9f9fe5639e141ba3885772c6973beadb247c163405a83be6dfd411f023630621

Sharing

Copy URL

Twitter E-mail

General

Target

9f9fe5639e141ba3885772c6973beadb247c163405a83be6dfd411f023630621
Size

189KB
MD5

c3b69337234a12d615333b76db26005f
SHA1

b99ce27ef5ec8ce09ff2a41d668a3fe3607bdc34
SHA256

9f9fe5639e141ba3885772c6973beadb247c163405a83be6dfd411f023630621
SHA512

2365b13e3724f9d3e38f7529e53ff4500c5305eb0392bfda6a9027cc29a2646759d225f0f6dee5636fb6d41167155b673a01ca817fb5c25c73ac57e045de1ee4
SSDEEP

3072:Y/+ogpPrqZTXuwvjzWxpf/tvI4ZhU16TXGvaOln7YFVU8nVnqZYP70YnUCwNEHiq:VtqZTXuwvPuJlZhA4O1YbUa8Yj0YnUzO

Score

N/A

Malware Config

Signatures

Files

9f9fe5639e141ba3885772c6973beadb247c163405a83be6dfd411f023630621
.dll windows x86

3a3e3c2cb1ae22efeb1bf56d7f814c91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SheSetCurDrive
SHUpdateRecycleBinIcon
SHGetFolderPathW

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

CheckTokenMembership
SetSecurityDescriptorDacl
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueW
OpenProcessToken
InitializeAcl
GetUserNameW
AddAccessDeniedAce
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
GetLengthSid

kernel32

WriteFile
WriteProcessMemory
_lcreat
lstrcmpiW
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
SetCommMask
CancelIo
ClearCommError
CloseHandle
ConnectNamedPipe
ContinueDebugEvent
ConvertThreadToFiber
CreateDirectoryW
CreateEventA
CreateFiber
CreateFileA
CreateFileMappingA
CreateNamedPipeW
CreateRemoteThread
CreateSemaphoreA
CreateThread
DebugActiveProcess
DebugBreak
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeviceIoControl
DisableThreadLibraryCalls
DuplicateHandle
EnterCriticalSection
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FreeLibrary
GetCommMask
GetCommModemStatus
GetCommState
GetCommTimeouts
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetExitCodeProcess
GetFileSize
GetFileSizeEx
GetFileTime
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOverlappedResult
GetPriorityClass
GetProcAddress
GetProcessHeap
GetProcessTimes
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetThreadContext
GetThreadPriority
GetThreadSelectorEntry
GetThreadTimes
GetTickCount
GetVersionExA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
OpenEventW
OpenFileMappingW
OpenProcess
OutputDebugStringA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadFile
ReadProcessMemory
ReleaseSemaphore
ResetEvent
ResumeThread
RtlUnwind
WaitForDebugEvent
SetCommState
SetCommTimeouts
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetLastError
SetThreadContext
SetUnhandledExceptionFilter
SetupComm
SizeofResource
Sleep
SleepEx
SuspendThread
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
TerminateThread
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQueryEx
WaitCommEvent
WaitNamedPipeW

msvcrt

_CIfmod
_XcptFilter
__CxxFrameHandler
__RTCastToVoid
__dllonexit
__doserrno
_amsg_exit
_cscanf
_errno
_fileno
_flushall
_hypot
_initterm
_iob
_isatty
_itoa
_itow
_lock
_lseeki64
_onexit
_open_osfhandle
_purecall
_snprintf
_snwprintf
_spawnlp
_strlwr
_strnicmp
_unlock
_vsnprintf
_vsnwprintf
_wcsdup
_wcsicmp
_wcslwr
_wcsnicmp
_wcsupr
_wctime
_wfopen
_write
_wsetlocale
_wtmpnam
_wtol
atoi
atol
calloc
ctime
fclose
feof
fgets
fgetws
fprintf
free
frexp
fseek
isprint
isspace
iswalnum
iswalpha
iswdigit
iswspace
iswupper
iswxdigit
ldexp
localeconv
malloc
memcpy
memmove
memset
printf
qsort
realloc
strchr
strncat
strncmp
strrchr
strstr
strtoul
swscanf
time
towlower
towupper
wcschr
wcsncmp
wcsncpy
wcsrchr
wcsstr
wcstoul
wctomb

Exports

Exports

AGetReport
DeleteTempFileOnShutdown
GetLogInfo
MessageBoxInst
OpenDatabase

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a3e3c2cb1ae22efeb1bf56d7f814c91

Headers

DLL Characteristics

File Characteristics

Imports

shell32

version

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 15KB - Virtual size: 15KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 12KB - Virtual size: 12KB