846b6732c01857cce723d189518d1e36cc309e2ea4ec4a8b9d55129ecbf4d943

Sharing

Copy URL Twitter E-mail

General

Target

846b6732c01857cce723d189518d1e36cc309e2ea4ec4a8b9d55129ecbf4d943
Size

72KB
MD5

5dbb893b34064ab944121027ef9bd124
SHA1

5c44cfbc505f6c3c2040d1bf6ebaa607ffb99887
SHA256

846b6732c01857cce723d189518d1e36cc309e2ea4ec4a8b9d55129ecbf4d943
SHA512

3d341afaefac40b7badc130cdcf25d3def1f37a76f2198b0e5f86555c77d3147c57e25505e925814795ff8b2fc7433615d7c4929ab289d430c7c899a58f848da
SSDEEP

768:x00KNXn7ZBVF5OqSvaEo1FVfqokfdjCV1FvTHkroQM51f5S18WPLPqiVIgZ:xinL5OqqalVi5fdjm4rHixKLPqiVIi

Score

N/A

Malware Config

Signatures

Files

846b6732c01857cce723d189518d1e36cc309e2ea4ec4a8b9d55129ecbf4d943
.dll windows x86

40ac9ebbc7759d0f89b32b6ab49ba683

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
OpenProcessToken
ConvertSidToStringSidA
GetTokenInformation
OpenThreadToken
LookupAccountSidA
DuplicateTokenEx
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessAsUserA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

ws2_32

htons
socket
recv
send
setsockopt
WSAStartup
closesocket
inet_addr
WSAGetLastError
gethostname
gethostbyname
inet_ntoa
WSACleanup
connect

msvcrt

_adjust_fdiv
malloc
_initterm
_wcslwr
_access
isdigit
rand
free
time
srand
memmove
__CxxFrameHandler
fopen
fclose
isalpha
strstr
atoi
strchr
wcslen
_strlwr
strrchr
exit
sprintf
_snprintf
_except_handler3
strncpy
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

SetEndOfFile
GetSystemTime
Sleep
GetModuleHandleA
LoadLibraryExA
OpenEventA
VirtualFree
VirtualAlloc
CopyFileA
ReleaseSemaphore
LocalAlloc
CreateSemaphoreA
CreateFileA
GetVersion
CreateProcessA
GetWindowsDirectoryA
GetTickCount
OpenThread
LocalFree
OpenProcess
GlobalFree
GetLocalTime
FindNextFileA
SystemTimeToFileTime
CompareFileTime
lstrcmpA
SetFileAttributesA
GetLongPathNameA
GetFileAttributesA
FindClose
GetTempFileNameA
FileTimeToLocalFileTime
MultiByteToWideChar
GetFileTime
GetDriveTypeA
GetDiskFreeSpaceExA
TerminateThread
lstrlenW
GetShortPathNameA
GetEnvironmentVariableA
GetCurrentProcess
GetCurrentThread
DisableThreadLibraryCalls
GetModuleFileNameW
WideCharToMultiByte
CreateDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
MoveFileExA
lstrcmpiA
GetLastError
WriteFile
LoadLibraryA
CloseHandle
DeleteFileA
FreeLibrary
SleepEx
GetProcAddress
lstrcatA
lstrcpyA
ReadFile
lstrcpynA
GetFileSize
ExitThread
CreateThread
WaitForSingleObject
MoveFileA
GetComputerNameA
GetVersionExA
GlobalMemoryStatus
lstrlenA

user32

GetMessageA
wsprintfA
PeekMessageA

winhttp

WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCloseHandle

shlwapi

wnsprintfA
wvnsprintfA
StrStrIA
StrToIntA

wininet

HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA

dnsapi

DnsQuery_A
DnsRecordListFree

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

userenv

UnloadUserProfile
LoadUserProfileA

Exports

Exports

CRestart
CRestartA
ServiceMain

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40ac9ebbc7759d0f89b32b6ab49ba683

Headers

File Characteristics

Imports

advapi32

ws2_32

msvcrt

kernel32

user32

winhttp

shlwapi

wininet

dnsapi

wtsapi32

userenv

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 6KB - Virtual size: 58KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 6KB - Virtual size: 58KB

.reloc
Size: 5KB - Virtual size: 5KB