558f641aa1ff7cbe32adc176368b65561b5edd707f3feb5e01c6c24af32d213b

Sharing

Copy URL Twitter E-mail

General

Target

558f641aa1ff7cbe32adc176368b65561b5edd707f3feb5e01c6c24af32d213b
Size

149KB
MD5

a856ae78c8efa9e130d00e676639e510
SHA1

7d8618e238d0f751a4f6de0e570bcfb9389bd5be
SHA256

558f641aa1ff7cbe32adc176368b65561b5edd707f3feb5e01c6c24af32d213b
SHA512

f91aa2d27a67c90cf9dc2cea4ccd29b9e000181e279b905c2429b1009403dead740e17e851d0692765a2dbee6e0695cb46fff0a2a15f2a16c79b095e6a8f9210
SSDEEP

1536:pxnCENZpCpcRtLfvtLR4qodvJZy6RdNPJq4+hVr40ce2Qu5i6u4ZKHjIwXIlGtPn:miLR4JLZT+JIeG5ij4C/rWTb9GWpo

Score

N/A

Malware Config

Signatures

Files

558f641aa1ff7cbe32adc176368b65561b5edd707f3feb5e01c6c24af32d213b
.dll windows x86

5671b1367d35d63d8e85a6d2822b683c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
PeekNamedPipe
SetErrorMode
MultiByteToWideChar
CreateThread
GetFileSize
GetPrivateProfileStringA
lstrcmpA
lstrcmpiA
LoadLibraryA
FreeLibrary
LocalAlloc
RaiseException
GetLocalTime
GetLastError
WideCharToMultiByte
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
Sleep
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
InitializeCriticalSection

user32

GetWindowTextA
wsprintfA
DestroyCursor
MapVirtualKeyA
LoadCursorA
SetCapture
WindowFromPoint
SetCursorPos
EmptyClipboard
GetSystemMetrics
SetRect
GetDC
ReleaseDC
GetCursorPos
IsWindowVisible
PostMessageA
CreateWindowExA
CloseWindow
SendMessageA
IsWindow
MessageBoxA

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

LookupAccountSidA
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
GetTokenInformation

shell32

SHGetSpecialFolderPathA

ws2_32

WSAStartup
connect
htons
closesocket
recvfrom
inet_ntoa
WSACleanup
getpeername
getsockname
bind
inet_addr
recv
__WSAFDIsSet
ioctlsocket
send
select
ntohs
socket

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

msvfw32

ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSeqCompressFrame

netapi32

NetUserAdd
NetLocalGroupAddMembers

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory
WTSQueryUserToken

userenv

CreateEnvironmentBlock

msvcrt

_strnicmp
free
strcmp
malloc
strchr
??2@YAPAXI@Z
memset
strcpy
__CxxFrameHandler
strstr
_ftol
ceil
memcpy
strlen
strcat
wcscpy
strncat
_adjust_fdiv
_initterm
_strupr
_strnset
_stricmp
_beginthreadex
strrchr
_except_handler3
strncpy
atoi
strncmp
_snprintf
_errno
wcstombs

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

Go
Heart
On
ServiceMain
StartMe
start007

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEx
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5671b1367d35d63d8e85a6d2822b683c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcp60

msvfw32

netapi32

wtsapi32

userenv

msvcrt

psapi

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 104KB

PAGEx Size: 1KB - Virtual size: 1KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 15KB - Virtual size: 95KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 104KB - Virtual size: 104KB

PAGEx
Size: 1KB - Virtual size: 1KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 15KB - Virtual size: 95KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 20KB - Virtual size: 20KB