4fcd3d08fb8aa3d567a7edc7cef6cd17d76f35112bb9bd038a4ac21bba6c57c0

Sharing

Copy URL Twitter E-mail

General

Target

4fcd3d08fb8aa3d567a7edc7cef6cd17d76f35112bb9bd038a4ac21bba6c57c0
Size

340KB
MD5

9ddc6b481750ee8da9979b7ea7d9ae70
SHA1

90208a308ca42e71f0dc8e675a6abb46ae8eb47c
SHA256

4fcd3d08fb8aa3d567a7edc7cef6cd17d76f35112bb9bd038a4ac21bba6c57c0
SHA512

acae41a3b830f42efcabfcfd2f67982d487fdc77ea0b54951c7fcee96b89ccfc0a2111ea4c1f1f9dca3b6294797a54d32b613b4fe9de75092d26432d15b75c5d
SSDEEP

3072:jZgUwIY1rAA50CiEeHuNYmM7N+VHLRdlEzE+A7NLiYqnyHvzgZ+q7hkaA5t5B5WS:jZtwnlF5BiuNsGcfA7HqyHi+qDA9fW3

Score

N/A

Malware Config

Signatures

Files

4fcd3d08fb8aa3d567a7edc7cef6cd17d76f35112bb9bd038a4ac21bba6c57c0
.dll windows x86

1b1ed6066b71bd144bd31eb6685a614d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetCurrentHwProfileA
OpenProcessToken
OpenThreadToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
SetServiceStatus
SetThreadToken
RegOpenKeyExA
RegQueryValueExA
DuplicateEncryptionInfoFile
QueryServiceLockStatusW
ReportEventW
ElfOpenEventLogW
AreAllAccessesGranted
BuildExplicitAccessWithNameW
CryptSetProviderExA
EncryptFileA
ReadEncryptedFileRaw

gdi32

GetTextAlign
GetEnhMetaFileHeader
ResetDCA
ResetDCW

kernel32

CloseHandle
CreateEventW
CreateThread
ExpandEnvironmentStringsW
FlushInstructionCache
FreeLibrary
FreeLibraryAndExitThread
GetComputerNameW
GetCurrentProcess
GetCurrentThread
GetDriveTypeW
GetLogicalDrives
GetProcAddress
GetTickCount
InterlockedCompareExchange
InterlockedExchange
IsBadWritePtr
LoadLibraryA
LoadLibraryExW
LocalAlloc
LocalFree
LocalSize
OpenEventW
OpenMutexA
QueryDosDeviceW
ResetEvent
ResumeThread
SetEvent
Sleep
TerminateThread
VirtualAllocEx
WaitForSingleObject
VirtualAlloc
DisableThreadLibraryCalls
FindClose
FindNextFileW
GetModuleFileNameW
GetSystemTimeAsFileTime
GetThreadContext
InterlockedIncrement
Module32NextW
ReleaseSemaphore
SwitchToThread
VirtualQuery
IsDebuggerPresent
CreateEventA
CreateIoCompletionPort
GetCommConfig
GetCurrentThreadId
InterlockedDecrement
OutputDebugStringA
PostQueuedCompletionStatus
Process32FirstW
ReadFile
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
UnlockFile
CompareStringA
WideCharToMultiByte
GetLastError
CompareStringW
HeapFree
HeapAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadConsoleA
GetConsoleCP
ReadConsoleW
SetConsoleMode
GetConsoleMode
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLocaleInfoA
ReadConsoleInputA
ReadConsoleInputW
RaiseException
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetFileAttributesA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
ExitProcess
SetEnvironmentVariableA
SetEnvironmentVariableW
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
GetTimeFormatA
GetDateFormatA
CreateFileA
SetStdHandle
GetFileType
SetFilePointer
SetHandleCount
GetStartupInfoA
LCMapStringA
LCMapStringW
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
PeekConsoleInputA
GetNumberOfConsoleInputEvents
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSection
SetConsoleCtrlHandler
HeapSize
GetTimeZoneInformation
GetExitCodeProcess
CreateProcessA
GetLocaleInfoW
FlushFileBuffers
CreateProcessW
GetFileAttributesW

ole32

SetConvertStg
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoRegisterClassObject

oleaut32

VarSu
VarParseNumFromStr
VarI2FromI4
OleLoadPicture

rpcrt4

RpcSmSwapClientAllocFree
NdrConformantVaryingStructUnmarshall
RpcBindingSetAuthInfoW
RpcServerUseProtseqEpW
NdrComplexStructFree
NdrFullPointerQueryPointer
RpcAsyncAbortCall
RpcBindingSetObject

user32

GetSysColorBrush
TranslateAccelerator
wsprintfA
ChangeClipboardChain
GetInputDesktop
DestroyAcceleratorTable
GetDlgCtrlID
LoadStringW
MessageBoxExW
PostThreadMessageW
wsprintfW
MoveWindow
AnyPopup

Exports

Exports

bropwwc

Sections

.text
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b1ed6066b71bd144bd31eb6685a614d

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

rpcrt4

user32

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 233KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 20KB - Virtual size: 30KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 236KB - Virtual size: 233KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 20KB - Virtual size: 30KB

.reloc
Size: 12KB - Virtual size: 10KB