d195895f54daf488d7ff30c515a0ec9ec8a4ece9e7daf84076f5845865048cd7

Sharing

Copy URL

Twitter E-mail

General

Target

d195895f54daf488d7ff30c515a0ec9ec8a4ece9e7daf84076f5845865048cd7
Size

449KB
MD5

34f8dd9b142afba0f8c9fbd79d17cb50
SHA1

31d8cffdfad7fc209b23e654259628537a70883f
SHA256

d195895f54daf488d7ff30c515a0ec9ec8a4ece9e7daf84076f5845865048cd7
SHA512

031f080c91cefc5679b7649d3cffc0d54803bf250c3dd60ef7c9a4be89223c50d05a3186a9d0a9c48af237eda7f42b9ea34523a94bcdbfc3f0b953cdadf0e7ab
SSDEEP

6144:BusFqY6mmt6rXZeQyFaOetafTqjXfbZLbLJSADyqNDpd3aWq:BusFqY6mc6rpeQyF2zf9LbLHDyoL3X

Score

N/A

Malware Config

Signatures

Files

d195895f54daf488d7ff30c515a0ec9ec8a4ece9e7daf84076f5845865048cd7
.dll windows x86

1d99c48cf7d6b1674092b82b2aa2ead8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetProfileStringW
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
LocalAlloc
LocalFree
OutputDebugStringA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
lstrcpyA
lstrlenA
CloseHandle
CreateEventA
CreateEventW
CreateThread
FindFirstChangeNotificationW
FreeLibrary
GetProcAddress
InterlockedDecrement
IsSystemResumeAutomatic
LoadLibraryW
OpenProcess
SetEvent
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteProfileStringA
lstrcatA
lstrcpyW
lstrcpynW
lstrlenW
DisconnectNamedPipe
FlushInstructionCache
GetModuleFileNameW
GetModuleHandleW
GetProcessHeap
GetTapeParameters
HeapDestroy
LoadLibraryA
SetComputerNameA
VirtualAlloc
VirtualFree
lstrcmpiW
FormatMessageW
GetCurrencyFormatW
GetCurrentThread
GetShortPathNameA
GetVersionExW
InterlockedIncrement
IsBadHugeReadPtr
ResetWriteWatch
lstrcmpW
CreateMutexA
DeviceIoControl
EnumResourceTypesW
FindResourceExW
FreeLibraryAndExitThread
GetCommState
LockFile
MapUserPhysicalPages
ReleaseMutex
ResetEvent
SetCommState
SetupComm
lstrcpynA
ConnectNamedPipe
ConvertThreadToFiber
FindResourceA
GetProcessAffinityMask
InterlockedCompareExchange
InterlockedExchange
VirtualProtectEx
GetCPInfo
GetLastError
HeapFree
HeapAlloc
CompareStringA
MultiByteToWideChar
CompareStringW
GetDriveTypeA
GetFullPathNameA
GetFileType
CreateFileW
ExitProcess
GetConsoleCP
ReadConsoleInputA
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
CreateFileA
DeleteFileA
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
GetCommandLineA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetModuleHandleA
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
HeapCreate
FatalAppExitA
HeapReAlloc
WriteFile
GetModuleFileNameA
GetFileAttributesA
GetLocaleInfoA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetStdHandle
SetEndOfFile
ReadFile
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
HeapSize
PeekConsoleInputA
GetNumberOfConsoleInputEvents
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
RaiseException
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileAttributesW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
GetTimeZoneInformation
GetExitCodeProcess
CreateProcessA
CreateProcessW
SetEnvironmentVariableA
SetEnvironmentVariableW

oleaut32

OleLoadPictureEx
SafeArrayPutElement
VarCyFromStr
VarFormat
VarUI1FromUI4
DosDateTimeToVariantTime
SafeArrayRedim
VarParseNumFromStr
VarR4FromR8
VarDateFromBool
VarDecMul
VarI1FromStr
VarUI2FromUI1
VarUI4FromUI2
CreateTypeLib2
VarCyInt
VarI1FromR4

rpcrt4

RpcMgmtEpEltInqNextW
I_RpcBindingIsClientLocal
NdrConformantArrayMemorySize
NdrPointerMemorySize
RpcCertGeneratePrincipalNameW
NdrAllocate
NdrServerUnmarshall
I_RpcBindingInqTransportType
NdrConformantVaryingArrayBufferSize
NdrSimpleStructFree
RpcBindingServerFromClient
RpcSsDisableAllocate
NdrAsyncClientCall
NdrMesTypeAlignSize
RpcServerInqBindings
RpcObjectSetType

shell32

SHAddToRecentDocs
SHBindToParent
SHGetPathFromIDList
SHCreateProcessAsUserW
ExtractAssociatedIconExW

user32

CharUpperBuffA
LoadStringA
ScrollDC
wsprintfA
CharNextW
CharPrevW
GetMenuItemID
PeekMessageA
wsprintfW
DestroyAcceleratorTable
DialogBoxParamW
DlgDirListComboBoxA
EndDialog
GetCaretBlinkTime
GetDC
GetFocus
GetGUIThreadInfo
GetLastInputInfo
GetMenu
InvalidateRect
IsChild
ReleaseDC
SetFocus
ShowWindow
DdeQueryStringW
EnumDisplaySettingsA
GetClassLongA
GetClipboardFormatNameW
GetKeyNameTextA
LoadStringW
LookupIconIdFromDirectoryEx
MonitorFromPoint
SetThreadDesktop
AppendMenuA
DispatchMessageA
EnumChildWindows
GetClientRect
GetInputState
GetMessageA
OemToCharBuffA
PostThreadMessageA
RemoveMenu
TranslateMessage
GetKeyboardState
GetSystemMetrics
SetPropW

Exports

Exports

Hafcvle

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d99c48cf7d6b1674092b82b2aa2ead8

Headers

File Characteristics

Imports

kernel32

oleaut32

rpcrt4

shell32

user32

Exports

Exports

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 42KB - Virtual size: 55KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 42KB - Virtual size: 55KB

.reloc
Size: 14KB - Virtual size: 14KB