1877606c231159015dd3624c598b17afd4b7e410320d30bef78d10588baedd37

Sharing

Copy URL Twitter E-mail

General

Target

1877606c231159015dd3624c598b17afd4b7e410320d30bef78d10588baedd37
Size

44KB
MD5

0a666c8d8a8a540da645563244b5e090
SHA1

1cddaf85d552b92e3f76fd15281c01ec2e961251
SHA256

1877606c231159015dd3624c598b17afd4b7e410320d30bef78d10588baedd37
SHA512

e798abd35062c8485e43e421678240a64d7b1210aec366e27deba30af10fdc72d91e52588876ff29d7d7e96e67c4560e70f125efee3e4f7c8467911cfc3301ce
SSDEEP

768:z3LFFVGzakP6KqUXqFfKujng4KGytcyRQ:z7FSxuUYfKuvKzOyy

Score

N/A

Malware Config

Signatures

Files

1877606c231159015dd3624c598b17afd4b7e410320d30bef78d10588baedd37
.dll windows x86

e243578121ea5879ec46f7a3dd7211ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateThread
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
ReadFile
GetFileSize
CreateFileA
ReadProcessMemory
LoadLibraryA
GetTempPathA
SetThreadPriority
GetProcessHeap
HeapAlloc
VirtualProtect
WriteProcessMemory
GetCurrentProcessId
OpenProcess
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetProcAddress
CloseHandle
VirtualProtectEx
GetModuleHandleA
InterlockedExchange
DeleteCriticalSection

msvcrt

wcscpy
wcsncat
wcslen
wcsstr
_stricmp
_except_handler3
_vsnprintf
wcscat
exit
__dllonexit
_onexit
_initterm
_adjust_fdiv
_strcmpi
_strlwr
mbstowcs
wcscmp
strchr
strstr
strrchr
strcat
malloc
free
strcpy
sprintf
strlen
strncpy
atoi
__CxxFrameHandler
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy

gdiplus

GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

wsock32

shutdown
closesocket

user32

GetForegroundWindow
GetClassNameW
GetWindow
wsprintfA

Exports

Exports

DllMoveFile

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e243578121ea5879ec46f7a3dd7211ed

Headers

File Characteristics

Imports

kernel32

msvcrt

gdiplus

gdi32

wsock32

user32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB