ae3136ea2f4e085dcea2cf70c716b7fc6ffb85247dda581add557581c1bcdfd3

Sharing

Copy URL Twitter E-mail

General

Target

ae3136ea2f4e085dcea2cf70c716b7fc6ffb85247dda581add557581c1bcdfd3
Size

906KB
MD5

3daa97439dabdb041bd0d0597732afc7
SHA1

94387968ef1086d0273b3589a890092e58d34c99
SHA256

ae3136ea2f4e085dcea2cf70c716b7fc6ffb85247dda581add557581c1bcdfd3
SHA512

6a80b27ba40f48030d20a18f2a7038b58d867e0e9f565d1b9004e59a74f1a2d99cc259aa1903f168279dff9fe0b554c53c60137d6ee11afd8977450807d44c71
SSDEEP

24576:hN1VYgL/obw5Jhvm3hrkp2N3KNsOIfKPAxDbTpu1:hN1igL/obWOdN3KbsDbTpu1

Score

N/A

Malware Config

Signatures

Files

ae3136ea2f4e085dcea2cf70c716b7fc6ffb85247dda581add557581c1bcdfd3
.dll windows x86

aaf7cc8014ac893100611208db157608

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ReleaseMutex
GetFileSizeEx
LoadLibraryW
FreeLibrary
GetCurrentProcess
GetModuleHandleW
ReadProcessMemory
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Process32NextW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetFullPathNameW
TerminateThread
CreateThread
FindClose
GetVersionExW
FlushFileBuffers
LocalAlloc
CreateFileA
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
CreateProcessW
ProcessIdToSessionId
GetUserDefaultLangID
FileTimeToLocalFileTime
DeleteFileA
TryEnterCriticalSection
InterlockedExchange
LoadLibraryA
GetVersionExA
GetFileAttributesA
GetTempPathA
GetTempPathW
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetSystemTime
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentDirectoryA
FindFirstFileA
GetDriveTypeA
ExitThread
FormatMessageA
SetLastError
SetFilePointer
GetLocalTime
SetEndOfFile
GetCurrentProcessId
GetTickCount
InterlockedCompareExchange
CreateMutexW
WaitForSingleObject
GetFileSize
QueryDosDeviceW
GetLogicalDriveStringsW
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetEvent
CreateEventW
OpenProcess
WideCharToMultiByte
GetModuleFileNameW
CloseHandle
ReadFile
CreateFileW
CreateDirectoryW
GetFileAttributesW
GetPrivateProfileStringW
FindResourceExW
DeleteFileW
LoadResource
LockResource
SizeofResource
FindResourceW
LocalFree
GetLastError
MultiByteToWideChar
lstrlenA
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
GetProcAddress
lstrlenW
Sleep
ExpandEnvironmentStringsA
SleepEx
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
CompareStringW
CompareStringA
GetModuleFileNameA
GetStdHandle
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
TlsFree
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
RtlUnwind
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
RaiseException
HeapSize
HeapDestroy
GetModuleHandleA

user32

UnregisterClassA
CharLowerA
wsprintfW

advapi32

CryptDestroyKey
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenServiceW
OpenSCManagerW
OpenProcessToken
ConvertSidToStringSidW
RegQueryValueExW
CloseServiceHandle
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyW

shell32

ShellExecuteW
ShellExecuteExW

ole32

CLSIDFromString
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
CoGetObject
StringFromGUID2
CoCreateGuid

shlwapi

PathRemoveFileSpecW
PathAppendW
PathRemoveArgsW
PathParseIconLocationW
PathAddBackslashW
PathFindFileNameW
PathFileExistsW
PathFileExistsA
StrToIntW
PathMakePrettyW
PathCanonicalizeW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSACleanup
getaddrinfo
closesocket
WSASetEvent
WSACreateEvent
WSARecv
freeaddrinfo
WSAGetOverlappedResult
WSASend
WSAStartup
ioctlsocket
select
__WSAFDIsSet
socket
connect
WSACloseEvent
setsockopt
getpeername
WSAResetEvent
WSAEnumNetworkEvents
WSAConnect
WSAGetLastError
WSASocketW
WSAEventSelect
WSASetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt

crypt32

CertNameToStrW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

Exports

Exports

DllCanUnloadNow
DllGetClassObject
RunApp
_sqlite3_key_interop@12
_sqlite3_rekey_interop@12

Sections

.text
Size: 740KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aaf7cc8014ac893100611208db157608

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

ws2_32

crypt32

wtsapi32

Exports

Exports

Sections

.text Size: 740KB - Virtual size: 739KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 28KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 32KB

.text
Size: 740KB - Virtual size: 739KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 28KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 32KB