5e2f66968aa4ecbcd6d7e7f7e7b4d978fca4b2b95a4cf0f4f6c74e89569a3e4e

Sharing

Copy URL Twitter E-mail

General

Target

5e2f66968aa4ecbcd6d7e7f7e7b4d978fca4b2b95a4cf0f4f6c74e89569a3e4e
Size

43KB
MD5

049cc72ed7ccdd70fa6612632c6677a0
SHA1

8dbbab1c75a1150a46afcbed4fd209edb9e8f50f
SHA256

5e2f66968aa4ecbcd6d7e7f7e7b4d978fca4b2b95a4cf0f4f6c74e89569a3e4e
SHA512

2d83706b321f302d17a170f619553a7d277667ec608890f9018d3b13a94ba2731bd937d8f7665a7d3a2a44e3cf745d5c5047a297ddb49a2f73f70edd894060c3
SSDEEP

768:IaLzQ/yjY+QrJHPDRVGY2sSKgcZECeF3AjR2EqU/lZyaxVuF5A5PTS:JLcqclrRVGYdSFQjqU3X6HV

Score

N/A

Malware Config

Signatures

Files

5e2f66968aa4ecbcd6d7e7f7e7b4d978fca4b2b95a4cf0f4f6c74e89569a3e4e
.dll windows x86

c2df49005df75e2b493dae558a5d3700

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Thread32First
CreateToolhelp32Snapshot
GetProcessHeap
HeapAlloc
OpenProcess
GetLastError
WideCharToMultiByte
lstrcatA
GetTickCount
GetCurrentProcessId
WriteProcessMemory
GetTempPathA
ReleaseMutex
CreateMutexA
GetSystemDirectoryA
lstrcpynA
ReadProcessMemory
SetThreadPriority
VirtualProtectEx
CopyFileA
DeviceIoControl
TerminateThread
OpenThread
GetThreadContext
SetThreadContext
Thread32Next
GetCurrentProcess
FlushInstructionCache
VirtualProtect
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
AddVectoredExceptionHandler
Sleep
CreateFileA
ReadFile
CloseHandle
GetFileSize
LoadLibraryA
GetProcAddress
IsBadReadPtr
CreateThread
GetModuleHandleA
GetModuleFileNameA

user32

GetWindow
GetClassNameW
GetForegroundWindow
GetWindowTextA
wsprintfA

gdi32

DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
SelectObject
DeleteDC
BitBlt

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcrt

_strcmpi
_strupr
_strdup
isalpha
_onexit
memset
strlen
??2@YAPAXI@Z
_stricmp
memcpy
strcpy
strncpy
isprint
memcmp
strstr
strcat
strrchr
free
malloc
??3@YAXPAX@Z
_except_handler3
_strlwr
wcscat
wcscpy
wcslen
isspace
isalnum
strchr
_vsnprintf
realloc
isdigit
atoi
wcscmp
mbstowcs
wcsncat
wcsstr
exit
__dllonexit

gdiplus

GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

wsock32

gethostbyname
send
recv
connect
htons
socket
WSAStartup
shutdown
closesocket

Sections

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2df49005df75e2b493dae558a5d3700

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

gdiplus

msvcp60

wsock32

Sections

.bss Size: - Virtual size: 11KB

.data Size: 38KB - Virtual size: 37KB

.CRT Size: 512B - Virtual size: 8B

.reloc Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 11KB

.data
Size: 38KB - Virtual size: 37KB

.CRT
Size: 512B - Virtual size: 8B

.reloc
Size: 3KB - Virtual size: 2KB