1d3229accc98a9290334c3cbfa021e6a547e8c0f3007854ddac790a9c01819ad

Sharing

Copy URL

Twitter E-mail

General

Target

1d3229accc98a9290334c3cbfa021e6a547e8c0f3007854ddac790a9c01819ad
Size

810KB
MD5

0af5d655b9267e7287f13045599832c0
SHA1

ded8ce6d6a3e40e400b3b37dfd8d9ea16698e8b9
SHA256

1d3229accc98a9290334c3cbfa021e6a547e8c0f3007854ddac790a9c01819ad
SHA512

db9a47e17c0b7986445af43f5249fa413e0bbb6a6e0332d059d50111ef8c491a6db74549fa1e494511bcc901bf40cc68b2a8ace3fa16c125b9327193d8bb21b5
SSDEEP

6144:JPDXtE93UH0DNOeJ2J+wjmF//1EXyYGdj2+pKJHb:JPDXG93UkJw+6mWXyYh+2H

Score

N/A

Malware Config

Signatures

Files

1d3229accc98a9290334c3cbfa021e6a547e8c0f3007854ddac790a9c01819ad
.dll windows x86

4c987d607dff1d0c5e1aad81900eafa8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIfTable

netapi32

NetApiBufferFree
NetWkstaUserGetInfo
NetWkstaGetInfo

advapi32

GetTraceLoggerHandle
RegOverridePredefKey
AddAce
InitializeAcl
SetNamedSecurityInfoW
RegOpenKeyExW
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorSacl
RegQueryValueExW
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSid
GetSecurityDescriptorControl
GetSidLengthRequired
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorDacl
GetAce
GetAclInformation
MakeAbsoluteSD
SetSecurityDescriptorOwner
GetNamedSecurityInfoW
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
ConvertStringSidToSidW
EqualSid
OpenThreadToken
ConvertSidToStringSidW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegNotifyChangeKeyValue
RegDeleteKeyW
RegDeleteValueW
RevertToSelf
ImpersonateSelf
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
DuplicateTokenEx
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
GetUserNameW
GetTraceEnableFlags
GetTraceEnableLevel
RegOpenCurrentUser
StartServiceCtrlDispatcherW
ChangeServiceConfig2W
DeleteService
QueryServiceConfigW
SetServiceStatus
CreateServiceW
RegisterServiceCtrlHandlerW
ChangeServiceConfigW
QueryServiceConfig2W
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ImpersonateLoggedOnUser
DuplicateToken
CryptVerifySignatureW
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
ControlService
QueryServiceStatus

kernel32

GetFileAttributesExW
InterlockedCompareExchange
lstrcpynW
InterlockedDecrement
ExitProcess
GetVersionExW
IsDebuggerPresent
CreateMutexW
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
GetLongPathNameW
CopyFileW
MoveFileExW
GetFileTime
FlushFileBuffers
ReadFile
SetEndOfFile
GetFileSize
GetSystemTimeAsFileTime
CompareFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
VerSetConditionMask
VerifyVersionInfoW
LocalAlloc
OpenProcess
HeapSetInformation
ReadProcessMemory
WaitForMultipleObjectsEx
GetStringTypeExW
TerminateProcess
SetPriorityClass
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ProcessIdToSessionId
SetProcessWorkingSetSize
GetSystemPowerStatus
SetErrorMode
CreateProcessW
DeviceIoControl
GetDiskFreeSpaceExW
GetProcessWorkingSetSize
GetThreadLocale
GetUserDefaultLCID
GetLocaleInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
QueryDosDeviceW
GetLogicalDriveStringsW
GetProcessShutdownParameters
SetProcessShutdownParameters
GetPrivateProfileSectionNamesW
CreateThread
OpenThread
LoadLibraryExW
OpenEventW
SetEnvironmentVariableW
InterlockedIncrement
SetCurrentDirectoryW
QueryPerformanceCounter
lstrlenA
InterlockedExchange
GetCommandLineW
GetStringTypeExA
lstrcmpA
WriteConsoleW
GetStdHandle
SetFilePointerEx
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetCommandLineA
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
RtlUnwind
LoadLibraryA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualQueryEx
RtlCaptureContext
ReleaseSemaphore
CreateSemaphoreW
CreateTimerQueueTimer
DeleteTimerQueueTimer
MultiByteToWideChar
IsProcessorFeaturePresent
MulDiv
GlobalHandle
FormatMessageA
CreateTimerQueue
DeleteTimerQueueEx
GetProcessTimes
GetUserDefaultLangID
GetSystemDefaultLangID
GetComputerNameExW
FlushInstructionCache
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemTime
GetFileSizeEx
UnregisterWaitEx
RegisterWaitForSingleObject
QueryPerformanceFrequency
QueueUserWorkItem
GetCurrentThread
GetTempPathW
GetModuleFileNameW
VirtualQuery
WideCharToMultiByte
GetExitCodeProcess
GetProcAddress
LoadLibraryW
DuplicateHandle
GetCurrentProcess
GetModuleHandleW
WaitForMultipleObjects
GetTempFileNameW
FormatMessageW
GetTickCount
RemoveDirectoryW
GetCurrentDirectoryW
GetFileAttributesW
FindNextFileW
FreeLibrary
DeleteFileW
FindClose
FindFirstFileW
CreateDirectoryW
GetEnvironmentVariableW
OpenMutexW
LocalFree
GetPrivateProfileStringW
GetPrivateProfileIntW
OutputDebugStringA
SetLastError
lstrcmpiW
ReleaseMutex
FindResourceExW
CloseHandle
WaitForSingleObject
LoadResource
LockResource
SetFilePointer
GetCurrentProcessId
SizeofResource
lstrlenW
GetCurrentThreadId
lstrcmpW
Sleep
GetLocalTime
WriteFile
CreateFileW
FindResourceW
RaiseException
GetLastError
OutputDebugStringW
GetProcessId
SetNamedPipeHandleState
TransactNamedPipe
WaitForSingleObjectEx
WaitNamedPipeW

ole32

CoRegisterPSClsid
CoSetProxyBlanket
ReadClassStm
WriteClassStm
OleSaveToStream
CoReleaseServerProcess
CoAddRefServerProcess
CoSuspendClassObjects
CoTaskMemRealloc
CoInitializeEx
CoGetObject
CoImpersonateClient
CoRevertToSelf
CreateStreamOnHGlobal
OleInitialize
CoGetClassObject
OleLockRunning
CLSIDFromProgID
CoTaskMemAlloc
CoRegisterClassObject
CoUninitialize
CoGetCallContext
CoTaskMemFree
CoCreateInstance
IIDFromString
CoCreateGuid
StringFromGUID2
CoInitializeSecurity
CoRevokeClassObject
CLSIDFromString
OleUninitialize
CoResumeClassObjects

user32

CharNextW
LoadStringW
PostThreadMessageW
PostMessageW
SendMessageW
IsWindow
GetSystemMetrics
EnumWindows
CharLowerBuffA
CharNextA
UnregisterClassA
PtInRect
DrawTextW
SetCursor
LoadImageW
GetCursorPos
GetDlgCtrlID
SetLayeredWindowAttributes
EnableMenuItem
GetSystemMenu
DestroyIcon
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
BeginPaint
SetWindowTextW
GetClassNameW
IsWindowVisible
GetWindowThreadProcessId
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
FlashWindow
MessageBoxW
wsprintfW
CharUpperW
CharLowerBuffW
CharLowerW
SystemParametersInfoW
GetWindowRect
GetParent
GetClientRect
GetWindowLongW
MapWindowPoints
AllowSetForegroundWindow
SetWindowPos
CreateWindowExW
DispatchMessageW
TranslateMessage
PostQuitMessage
GetMessageW
PeekMessageW
DestroyWindow
SetForegroundWindow
GetWindow
wvsprintfW
ClientToScreen
EnableWindow
ShowWindow
ScreenToClient
SendDlgItemMessageW
MoveWindow
IsDialogMessageW
GetDlgItem
MapDialogRect
IsChild
GetFocus
SetFocus
GetSysColor
RedrawWindow
SetCapture
CreateDialogIndirectParamW
ReleaseCapture
GetDesktopWindow
RegisterWindowMessageW
DestroyAcceleratorTable
GetWindowTextLengthW
SetWindowContextHelpId
FillRect
InvalidateRect
ReleaseDC
GetDC
WaitForInputIdle
SetTimer
SetWindowLongW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CallWindowProcW
DefWindowProcW
KillTimer
EndPaint

comctl32

InitCommonControlsEx

crypt32

CryptDecodeObjectEx
CryptStringToBinaryA
CryptUnprotectData
CryptMsgClose
CertDuplicateCertificateContext
CryptDecodeObject
CryptMsgGetParam
CryptProtectData
CertCloseStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertGetNameStringW
CryptImportPublicKeyInfo
CryptQueryObject

imagehlp

ImageGetDigestStream

msi

ord141
ord190
ord88

wininet

InternetCloseHandle
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetQueryDataAvailable
HttpSendRequestW
HttpQueryInfoW
InternetReadFile

wintrust

WinVerifyTrust

gdi32

BitBlt
CreateSolidBrush
CreateCompatibleDC
DeleteObject
DeleteDC
GetStockObject
SelectObject
GetObjectW
CreateCompatibleBitmap
GetDeviceCaps
GetTextMetricsW
GetTextExtentExPointW
SetDCPenColor
MoveToEx
LineTo
CreateFontIndirectW
SetBkMode
SetTextColor

Exports

Exports

DllEntry

Sections

.text
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c987d607dff1d0c5e1aad81900eafa8

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

netapi32

advapi32

kernel32

ole32

user32

comctl32

crypt32

imagehlp

msi

wininet

wintrust

gdi32

Exports

Exports

Sections

.text Size: 607KB - Virtual size: 607KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 22KB - Virtual size: 35KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 607KB - Virtual size: 607KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 22KB - Virtual size: 35KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 42KB - Virtual size: 41KB