f06f6ecad5d1f7cb4ba6ba39c5fdcc28579cd8904612631673add46862ce0d02

Sharing

Copy URL Twitter E-mail

General

Target

f06f6ecad5d1f7cb4ba6ba39c5fdcc28579cd8904612631673add46862ce0d02
Size

84KB
MD5

08fe8a9b65bb45237106abb3322ccf5b
SHA1

d6b2a51ec99a54915122fe7dbcfe8b95f2ddb786
SHA256

f06f6ecad5d1f7cb4ba6ba39c5fdcc28579cd8904612631673add46862ce0d02
SHA512

6f46d96a456ae6c7242f891e80c82c755e3a77c64152ee5685b1858497d3210ebe395de7841ca101cf3e75098437eb05fc30723495291760108da198d526ca36
SSDEEP

1536:s3rVXSyfBHRpiHCrBIeCIAc11Ed/RabWp4Ibj/S9ncbB2CsjTn:s3pjfBhBIelAKY/MbWSIbjScbB1s3n

Score

N/A

Malware Config

Signatures

Files

f06f6ecad5d1f7cb4ba6ba39c5fdcc28579cd8904612631673add46862ce0d02
.dll windows x86

f04fe1f34ead1440a1c02c1765346434

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibraryAndExitThread
CreateEventW
DeviceIoControl
FreeResource
HeapAlloc
HeapFree
GetProcessHeap
EnumResourceNamesA
OutputDebugStringA
GetVersion
GetSystemDefaultLangID
GetComputerNameA
SetCurrentDirectoryA
GetProcAddress
LocalAlloc
SetEnvironmentVariableA
GetModuleHandleA
SetErrorMode
OpenProcess
TerminateThread
CreateSemaphoreA
TerminateProcess
ReleaseSemaphore
OpenEventA
GetModuleFileNameA
GetCurrentProcessId
CreateFileW
TryEnterCriticalSection
GlobalFree
LoadLibraryA
HeapReAlloc
WideCharToMultiByte
CreateNamedPipeW
FormatMessageA
GetShortPathNameA
SetLastError
CreateMutexA
GetVersionExA
GetTempPathA
CreateDirectoryA
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
OpenEventW
WaitNamedPipeW
SetFilePointer
GetFileSize
CreateFileA
CreatePipe
LockResource
CopyFileA
GetLastError
CreateProcessA
SizeofResource
ExpandEnvironmentStringsA
LoadResource
FindResourceA
CreateThread
CloseHandle
DeleteCriticalSection
OpenThread
ConnectNamedPipe
CreateProcessW
PeekNamedPipe
ExitProcess
GetCurrentThreadId
DeleteFileA
LocalFree
FindNextFileA
MoveFileA
FindClose
RemoveDirectoryA
FindFirstFileA
ReadFile
GetFileAttributesA
WriteFile
EnterCriticalSection
LeaveCriticalSection
CreateEventA
Sleep
InitializeCriticalSection
SetEvent
WaitForSingleObject
GetCurrentProcess
GetSystemTime
DuplicateHandle
FreeLibrary

user32

SendInput
GetThreadDesktop
CloseWindowStation
GetParent
OpenInputDesktop
WindowFromPoint
SetProcessWindowStation
GetUserObjectInformationA
CloseDesktop
OpenWindowStationA
SetCursorPos
GetDesktopWindow
SetThreadDesktop
CloseWindow
LoadKeyboardLayoutA
SystemParametersInfoA
SwitchDesktop
CreateWindowStationW
CreateDesktopW
ReleaseDC
GetDC
GetProcessWindowStation
GetWindowDC
GetWindowRect

gdi32

DeleteDC
StretchBlt
GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
RealizePalette
SelectPalette
GetObjectA
GetStockObject

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RevertToSelf
CloseServiceHandle
DeleteService
SetEntriesInAclA
GetKernelObjectSecurity
CreateServiceA
StartServiceA
DuplicateTokenEx
QueryServiceStatus
ImpersonateLoggedOnUser
MakeAbsoluteSD
SetKernelObjectSecurity
OpenSCManagerA
BuildExplicitAccessWithNameA
ControlService
GetSecurityDescriptorDacl
OpenServiceA

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance

ws2_32

gethostbyname
inet_addr
inet_ntoa
closesocket
gethostname
socket
bind
recv
setsockopt
shutdown
htons
WSAGetLastError
WSAStartup
select
htonl
connect
getsockname
send

psapi

GetModuleBaseNameA

wininet

InternetQueryOptionA

urlmon

URLDownloadToCacheFileA

msvcrt

strncpy
realloc
strcat
_snwprintf
strcmp
wcscpy
sprintf
memcmp
atoi
wcslen
strcpy
??_U@YAPAXI@Z
strchr
fopen
??_V@YAXPAX@Z
fread
strrchr
fclose
wcsncmp
_vsnprintf
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
?terminate@@YAXXZ
_except_handler3
free
strncat
??2@YAPAXI@Z
malloc
srand
rand
memset
_snprintf
strlen
strncmp
memcpy
_stricmp
wcscmp
_strnicmp
_wcsnicmp
_CxxThrowException
_ftol
??3@YAXPAX@Z
__CxxFrameHandler

ntdll

NtRequestWaitReplyPort
NtMapViewOfSection
NtUnmapViewOfSection
NtOpenFile
NtCreateSection
RtlDosPathNameToNtPathName_U
RtlAllocateAndInitializeSid
NtOpenProcess
NtMakeTemporaryObject
NtCreateEvent
NtOpenDirectoryObject
NtOpenEvent
RtlPrefixUnicodeString
NtCreateFile
NtQueryDirectoryObject
NtWaitForSingleObject
NtQueryInformationProcess
NtOpenSymbolicLinkObject
RtlInitUnicodeString
NtQuerySystemInformation
NtTerminateProcess
NtSetEvent
NtClose
RtlUnwind
NtConnectPort

iphlpapi

GetAdapterIndex
GetIfEntry

oleaut32

GetErrorInfo

Exports

Exports

F10
F20
FAA
_crt_debugger_hook

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.share
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f04fe1f34ead1440a1c02c1765346434

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

ws2_32

psapi

wininet

urlmon

msvcrt

ntdll

iphlpapi

oleaut32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.share Size: 51KB - Virtual size: 51KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 3KB - Virtual size: 3KB

.share
Size: 51KB - Virtual size: 51KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 19KB - Virtual size: 18KB