597fe0051c6069fccc13d90740a726499a0417b725a198553875a26aa6add17e

Sharing

Copy URL Twitter E-mail

General

Target

597fe0051c6069fccc13d90740a726499a0417b725a198553875a26aa6add17e
Size

166KB
MD5

0d135cd876666da330c94fb00c00f2de
SHA1

263fa4e8def5b7442ac8fb770e0374716570d585
SHA256

597fe0051c6069fccc13d90740a726499a0417b725a198553875a26aa6add17e
SHA512

e73680e091d397cbdc29b2bd073cb9c9df66e46edefbe1bb6261240f28700f35a35f6c96ff769de4fe8a622e8035fd924254e54e8ea6544df870cb0ef738cf42
SSDEEP

3072:HmldDPvDRpSh8M9Ur0qwFtsHetjgi1K9DTgveykJohPY1Y2lheWr4c3d:Gl9LDnH494HHiw9IeVJolY1JKWrd

Score

N/A

Malware Config

Signatures

Files

597fe0051c6069fccc13d90740a726499a0417b725a198553875a26aa6add17e
.dll windows x86

7bcda1a37b23936b3f75c02dd3aab71e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

towupper
wcschr
wcsrchr
memset
towlower
iswalpha
_wcsnicmp
_wcsicmp
RtlUnwind

ole32

CLSIDFromString

kernel32

GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryW
InterlockedCompareExchange
InterlockedExchange
LoadLibraryW
GetFileAttributesW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
lstrlenW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
FormatMessageW
FindNextFileW
CloseHandle
FindFirstFileW
FindClose
FileTimeToSystemTime
ExitProcess
LocalFree

advapi32

OpenServiceW
LookupPrivilegeValueW
LsaQueryTrustedDomainInfoByName
MakeAbsoluteSD
OpenProcessToken
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
CloseServiceHandle
AdjustTokenPrivileges
InitiateSystemShutdownExW

user32

LoadStringW
CharNextW
CharPrevW

shell32

SHGetInstanceExplorer
SHGetFolderPathW
ExtractAssociatedIconW

msvcrt

_amsg_exit
__setusermatherr
_cexit
__p__fmode
__p__commode
_CIasin
_controlfp
_initterm
exit
fputs
fputws
strerror
__set_app_type
wprintf

setupapi

CM_Connect_MachineW
CM_Delete_Class_Key
CM_Disconnect_Machine
CM_Free_Log_Conf_Handle
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_ExW
CM_Get_Next_Res_Des_Ex
CM_Get_Res_Des_Data_Ex
CM_Is_Version_Available_Ex
CM_Locate_DevNode_ExW
CM_Reenumerate_DevNode_Ex
SetupCloseInfFile
SetupCopyOEMInfW
SetupDiBuildClassInfoListExW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiClassGuidsFromNameExW
SetupDiClassNameFromGuidExW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoListExW
SetupDiCreateDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoW
SetupDiGetClassDescriptionExW
SetupDiGetClassDevsExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInstallParamsW
SetupDiOpenClassRegKeyExW
SetupDiRemoveDevice
SetupDiSetClassInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupOpenFileQueue
SetupOpenInfFileW
SetupGetStringFieldW

Exports

Exports

AOpen
DBUtilities
FInitializeRichEdit
GetSystemParameter
PszEscapeMenuStringA

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bcda1a37b23936b3f75c02dd3aab71e

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ole32

kernel32

advapi32

user32

shell32

msvcrt

setupapi

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 9KB - Virtual size: 10KB

.rsrc Size: 15KB - Virtual size: 14KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 9KB - Virtual size: 10KB

.rsrc
Size: 15KB - Virtual size: 14KB