6d30e7fdeb6ea57e7b3fd16cb7a44a33e6081b92898bceeb75384645ad19f47a

Sharing

Copy URL Twitter E-mail

General

Target

6d30e7fdeb6ea57e7b3fd16cb7a44a33e6081b92898bceeb75384645ad19f47a
Size

286KB
MD5

3b3ed53191b1a39d3b7e05218cc800f0
SHA1

66b949f77ed883e14df72feabbb00544e48ddb4e
SHA256

6d30e7fdeb6ea57e7b3fd16cb7a44a33e6081b92898bceeb75384645ad19f47a
SHA512

724c67deff198a45aba34cc0e53f8944dff2eab99c28232376fb03e118eed58209e72ea4dce1726fd0c491aa68ddd4e5a578dbc1146b66b178ef2e57787be7f5
SSDEEP

6144:VUlin6gmYnhok5BmJ0/R3UxRJO2sdi5VtJLi1cCxKDxXo7Ir:qli6psN5Sf3W/ZxWoE

Score

N/A

Malware Config

Signatures

Files

6d30e7fdeb6ea57e7b3fd16cb7a44a33e6081b92898bceeb75384645ad19f47a
.dll windows x86

e9f228f542d51ba645a748b0dd2396a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_CxxThrowException
__CxxFrameHandler3
wcsstr
memmove
wcsrchr
_vscwprintf
_vsnwprintf
wcsncmp
fputws
_wfopen
fclose
calloc
_XcptFilter
_amsg_exit
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_lock
_unlock
_wcslwr
wcspbrk
wcschr
memmove_s
_stricmp
_wcsicmp
towlower
iswctype
wcsspn
memcpy_s
realloc
free
iswspace
wcstok_s
_wcsnicmp
__dllonexit
_onexit
malloc
_except_handler4_common
memset

kernel32

EnterCriticalSection
DelayLoadFailureHook
QueryDosDeviceW
GetLogicalDriveStringsW
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
ReleaseMutex
LoadLibraryW
OpenProcess
InitializeCriticalSection
CreateMutexW
IsWow64Process
WaitForSingleObject
LoadLibraryExW
GetVersionExA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
Sleep
OutputDebugStringA
GetModuleHandleA
DeleteCriticalSection
VirtualProtect
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CopyFileExW
SetFileAttributesW
DeviceIoControl
GetFileInformationByHandle
CreateDirectoryW
lstrcmpiW
EncodePointer
FindClose
FindNextFileW
GetCurrentThreadId
GetModuleHandleExW
GetModuleFileNameW
SearchPathW
GetFileAttributesW
SetLastError
LocalAlloc
VirtualQuery
GetCurrentDirectoryW
LocalFree
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
GetProcAddress
FreeLibrary
GetModuleHandleW
GetLastError
GetCurrentProcessId
GetProcessId
TlsSetValue
ExitThread
GetProcessIdOfThread
GetThreadId
InterlockedIncrement
HeapAlloc
GetProcessHeap
InterlockedDecrement
HeapFree
GetSystemDirectoryW
GetWindowsDirectoryW
GetLongPathNameW
GetFullPathNameW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
TlsGetValue
TlsAlloc
OpenEventW
WaitForSingleObjectEx
CloseHandle
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
TerminateProcess
DecodePointer
CreateFileW
GetFileSizeEx
OutputDebugStringW
TlsFree
FindFirstFileW

api-ms-win-downlevel-shlwapi-l1-1-0

StrCmpNCW
StrCmpNICW
StrDupW
PathSkipRootW
PathIsUNCW
PathGetArgsW
StrCmpIW
PathFindFileNameW
StrCmpICW
StrCmpCW
StrCmpICA

api-ms-win-downlevel-advapi32-l1-1-0

RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

ntdll

RtlNtStatusToDosError
NtQueryObject

iertutil

ord58
ord303
ord45
ord321
ord101
ord137
ord751
ord308
ord298
ord305
ord121
ord573
ord170
ord134
ord50

Exports

Exports

AcRedirNotify
AcRedirNotifySetEnabled
AcRedirSetEnabled
IEShims_CreateWindowEx
IEShims_GetOriginatingThreadId
IEShims_InDllMainContext
IEShims_Initialize
IEShims_SetRedirectRegistryForThread
IEShims_Uninitialize

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e9f228f542d51ba645a748b0dd2396a3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

api-ms-win-downlevel-shlwapi-l1-1-0

api-ms-win-downlevel-advapi32-l1-1-0

ntdll

iertutil

Exports

Exports

Sections

.text Size: 205KB - Virtual size: 204KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 205KB - Virtual size: 204KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB

.rmnet
Size: 56KB - Virtual size: 60KB