8f648ffea2989f26adf668a8cb39348dd33b3c7cdf6c42c997d9557b0684cf34

Sharing

Copy URL Twitter E-mail

General

Target

8f648ffea2989f26adf668a8cb39348dd33b3c7cdf6c42c997d9557b0684cf34
Size

484KB
MD5

d81cb2ad3eea9f8e379204e76cf103ad
SHA1

9d16f43b4f837c87c39d4663f80df7d0581e62b8
SHA256

8f648ffea2989f26adf668a8cb39348dd33b3c7cdf6c42c997d9557b0684cf34
SHA512

94ad76aa1bb4b426b0817f5c4df743a0e00f27c9e23f5f33a1aef92f04d69069871aef0d4861a5205bcd15000b0e0db4684eeeb9176e43baed4ee2dc581bbbec
SSDEEP

12288:44ouL2lTFux1y7rL9ixoMegfXoEdUtuPg9qLfiQooQjjfiCcB74SxF:44ob776fYPtuPeqLiQoPjjfgB7pF

Score

N/A

Malware Config

Signatures

Files

8f648ffea2989f26adf668a8cb39348dd33b3c7cdf6c42c997d9557b0684cf34
.dll windows x86

61b908cff586c95ec1b907e4234dcbef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pncrt

malloc
_ftol
sprintf
atof
_stricmp
_adjust_fdiv
_initterm
free
_onexit
rand
_purecall
??3@YAXPAX@Z
atol
__dllonexit
atoi
sscanf
_putenv
strstr
??2@YAPAXI@Z
strchr
memmove
tolower
realloc
_vsnprintf
_ismbcspace
strncmp
strtok
strtol
strncpy
isdigit
isspace
strtod
printf
strrchr
_mbctype
_getmbcp
islower
_strcmpi

kernel32

lstrcpyA
FreeLibrary
GlobalLock
GetLastError
LoadLibraryA
LocalFree
GlobalUnlock
GetProcAddress
MultiByteToWideChar
GetModuleFileNameA
lstrcmpiA
LocalAlloc
GetCurrentProcessId
GlobalDeleteAtom
GlobalAddAtomA
lstrcpynA
lstrlenA
WideCharToMultiByte
GetModuleHandleA
InterlockedIncrement
SetErrorMode
GetTickCount
CreateFileA
GetFileSize
CloseHandle
InterlockedDecrement
GetVersionExA

user32

UpdateWindow
GetSysColor
FillRect
DrawTextExA
DrawFocusRect
PtInRect
LoadBitmapA
GetClassNameA
GetParent
ShowWindow
SetWindowPos
UnpackDDElParam
SystemParametersInfoA
ClientToScreen
GetWindowRect
FindWindowExA
MessageBoxA
GetLastActivePopup
GetActiveWindow
GetSystemMetrics
IntersectRect
CharNextA
ReleaseDC
GetDC
InvalidateRect
RedrawWindow
SetRect
CharPrevA
ReleaseCapture
SetCapture
GetClientRect
GetWindowLongA
SetWindowLongA
SetWindowTextA
EnableWindow
IsRectEmpty
MapWindowPoints
ReuseDDElParam
PostMessageA
GetWindowThreadProcessId
SendMessageA
GetFocus
IsChild
SetFocus
DefWindowProcA
LoadIconA
RegisterClassA
OffsetRect

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

gdi32

CreateFontIndirectA
GetClipBox
GetDCOrgEx
GetStockObject
CreateSolidBrush
CreateCompatibleDC
SelectObject
BitBlt
SetTextColor
SetBkMode
GetObjectA
DeleteDC
GetDeviceCaps
GetTextMetricsA
CreateDCA
DeleteObject
GetTextFaceA
SetBkColor
GetTextExtentPoint32A

comctl32

ord17
InitCommonControlsEx

shell32

ShellExecuteExA
SHGetDesktopFolder
SHGetMalloc

Exports

Exports

RMACreateInstance
RMAShutdown
SetDLLAccessPath

Sections

.text
Size: 348KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

61b908cff586c95ec1b907e4234dcbef

Headers

File Characteristics

Imports

pncrt

kernel32

user32

advapi32

gdi32

comctl32

shell32

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 346KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 31KB

.rmnet Size: 44KB - Virtual size: 44KB

.text
Size: 348KB - Virtual size: 346KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 31KB

.rmnet
Size: 44KB - Virtual size: 44KB