180bb84b7a54f1bd6ce62a8e42cf1e2cd587c6b61e64d392ed11b7dbbbede854

Sharing

Copy URL

Twitter E-mail

General

Target

180bb84b7a54f1bd6ce62a8e42cf1e2cd587c6b61e64d392ed11b7dbbbede854
Size

1.1MB
MD5

601a0f76b8a9cdc96f6bc80522927000
SHA1

007a1be088da17baed18e580c991aba359d8d93c
SHA256

180bb84b7a54f1bd6ce62a8e42cf1e2cd587c6b61e64d392ed11b7dbbbede854
SHA512

4ae2709513286e4dcf9e4f5220f7fbca962fd438976d3be3f800fd2a56416ad82b52b8eeef356dda4f9393e7cde6751c7aa5c43939b656cc3ca9f3f3d784d59c
SSDEEP

24576:jzZ7DOlerdyn7rKiokhHmbm5oV3SErAi0i7Xj8BWNLyx1wrvEobKaZX:XZ7DOlekQcmi8S6ACXwWNDEElZ

Score

N/A

Malware Config

Signatures

Files

180bb84b7a54f1bd6ce62a8e42cf1e2cd587c6b61e64d392ed11b7dbbbede854
.dll windows x86

562a5484e9ede3e145c17c9433aaf4fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcmpA
GetProcAddress
ExitProcess
lstrlenA
GetCurrentThread
WideCharToMultiByte
GetProcessHeap
HeapAlloc
GetCurrentProcess
HeapFree
Sleep
lstrcmpW
GetVolumePathNameA
SetLastError
LoadLibraryA
UnhandledExceptionFilter
GetModuleFileNameA
GetModuleHandleA
WaitForSingleObject
TerminateProcess
CloseHandle
ResumeThread
GetThreadContext
SetThreadContext
VirtualQuery
InterlockedCompareExchange
VirtualFree
FlushInstructionCache
VirtualAlloc
VirtualProtect
GetCurrentThreadId
SuspendThread
GetModuleHandleW
TlsFree
SetUnhandledExceptionFilter
GetCurrentProcessId
GetPrivateProfileIntA
GetVersionExA
InitializeCriticalSection
CreateDirectoryA
GetLocalTime
GetSystemInfo
lstrcmpiA
Process32First
Process32Next
CreateToolhelp32Snapshot
SetWaitableTimer
GetQueuedCompletionStatus
TerminateThread
InitializeCriticalSectionAndSpinCount
QueueUserAPC
WaitForMultipleObjects
CreateIoCompletionPort
DeleteCriticalSection
CreateThread
GetTickCount
GetSystemDirectoryA
lstrcpynA
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
QueryPerformanceCounter
FormatMessageA
LocalFree
TlsSetValue
ResetEvent
CreateEventA
OpenEventA
TlsGetValue
SetEvent
TlsAlloc
PostQueuedCompletionStatus
InterlockedExchangeAdd
EnterCriticalSection
GetLastError
InterlockedExchange
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
GetSystemTimeAsFileTime

user32

wsprintfA
RegisterHotKey
GetWindow
GetWindowThreadProcessId
GetDesktopWindow
GetTopWindow
SetWindowLongA
MessageBoxA
EnableMenuItem
GetSystemMenu

advapi32

RegOpenKeyExA
RegSetValueExA
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
GetTokenInformation
RegCloseKey

shell32

ord680

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?exceptions@ios_base@std@@QAEXH@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?widen@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@_JHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ

ws2_32

inet_addr
select
htons
recv
inet_ntoa
__WSAFDIsSet
closesocket
gethostbyname
WSAGetLastError
WSAStartup
WSACleanup
connect
ioctlsocket
WSASocketA
getsockopt
WSASetLastError
setsockopt
WSASend
WSARecv
htonl
ntohl
WSAStringToAddressA
send
WSAGetOverlappedResult
ntohs
socket

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

msvcr100

_lock_file
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_CxxThrowException
memcpy
__CxxFrameHandler3
_mbsstr
vsprintf
malloc
free
??_V@YAXPAX@Z
strerror
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
_stricmp
_wcsicmp
fputc
sprintf
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??8type_info@@QBE_NABV0@@Z
_unlock_file
ungetc
fgetpos
memchr
_fseeki64
fflush
fgetc
fsetpos
setvbuf
memset
memcpy_s
fwrite
fclose
sprintf_s
strcpy_s

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx
Size: 870KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.upx
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

562a5484e9ede3e145c17c9433aaf4fb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp100

ws2_32

version

msvcr100

msvcrt

iphlpapi

psapi

Sections

.text Size: 232KB - Virtual size: 232KB

.upx Size: 870KB - Virtual size: 872KB

.idata Size: 9KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.upx Size: 4KB - Virtual size: 4KB

.text
Size: 232KB - Virtual size: 232KB

.upx
Size: 870KB - Virtual size: 872KB

.idata
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB

.upx
Size: 4KB - Virtual size: 4KB