70e7574fa1d66153746aca6b4893dd8ab24fab354c02eee7912c4035da715fb8

Sharing

Copy URL Twitter E-mail

General

Target

70e7574fa1d66153746aca6b4893dd8ab24fab354c02eee7912c4035da715fb8
Size

25KB
MD5

0b6e2dfe28dd4b4d5c725e21570559c0
SHA1

b72d8478fde391189132960cd1a5952b43cb5176
SHA256

70e7574fa1d66153746aca6b4893dd8ab24fab354c02eee7912c4035da715fb8
SHA512

be86dfc6ec49b81aba5b5d9aaa091e5f38d825cfe6811f8a2f6d87b8ddfef68f0b3f3d1eef333f77ec039d608e8a8eb49c3d4ff7ccfb77a12f3d91614988fd09
SSDEEP

768:6gEuNr9nAPOwtueEN7I4ieoVIpKVBtUgr:6gEIN6qieoVIpK7Gg

Score

N/A

Malware Config

Signatures

Files

70e7574fa1d66153746aca6b4893dd8ab24fab354c02eee7912c4035da715fb8
.dll windows x86

7e6098c1e6bfbfb34770b954d985cc80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
htons
recv
gethostbyname
send
socket
closesocket
WSAStartup
WSACleanup

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

kernel32

SetEvent
InitializeCriticalSection
OpenProcess
CreateProcessA
GetProcAddress
GetTempFileNameA
lstrcpyA
DeleteCriticalSection
GetVersionExA
GetTempPathA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
VirtualProtect
Sleep
CreateEventA
GetModuleFileNameA
WaitForSingleObject
MoveFileExA
GetSystemDirectoryA
GetEnvironmentVariableA
FindFirstFileA
CopyFileA
FindClose
FindNextFileA
GetSystemTime
GetTickCount
VirtualFree
CloseHandle
lstrcmpiA
lstrcatA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetLastError
FreeLibrary
CreateThread
GetLocaleInfoA
LoadLibraryA

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyA
RegOpenKeyA
RegSetValueExA
RegCloseKey
CryptDecrypt
CryptDestroyKey
CryptGenKey
RegEnumKeyA
RegCreateKeyExA
RegQueryValueExA
CryptHashData
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptAcquireContextW
CryptExportKey
CryptGetHashParam
CryptDestroyHash

Exports

Exports

?AttachModule@@YGXPBUModuleInfo@@@Z
?CallCore@@YGXXZ
Update

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e6098c1e6bfbfb34770b954d985cc80

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

psapi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 104B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 104B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB