a1e365c7bd3d2f9c63344b5038d48633edde3f7385f1d39231137621129dd52d

Sharing

Copy URL

Twitter E-mail

General

Target

a1e365c7bd3d2f9c63344b5038d48633edde3f7385f1d39231137621129dd52d
Size

330KB
MD5

bbd01424845abbfefd9bc05420684d92
SHA1

7bf4f61ef99c2f2bc79f46d457467cf531e1828d
SHA256

a1e365c7bd3d2f9c63344b5038d48633edde3f7385f1d39231137621129dd52d
SHA512

ee9ac333beb021785661aefc1e1e028481a4fca75fa2632517d53491a3c7526748465edaa41747c2e5869b4ea1aa2e2efc28071d365a50065848b2727aabedea
SSDEEP

6144:ylDldPOqoFmiYrO7bd/AssiDbu+2/zztPt/0HEZETtPnJj907z7:ylDldOIO/hN/Klq+stPnm

Score

N/A

Malware Config

Signatures

Files

a1e365c7bd3d2f9c63344b5038d48633edde3f7385f1d39231137621129dd52d
.dll windows x86

b06a62109125c7fc6c616ff473dba590

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcslen
_adjust_fdiv
malloc
_initterm
free
wcschr
wcsrchr
_vsnwprintf
_purecall
memmove
strtoul
_wcsnicmp
_ltow
_wtol
swprintf
iswspace
iswprint
strtok
_stricmp
wcsncpy
_wcsicmp
_itow
wcscat
wcscmp
wcscpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3

kernel32

MapViewOfFile
DeleteFileW
GetCurrentDirectoryW
GetComputerNameW
SystemTimeToFileTime
WriteFile
LoadLibraryExA
lstrcatA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
WideCharToMultiByte
GetUserDefaultLCID
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
LocalReAlloc
lstrlenA
lstrcpyA
LoadLibraryA
FormatMessageW
lstrlenW
lstrcmpA
FindResourceA
LoadResource
LockResource
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersionExA
DisableThreadLibraryCalls
FreeLibrary
OutputDebugStringA
LoadLibraryW
CompareFileTime
GetSystemTimeAsFileTime
CreateFileMappingA
InitializeCriticalSection
GetModuleFileNameW
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetCurrentThread
GetCurrentProcess
CloseHandle
SetLastError
GetProcAddress
GetModuleHandleW
GetLastError
GetModuleHandleA
SetEndOfFile
SetFilePointer
GetLocalTime
CreateFileA
ExpandEnvironmentStringsA
Sleep
DelayLoadFailureHook
GetFileSize
UnmapViewOfFile
GetComputerNameExW
ExpandEnvironmentStringsW
CreateFileW
GetACP
MulDiv
CompareStringA
CompareStringW
GetDateFormatA
GetTimeFormatA
DeleteCriticalSection

advapi32

GetUserNameW
FreeSid
EqualSid
AllocateAndInitializeSid
CloseServiceHandle
StartServiceW
UnlockServiceDatabase
CryptGetUserKey
CryptDestroyKey
CryptSetProvParam
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenThreadToken
OpenProcessToken
GetTokenInformation
CryptGetKeyParam
RegOpenKeyExA
DuplicateToken
RegCreateKeyExA
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegQueryInfoKeyA
QueryServiceStatus
StartServiceA
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceConfigA
LockServiceDatabase
ChangeServiceConfigA
CryptAcquireContextA

wintrust

WinVerifyTrustEx
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WintrustGetDefaultForUsage
WTHelperGetKnownUsages
TrustIsCertificateSelfSigned

crypt32

CertFindCertificateInStore
CertSetEnhancedKeyUsage
CryptInitOIDFunctionSet
CryptGetDefaultOIDDllList
CryptGetDefaultOIDFunctionAddress
CryptFreeOIDFunctionAddress
CryptFindOIDInfo
CertGetValidUsages
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateStore
CertGetEnhancedKeyUsage
CertFindExtension
CryptDecodeObject
CryptEncodeObject
CertGetSubjectCertificateFromStore
CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertGetPublicKeyLength
CertGetCTLContextProperty
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptMsgVerifyCountersignatureEncoded
CertFindAttribute
CryptMsgControl
CryptFormatObject
CertGetNameStringW
CertGetStoreProperty
CryptMsgDuplicate
CertFreeCTLContext
CryptQueryObject
CryptFindLocalizedName
CertEnumSystemStore
CertEnumPhysicalStore
CertCompareCertificate
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertSaveStore
CertDeleteCertificateFromStore
CryptEnumOIDInfo
CryptMsgEncodeAndSignCTL
CertAddCTLContextToStore
CertSetCTLContextProperty
CertCreateCTLContext
CryptSIPRetrieveSubjectGuid
CryptDecodeObjectEx
CertEnumCTLsInStore
CertVerifyTimeValidity
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateChainEngine
PFXExportCertStore
PFXExportCertStoreEx
CryptAcquireCertificatePrivateKey
CertFreeCRLContext
CertGetCRLFromStore
PFXVerifyPassword
CertAddCRLContextToStore
CertFindCTLInStore
CertFindCRLInStore
CryptFindCertificateKeyProvInfo
PFXImportCertStore
CertCreateCertificateContext
CertNameToStrW
CertSetCertificateContextProperty

user32

MapDialogRect
SetRect
CreateWindowExW
PostMessageW
DestroyIcon
CheckRadioButton
IsDlgButtonChecked
GetSysColor
IsWindowVisible
GetDialogBaseUnits
GetFocus
UpdateWindow
GetNextDlgTabItem
GetClientRect
DrawFocusRect
LoadCursorA
SetCursor
GetWindowRect
MapWindowPoints
FillRect
InvalidateRect
GetSysColorBrush
LoadBitmapW
GetDesktopWindow
LoadStringA
SendDlgItemMessageA
SetDlgItemTextW
SendMessageA
SetWindowTextA
GetDC
ReleaseDC
WinHelpW
ShowWindow
GetDlgItem
GetWindowTextW
EnableWindow
SetFocus
DialogBoxParamW
PeekMessageA
IsWindowEnabled
LoadIconA
GetUpdateRect
CallWindowProcA
BeginPaint
EndPaint
DrawIcon
wsprintfA
SetWindowPos
GetParent
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
GetDlgItemTextA
SetClassLongA
GetWindowLongA
MonitorFromWindow
GetMonitorInfoW
GetWindow
CopyRect
LoadCursorW
DestroyWindow
SystemParametersInfoA
MessageBoxExW
PostMessageA
RegisterClipboardFormatA
CreateWindowExA
MoveWindow
GetWindowDC
SetCapture
SetWindowLongA
ReleaseCapture
GetWindowLongW
DrawTextExW
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
SendMessageW
LoadStringW
MessageBoxW

gdi32

CreatePalette
CreateDIBitmap
RealizePalette
SelectPalette
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SetBkColor
CreateBitmap
GetObjectA
GetTextExtentPoint32W
GetBkColor
CreateFontIndirectA
GetDeviceCaps
CreateFontIndirectW
GetObjectW
SetPixel
DeleteObject

rpcrt4

RpcNetworkIsProtseqValidA
RpcBindingFromStringBindingA
RpcBindingFree
UuidCreate
UuidToStringA
RpcStringFreeA
NdrClientCall2
RpcStringBindingComposeA
RpcEpResolveBinding

netapi32

DsGetDcNameW
NetGetDCName
NetApiBufferFree

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

ahktCbldmaqf
RuadnceEfProckqk

Sections

.text
Size: 41KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 271KB - Virtual size: 717KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b06a62109125c7fc6c616ff473dba590

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

wintrust

crypt32

user32

gdi32

rpcrt4

netapi32

wininet

version

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 43KB

.data Size: 271KB - Virtual size: 717KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 41KB - Virtual size: 43KB

.data
Size: 271KB - Virtual size: 717KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 8KB