f573a0879b6295df0449d5ec8e41ac5ac96bc29dc52311cbe5915443974cadf8

Sharing

Copy URL Twitter E-mail

General

Target

f573a0879b6295df0449d5ec8e41ac5ac96bc29dc52311cbe5915443974cadf8
Size

156KB
MD5

de2de172b14873b421a996a280453167
SHA1

99eefdb6f133eaee2f80022395570fed7a8b7d9b
SHA256

f573a0879b6295df0449d5ec8e41ac5ac96bc29dc52311cbe5915443974cadf8
SHA512

19a7756a61afa35a97499d422c4656184167fb7043ff878c9abc69c1418091d92264114be3ede3bb2d967d4a8d41ffb099871b529c66abef55c9b17fe55761c5
SSDEEP

3072:oKqduvSBZ26jhKyqAmer7D39QuG9K30hc+NO/qm7v:o5DVjFmSQuG9K7EOS

Score

N/A

Malware Config

Signatures

Files

f573a0879b6295df0449d5ec8e41ac5ac96bc29dc52311cbe5915443974cadf8
.dll windows x86

a0b8827ec6f53f4dc0be91bf0634ef0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pncrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
_telli64
_lseeki64
_chsize
_fstat
_stricmp
??2@YAPAXI@Z
strstr
_mbctype
strrchr
strncpy
_chmod
_vsnprintf
memmove
printf
rename
_errno
strchr
sprintf
getenv
free
realloc
_write
_read
_tell
_lseek
_sopen
_open
_creat
_close
_chdir
_getcwd
_unlink
_rmdir
_mkdir
_stat
_putenv
_strnicmp
??3@YAXPAX@Z
atoi
_purecall
time
gmtime
fprintf
_iob
localtime
malloc
rand
strftime

kernel32

GetLastError
GetTempPathA
Sleep
TerminateProcess
CreateFileMappingA
MapViewOfFile
GetTempFileNameA
SetErrorMode
GetWindowsDirectoryA
UnmapViewOfFile
GetVersion
LoadLibraryA
CreateDirectoryA
FindFirstFileA
FindNextFileA
GetFileAttributesA
CreateFileA
GetFileSize
FindClose
GetDriveTypeA
GetVersionExA
GetDiskFreeSpaceA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
CloseHandle
ReleaseMutex
SetEvent
OpenEventA
CreateProcessA
WaitForSingleObject
CreateMutexA
FreeLibrary
GetModuleFileNameA
GlobalGetAtomNameA
GetSystemInfo
OpenProcess
GlobalDeleteAtom
GlobalAddAtomA
LocalFree
LocalUnlock
LocalLock
LocalAlloc

user32

CharPrevA
CharNextA
GetSystemMetrics
TranslateMessage
DispatchMessageA
GetMessageA
GetClassInfoA
RegisterClassA
CreateWindowExA
SetWindowLongA
GetWindowLongA
DestroyWindow
DefWindowProcA
IsWindowVisible
IsWindowEnabled
SendMessageTimeoutA
GetWindowThreadProcessId
EnumThreadWindows
PostMessageA
UnregisterClassA
SendMessageA
FindWindowA

advapi32

RegEnumKeyA
RegCreateKeyA
RegSetValueA
RegQueryValueA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegEnumKeyExA

Exports

Exports

?ProcessWndProc@CRNSingleInstanceEventProcessor@@KGJPAUHWND__@@IIJ@Z
OnUninstall
RMACreateInstance
RMAShutdown
SetDLLAccessPath

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0b8827ec6f53f4dc0be91bf0634ef0b

Headers

File Characteristics

Imports

pncrt

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

.rmnet
Size: 60KB - Virtual size: 60KB