8aed299d5b2a74784880489962773115a06366231129b73720a4944e0634862f

Sharing

Copy URL Twitter E-mail

General

Target

8aed299d5b2a74784880489962773115a06366231129b73720a4944e0634862f
Size

140KB
MD5

1491aef861bcc07479c073cbd8d4a9d7
SHA1

4ed0966f81659577d02ca7a79f4f79cb8f14dceb
SHA256

8aed299d5b2a74784880489962773115a06366231129b73720a4944e0634862f
SHA512

f0325124cbab457b5ff05303a1c107b6e2a54b00a822fc8915d99fd6b58d62c848ce970f2a44e7cda6db8ae8e0f87560f78ceb4f7441faff0a5afc910fd66572
SSDEEP

3072:97TBfggrMHzp9LYO+8+X0j5vJAawmXcTq7nT:97TB1szpMMYaw2cq7nT

Score

N/A

Malware Config

Signatures

Files

8aed299d5b2a74784880489962773115a06366231129b73720a4944e0634862f
.dll windows x86

c474af6793ce3befa0f3db0f6ccc626d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

kernel32

GetFileTime
GetWindowsDirectoryA
TerminateProcess
PeekNamedPipe
CreateProcessA
CopyFileA
GetTempPathA
GetEnvironmentVariableA
CreatePipe
GetVersion
ExpandEnvironmentStringsA
LocalAlloc
RemoveDirectoryW
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
lstrcatA
GetSystemDirectoryA
CreateFileW
MoveFileW
LoadLibraryW
GetStartupInfoW
CreateDirectoryW
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
GetDriveTypeA
GetCurrentProcessId
ReleaseMutex
CreateMutexA
OpenMutexA
SetFileTime
GlobalMemoryStatus
CompareFileTime
GetCurrentThread
MoveFileExA
WinExec
GetShortPathNameA
MoveFileA
CreateDirectoryA
SetFileAttributesA
VirtualFree
DeviceIoControl
FindCloseChangeNotification
FindFirstChangeNotificationA
lstrcmpiA
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
GetComputerNameA
GetModuleFileNameA
SetEvent
ResumeThread
CreateThread
Sleep
GetTickCount
WriteFile
CreateFileA
MultiByteToWideChar
WideCharToMultiByte
SetUnhandledExceptionFilter
ReadFile
SetFilePointer
GetFileSize
FormatMessageA
LocalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetLogicalDriveStringsA
VirtualAlloc
FindClose
FindNextFileA
FindFirstFileA
GetVersionExA
GetCurrentProcess
GetLocalTime
ReadProcessMemory
OpenProcess
GetModuleHandleA
GetCurrentThreadId
GetLastError
SetEndOfFile
InterlockedExchange
SetLastError
lstrcpyA
lstrcmpA
lstrcpynA
GetProcAddress
lstrlenA
LoadLibraryA
CreateToolhelp32Snapshot
Process32First
Process32Next
DeleteFileA

user32

CloseClipboard
SetClipboardData
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA
DestroyWindow
IsWindow
EnumWindows
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
BlockInput
SetWindowTextA
AttachThreadInput
GetFocus
GetClassNameA
RegisterClassExA
EmptyClipboard
ShowWindow
UpdateWindow
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
CloseWindowStation
CloseDesktop
PostQuitMessage
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
KillTimer
SetTimer
DefWindowProcA
GetForegroundWindow
GetWindowTextA
GetKeyState
VkKeyScanA
GetKeyboardState
SetForegroundWindow
PostMessageA
GetLastInputInfo
SendMessageA
IsWindowVisible
GetUserObjectInformationA
OpenDesktopA
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
CreateWindowExA
ReleaseDC
CallNextHookEx
GetClientRect
IsCharAlphaNumericA
GetWindow

gdi32

DeleteDC
CreateCompatibleDC
GetDIBits
CreateCompatibleBitmap
BitBlt
DeleteObject
SelectObject
CreateDIBSection

advapi32

GetUserNameA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegQueryInfoKeyA
RegEnumValueA
RegCloseKey
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CloseServiceHandle
CreateServiceA
OpenSCManagerA
ChangeServiceConfig2A
ChangeServiceConfigA
QueryServiceConfigA
OpenServiceA
DeleteService
QueryServiceStatus
ControlService
StartServiceA
QueryServiceConfig2A
EnumServicesStatusA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx
DuplicateToken

shell32

SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathA
ord680
ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysFreeString
SysAllocStringLen
GetErrorInfo

msvcrt

memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
__CxxFrameHandler
memcmp
strcpy
strlen
strcat
??1type_info@@UAE@XZ
mbstowcs
strchr
strstr
wcslen
tolower
strcmp
strrchr
toupper
_strnicmp
malloc
free
atoi
printf
wcsstr
wcschr
wcscat
sprintf
wcscpy
_initterm
_adjust_fdiv
_strlwr
_stricmp
_CxxThrowException
rename

winmm

waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutClose

crypt32

CryptUnprotectData

ws2_32

gethostname
getsockname
ioctlsocket
send
WSAGetLastError
inet_addr
accept
gethostbyname
connect
htons
htonl
setsockopt
bind
listen
socket
getpeername
inet_ntoa
ntohs
select
__WSAFDIsSet
recv
WSAStartup
closesocket

rpcrt4

UuidFromStringA

shlwapi

SHGetValueA
StrStrIA
SHDeleteValueA
SHSetValueA
SHDeleteKeyA
SHDeleteEmptyKeyA
SHRegGetPathA

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c474af6793ce3befa0f3db0f6ccc626d

Headers

File Characteristics

Imports

avicap32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcrt

winmm

crypt32

ws2_32

rpcrt4

shlwapi

psapi

Sections

.data Size: 128KB - Virtual size: 128KB

.reloc Size: 8KB - Virtual size: 8KB

.data
Size: 128KB - Virtual size: 128KB

.reloc
Size: 8KB - Virtual size: 8KB