SetEvent
GetCurrentProcess
CloseHandle
DeleteFileA
GetFileTime
Sleep
FindNextFileA
FindClose
FindFirstFileA
GetDriveTypeA
GetLogicalDrives
SetEndOfFile
SetFileAttributesA
GetTempPathA
QueryPerformanceCounter
CreateEventA
GetSystemTime
lstrcmpiA
GetVersionExA
GetLocaleInfoA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
SetNamedPipeHandleState
WaitNamedPipeW
FlushFileBuffers
CreateFileW
CreateProcessW
GetModuleFileNameW
GetLastError
GetCurrentThread
TlsSetValue
TlsAlloc
TlsFree
HeapFree
HeapAlloc
GetProcessHeap
TerminateThread
lstrlenA
lstrcatA
lstrcpyA
MoveFileA
Thread32Next
RaiseException
InterlockedExchange
SetLastError
VirtualAlloc
SuspendThread
SetThreadContext
GetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
InterlockedCompareExchange
VirtualQuery

user32

SendMessageA
WindowFromPoint
GetSystemMetrics
GetAncestor
IsWindowVisible
EnumThreadWindows
wsprintfW
KillTimer
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
CallNextHookEx
SendMessageTimeoutA
RegisterWindowMessageA
ScreenToClient
GetCursorPos
EnumChildWindows
GetKeyboardLayout
GetKeyboardState
AttachThreadInput
GetForegroundWindow
DrawTextW
wsprintfA
DrawTextA
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
ReleaseDC
GetDC
ExitWindowsEx
FillRect
GetClassNameA
ToAsciiEx

gdi32

CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
SetTextColor
SetBkColor
CreateCompatibleBitmap
DeleteDC
SelectObject
BitBlt
DeleteObject

advapi32

IsTextUnicode
RegQueryValueExA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegFlushKey
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueA
RegDeleteKeyA
CryptGetProvParam
RegEnumValueW
RegCloseKey

ole32

CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VariantCopy
SysFreeString
SysStringLen
GetErrorInfo
SysAllocString

secur32

DecryptMessage
EncryptMessage

ws2_32

WSAGetLastError
getsockname
getpeername
WSAWaitForMultipleEvents
closesocket
gethostbyaddr
WSASend
send
select
recv
WSAStartup
gethostbyname
htons
socket
WSAIoctl
inet_ntoa
WSACreateEvent
connect
WSAEnumNetworkEvents
WSAEventSelect

wininet

HttpSendRequestExA
InternetQueryDataAvailable
HttpSendRequestA
HttpSendRequestW
HttpOpenRequestA
InternetOpenUrlA
InternetReadFileExA
InternetWriteFile
InternetReadFile
InternetConnectA
GetUrlCacheEntryInfoA
InternetCloseHandle
InternetOpenA
InternetQueryOptionA
InternetSetStatusCallback

crypt32

CertDeleteCertificateFromStore
CertGetNameStringA
CertStrToNameA
CertCreateSelfSignCertificate
CertOpenStore
CertAddCertificateContextToStore
PFXExportCertStoreEx
CryptMemFree
CertFreeCertificateContext
PFXImportCertStore
CertEnumCertificatesInStore
CryptAcquireCertificatePrivateKey
CertCloseStore
CryptMemAlloc

Exports

Exports

NullExport

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd56930fd12339131aada4a154b7f77d

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

oleaut32

secur32

ws2_32

wininet

crypt32

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 10KB - Virtual size: 355KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 10KB - Virtual size: 355KB

.reloc
Size: 14KB - Virtual size: 13KB