c1895d619c7af1f2bc09d3fe849bf49585da88b9cb7289c02a202ae7f00a8e96

Sharing

Copy URL Twitter E-mail

General

Target

c1895d619c7af1f2bc09d3fe849bf49585da88b9cb7289c02a202ae7f00a8e96
Size

727KB
MD5

7cad3063040703c910d9ebcddbc16dcb
SHA1

cbf96237fe4ac9c8721fe6fdd2fcaf2bb4b7fa9e
SHA256

c1895d619c7af1f2bc09d3fe849bf49585da88b9cb7289c02a202ae7f00a8e96
SHA512

258f0d9f4fdb1b29d6d579aa4f072f0b818bf474199aa408f4c946340345880c54a78dfa172c98cf4c1e349d06887f1343eed5a2e5503aa8d83eb77ca430d84b
SSDEEP

12288:7pLGmiWtBa62wE3JfK7kzDMDgLLFxxij7UL5rhNAp97papXySrbIN:7pLGmiWDdEmcDMDsxiUdrjArpaVySrbi

Score

N/A

Malware Config

Signatures

Files

c1895d619c7af1f2bc09d3fe849bf49585da88b9cb7289c02a202ae7f00a8e96
.dll windows x86

7a3464cdd3233dab119b6e0a633acd48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateRemoteThread
WaitForSingleObject
Module32FirstW
Module32NextW
CreateFileW
SetFilePointer
ReadFile
SystemTimeToFileTime
WriteFile
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSize
UnmapViewOfFile
GetLocalTime
GetTickCount
ExitProcess
MoveFileW
FindFirstFileW
FindNextFileW
FindClose
IsProcessorFeaturePresent
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
DeleteFileW
WideCharToMultiByte
Process32NextW
CloseHandle
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringA
SetLastError
GetVersion
GetFileType
GetStdHandle
GlobalMemoryStatus
FreeLibrary
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetSystemInfo
GetModuleHandleW
GetProcAddress
GetVersionExW
MultiByteToWideChar
GlobalFree
GlobalAlloc
GetCurrentProcess
GetComputerNameW

user32

wsprintfW
GetSystemMetrics
GetDesktopWindow
SetWindowsHookExW
UnhookWindowsHookEx
GetForegroundWindow
GetKeyState
CallNextHookEx
GetWindowTextW
SetTimer
KillTimer
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW

msvcp100

?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?global@locale@std@@SA?AV12@ABV12@@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_Xruntime_error@std@@YAXPBD@Z
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@HPBD@Z
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??1_Locimp@locale@std@@MAE@XZ
??0_Locimp@locale@std@@AAE@_N@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?unshift@?$codecvt@_WDH@std@@QBEHAAHPAD1AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_BADOFF@std@@3_JB
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z

ws2_32

__WSAFDIsSet
send
gethostbyname
socket
getservbyname
closesocket
inet_addr
recv
WSACleanup
htons
WSAGetLastError
select
WSAStartup
inet_ntoa
connect
gethostname
ioctlsocket
getpeername
shutdown
WSASetLastError

msvcr100

_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
__CxxFrameHandler3
memchr
fputc
fprintf
fgets
_fileno
_setmode
ferror
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
ungetc
fgetc
fgetwc
ungetwc
fputwc
_unlock_file
_lock_file
_beginthreadex
strncpy
rand
srand
fwrite
fclose
ftell
fseek
wcsstr
malloc
free
wcscpy_s
_wtol
iswdigit
_wcsicmp
memcpy_s
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
getenv
realloc
isspace
memmove
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_waccess
_localtime64
_time64
??_V@YAXPAX@Z
??3@YAXPAX@Z
isxdigit
_stat64i32
strchr
strerror
isupper
sscanf
_gmtime64
strtoul
fputs
signal
_getch
memset
tolower
strcmp
abort
__iob_func
vfprintf
_vsnprintf
qsort
_errno
strncmp
memcpy
isalnum
isdigit
fread
fopen
_wassert
strstr
_strnicmp
feof
sprintf
_CxxThrowException

iphlpapi

GetAdaptersInfo
GetBestInterface

wininet

InternetOpenW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW

Exports

Exports

InstallHook
UnInstallHook

Sections

.text
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

KeyHookP
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a3464cdd3233dab119b6e0a633acd48

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp100

ws2_32

msvcr100

iphlpapi

wininet

Exports

Exports

Sections

.text Size: 451KB - Virtual size: 450KB

.rdata Size: 166KB - Virtual size: 165KB

.data Size: 68KB - Virtual size: 86KB

KeyHookP Size: 512B - Virtual size: 28B

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 451KB - Virtual size: 450KB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 68KB - Virtual size: 86KB

KeyHookP
Size: 512B - Virtual size: 28B

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 40KB - Virtual size: 39KB