97393174ae84559cfd2f66bef2f1282affc19372dc7aed91d87cfdded550a04c

Sharing

Copy URL Twitter E-mail

General

Target

97393174ae84559cfd2f66bef2f1282affc19372dc7aed91d87cfdded550a04c
Size

136KB
MD5

b8b5d1f0ca18eb5ac2edf859297e8ffd
SHA1

8de5f706a5cfaa1d8affb4a7b20fac054f5313d1
SHA256

97393174ae84559cfd2f66bef2f1282affc19372dc7aed91d87cfdded550a04c
SHA512

5d92e004558ee30dd04be5047383c815f10adfbef7781d5e9ab63eb7c08582a3de341ec72eba85eb8352a1981516d44884d88584750d978ff80e61b2d09dd9cd
SSDEEP

3072:QRwFLNGvN5Ip55CiZAsy/15QSzqeXPnU:QR03z3By95jtPn

Score

N/A

Malware Config

Signatures

Files

97393174ae84559cfd2f66bef2f1282affc19372dc7aed91d87cfdded550a04c
.dll windows x86

30d5d81d90717a0f85864a49893475cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
WriteProcessMemory
GetCurrentThreadId
ExpandEnvironmentStringsA
IsDebuggerPresent
GetCurrentProcessId
GetVersionExA
GetTempPathA
GetLogicalDriveStringsA
QueryDosDeviceA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
OpenProcess
IsBadReadPtr
GetModuleFileNameA
SetCurrentDirectoryA
GetTickCount
CloseHandle
ReadFile
GetFileSize
CreateFileA
DeleteFileA
GetDiskFreeSpaceExA
GetCurrentDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryA
GetTempFileNameA
VirtualAllocEx
HeapFree
CopyFileA

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects
PostThreadMessageA
UnloadKeyboardLayout
SystemParametersInfoA
PostMessageA
RegisterClassExA
LoadCursorA
UnregisterClassA
RegisterWindowMessageA
IsWindow

shlwapi

PathFindFileNameA

imm32

ImmLockIMC
ImmUnlockIMC

msvcrt

memmove
modf
malloc
free
strchr
rand
__CxxFrameHandler
??2@YAPAXI@Z
strrchr
floor
strncpy
strncmp
_stricmp
_strnicmp
tolower
srand
atoi
_ftol
_CIfmod
sprintf
??3@YAXPAX@Z

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30d5d81d90717a0f85864a49893475cc

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

imm32

msvcrt

advapi32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 53KB

.rsrc Size: 4KB - Virtual size: 652B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 53KB

.rsrc
Size: 4KB - Virtual size: 652B

.reloc
Size: 4KB - Virtual size: 3KB