dbe6ab17610d0b2c88ef319ace4457a2bd33f2f3e9e2f8dea24bc329aa980c4f

Sharing

Copy URL Twitter E-mail

General

Target

dbe6ab17610d0b2c88ef319ace4457a2bd33f2f3e9e2f8dea24bc329aa980c4f
Size

228KB
MD5

c42bf6194f0a1533baad526062f9aaf7
SHA1

60f521a6de2b62d16dd78931f2a55eec6b0bad0a
SHA256

dbe6ab17610d0b2c88ef319ace4457a2bd33f2f3e9e2f8dea24bc329aa980c4f
SHA512

64519cbe5eed7837f5d4730af3d9989f446288a58e4028838a4a9846e230366bfd2526fc7c68e7460030174b2a5fff97ed6e441d04d65a39f2e540216658239a
SSDEEP

3072:gJYp0BejpRlTgenKL+K31mcDUAOabQpvYxs7pFikMNMo2nJsoqZ/Uo:gJG0Be7qywSAqT1Fit2JsoA

Score

N/A

Malware Config

Signatures

Files

dbe6ab17610d0b2c88ef319ace4457a2bd33f2f3e9e2f8dea24bc329aa980c4f
.dll windows x86

6d5de578f7b910cd8cd28311bfac5278

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pncrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
_findclose
_purecall
_findnext
_findfirst
sscanf
_ismbcspace
strncpy
strtok
strchr
printf
_endthreadex
_beginthreadex
sprintf
_ftol
_vsnprintf
free
_stricmp
_ftime
_stat
_itoa
_putenv
_strcmpi
??3@YAXPAX@Z
??2@YAPAXI@Z
rand
memmove
atoi
strstr
strncmp
realloc
malloc
strrchr

kernel32

Sleep
CreateEventA
SetEvent
DeleteCriticalSection
LeaveCriticalSection
GetVersion
GetSystemInfo
GetProcAddress
GetVersionExA
SetErrorMode
LoadLibraryA
FreeLibrary
InterlockedDecrement
ResetEvent
GetLastError
WaitForSingleObject
CloseHandle
GetCurrentThreadId
GetThreadPriority
SetThreadPriority
ResumeThread
SuspendThread
GetTickCount
DisableThreadLibraryCalls
InitializeCriticalSection
InterlockedIncrement
GetSystemDirectoryA
EnterCriticalSection

user32

CharNextA
GetSystemMetrics
PeekMessageA
DispatchMessageA
GetMessageA
PostMessageA
PostThreadMessageA
KillTimer
SetTimer
CharLowerA

advapi32

RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegSetValueA
RegOpenKeyA
RegQueryValueA

Exports

Exports

RNGetRootObjectContext
RNGetRootObjectFactory
RNSetupObjectBroker
RNShutdownObjectBroker
SetDLLAccessPath

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d5de578f7b910cd8cd28311bfac5278

Headers

File Characteristics

Imports

pncrt

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 968B

.reloc Size: 8KB - Virtual size: 6KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 8KB - Virtual size: 6KB

.rmnet
Size: 60KB - Virtual size: 60KB