a5c80588d497143776e088de3abcdf561ce4c5727193c96a61384db84d881244

Sharing

Copy URL Twitter E-mail

General

Target

a5c80588d497143776e088de3abcdf561ce4c5727193c96a61384db84d881244
Size

78KB
MD5

92361e788b0a01c793b1d946e6c5c8a4
SHA1

5b3ef3acde9bd50464efc9ba6f3e45a62e7a9b14
SHA256

a5c80588d497143776e088de3abcdf561ce4c5727193c96a61384db84d881244
SHA512

4ca8390677313a79bb6069436b18c5c637475a647f81707f53ce50031e0d4cb59089667414911d7741b5fdc2e26220e18606e8769fa2fcb3b14268fa1c5089b9
SSDEEP

1536:GI935LvzwAhHY/aq6glrzuQ627tZxYH5hGKEfQ9NtzXwH8GzNoMTbG:GI935LvzTNq6uzDjxY2KKQ9NxXwH8oaj

Score

N/A

Malware Config

Signatures

Files

a5c80588d497143776e088de3abcdf561ce4c5727193c96a61384db84d881244
.dll windows x86

c60549710fc29bc41f76c0bfb9c01e90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket
select
WSAGetLastError
closesocket
socket
shutdown
__WSAFDIsSet
inet_addr
sendto
connect
htons
recv
send
gethostbyname
WSAStartup

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

urlmon

ObtainUserAgentString

kernel32

CreateProcessA
IsBadWritePtr
GetLastError
GetProcAddress
GetTempFileNameA
LoadLibraryA
DeleteCriticalSection
GetVersionExA
CloseHandle
GetTempPathA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleExA
SetEvent
Sleep
CreateEventA
ResetEvent
GetModuleFileNameA
OpenProcess
GetTickCount
VirtualProtect
MoveFileExA
GetSystemDirectoryA
GetEnvironmentVariableA
CopyFileA
SetFileAttributesA
OpenEventA
CreateRemoteThread
VirtualAllocEx
GetCurrentProcessId
WriteProcessMemory
WaitNamedPipeA
ConnectNamedPipe
ReadFile
GetOverlappedResult
DisconnectNamedPipe
FlushInstructionCache
SetNamedPipeHandleState
WaitForMultipleObjects
InitializeCriticalSection
WriteFile
WaitForSingleObject
FreeLibrary
CreateFileA
lstrcpyA
lstrcmpiA
lstrcatA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrcpynA
CreateEventW
lstrcmpA
GetComputerNameExA
GetLocalTime
MultiByteToWideChar
lstrlenW
lstrcatW
WideCharToMultiByte
GetModuleHandleA
GetCurrentProcess
CreateThread
CreateNamedPipeA

advapi32

CryptExportKey
CryptAcquireContextW
RegOpenKeyA
InitializeSecurityDescriptor
RegDeleteValueA
RegSetValueExA
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegCloseKey
RegEnumKeyA
RegCreateKeyExA
CryptReleaseContext
CryptGetHashParam
CryptImportKey
RegQueryValueExA
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptGenKey
CryptCreateHash
CryptEncrypt

wininet

InternetTimeFromSystemTimeA
InternetOpenW
InternetCrackUrlW
InternetReadFile
HttpAddRequestHeadersA
HttpSendRequestW
HttpOpenRequestW
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectW
InternetOpenA
HttpQueryInfoA
InternetConnectA
InternetCrackUrlA

dnsapi

DnsFree
DnsQuery_A

ole32

OleInitialize
CoCreateInstance
OleUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

Exports

Exports

Init

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c60549710fc29bc41f76c0bfb9c01e90

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

psapi

crypt32

urlmon

kernel32

advapi32

wininet

dnsapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 73KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 73KB

.reloc
Size: 4KB - Virtual size: 4KB