eff9461005a11d99943cad084a3666181b240689a16485ba141e60cfcff8abdc

Sharing

Copy URL

Twitter E-mail

General

Target

eff9461005a11d99943cad084a3666181b240689a16485ba141e60cfcff8abdc
Size

435KB
MD5

501c5dc3e018b1fce5d6db467f4fc63a
SHA1

b4ec944b67a8c4f81bfe18aabe4b1ff64955a89e
SHA256

eff9461005a11d99943cad084a3666181b240689a16485ba141e60cfcff8abdc
SHA512

ffc26377b9c2498ea98ce90a616176f922ba8c10c5f3c1af375961f864caa9d9d2bad95c8f582771118c14c29cf9cbe72e81ca81f1c75d3fc0a5af1d167f39d0
SSDEEP

12288:BgCvKlleCGBSCwnDiSEbjEv7YFbhGfRcDRV5u:BvkltGBS3yEjYFbhiWlu

Score

N/A

Malware Config

Signatures

Files

eff9461005a11d99943cad084a3666181b240689a16485ba141e60cfcff8abdc
.dll windows x86

fc4ccee136f005386c230abc90704fa2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCompactPathExW

ole32

CoUninitialize
CoInitializeEx

shell32

ShellExecuteW
CommandLineToArgvW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteExW

advapi32

InitializeSecurityDescriptor
StartServiceW
SetTokenInformation
SetSecurityDescriptorSacl
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegDeleteValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
CloseServiceHandle
ControlService
CreateProcessAsUserW
DuplicateTokenEx
FreeSid
GetUserNameW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW

user32

SendMessageW
PostMessageW
OffsetRect
MessageBoxW
LoadStringW
LoadImageW
KillTimer
IsWindow
GetWindowRect
GetSystemMetrics
SetActiveWindow
GetDlgItemTextW
GetDlgItem
GetDesktopWindow
GetClientRect
ExitWindowsEx
EndDialog
EnableWindow
DialogBoxParamW
DestroyWindow
CreateWindowExW
CreateDialogParamW
CopyRect
BringWindowToTop
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowPos
SetWindowTextW
ShowWindow
wsprintfW
GetParent

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

WriteConsoleA
WaitNamedPipeW
WriteFile
WaitForSingleObject
WriteConsoleW
WideCharToMultiByte
WaitForMultipleObjects
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
TerminateThread
TerminateProcess
SystemTimeToFileTime
SetUnhandledExceptionFilter
SetStdHandle
SetLastError
SetHandleCount
SetFilePointer
SetEvent
SetErrorMode
SetEnvironmentVariableA
SetEndOfFile
SearchPathW
RtlUnwind
ResetEvent
ReleaseMutex
ReadFile
RaiseException
QueryPerformanceCounter
Process32NextW
Process32FirstW
OutputDebugStringW
OpenProcess
OpenMutexW
OpenEventA
MultiByteToWideChar
MoveFileW
MoveFileExW
LocalFree
LoadLibraryW
AllocConsole
CancelIo
CloseHandle
CompareStringA
CompareStringW
CopyFileW
CreateEventA
CreateEventW
CreateFileA
CreateMutexW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
DisconnectNamedPipe
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetEnvironmentStringsA
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesW
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessPriorityBoost
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA

wininet

InternetConnectW
InternetOpenW
InternetQueryDataAvailable
InternetQueryOptionW
InternetCloseHandle
InternetSetOptionW
InternetSetStatusCallbackW
HttpAddRequestHeadersA
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
HttpOpenRequestW

rpcrt4

UuidFromStringW
UuidToStringW
UuidCreate
RpcStringFreeW

gdi32

CreateSolidBrush
SetBkColor

Exports

Exports

Encoder
List_Append
NoMemory
TypeError
destroy_write_struct
get_color_type
handle_as_unknown
set_write_fn

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc4ccee136f005386c230abc90704fa2

Headers

File Characteristics

Imports

shlwapi

ole32

shell32

advapi32

user32

version

kernel32

wininet

rpcrt4

gdi32

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 270KB - Virtual size: 269KB

.data Size: 70KB - Virtual size: 71KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 270KB - Virtual size: 269KB

.data
Size: 70KB - Virtual size: 71KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 3KB - Virtual size: 3KB