109c4fed260d7f629e083b5289069bc7f5775d1dc745f4de99acf3e1d1e53516

Sharing

Copy URL Twitter E-mail

General

Target

109c4fed260d7f629e083b5289069bc7f5775d1dc745f4de99acf3e1d1e53516
Size

62KB
MD5

81b7e3618a52e32b922a33fbeee931f0
SHA1

42e982243bf382ceee05074e4a89d6e5e179b105
SHA256

109c4fed260d7f629e083b5289069bc7f5775d1dc745f4de99acf3e1d1e53516
SHA512

e85168b21915e3db9be134bfae8ddd825c09d11ffae271b29ffa76948e7f7682d0d5ea17ba1bc6c813f4b4617b39abb6370e0ce7e636c1ae7bc9f9a140b7f0da
SSDEEP

1536:DkacwvYN4eSJoSMxGvsjjISfLRbBPmo2Tk:WEJGGvKj3bBuoz

Score

N/A

Malware Config

Signatures

Files

109c4fed260d7f629e083b5289069bc7f5775d1dc745f4de99acf3e1d1e53516
.dll windows x86

959bc88f35feb5567ae50c732c1a9e38

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
WaitForSingleObject
GetFileAttributesA
OpenFileMappingA
ExitProcess
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
FlushViewOfFile
GetTickCount
GetTempPathA
ResetEvent
SetEvent
OpenEventA
CreateEventA
HeapFree
GetProcessHeap
HeapAlloc
OpenProcess
ResumeThread
CreateProcessA
ExpandEnvironmentStringsA
VirtualFreeEx
CreateRemoteThread
GetProcAddress
GlobalUnlock
VirtualAllocEx
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryA
FreeLibrary
ReadFile
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
GetFileInformationByHandle
SystemTimeToFileTime
GetLocalTime
RaiseException
InterlockedExchange
LocalAlloc
CreateThread
GetSystemDirectoryA
GetComputerNameA
CreateFileA
GetLastError
Sleep
GetFileSize
WriteFile
SetFilePointer
SetEndOfFile
CloseHandle
GetModuleFileNameA
WriteProcessMemory
WideCharToMultiByte

ws2_32

connect
socket
inet_addr
gethostbyname
htons
send
recv
inet_ntoa
WSAIoctl
WSASocketA
gethostname
WSAStartup
WSAGetLastError
WSACleanup
closesocket

user32

ToAscii
GetKeyboardState
GetKeyNameTextA
GetKeyState
GetWindowTextA
GetParent
GetClassNameA
CloseClipboard
GetClipboardData
GetWindowLongA
SendMessageA
DefWindowProcA
RegisterClassA
SetWindowLongA
CallWindowProcA
GetDesktopWindow
GetSystemMetrics
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
SetClipboardViewer
GetMessageA
TranslateMessage
DispatchMessageA
IsWindow
PostMessageA
DestroyWindow
LoadIconA
EnumChildWindows
CallNextHookEx
MapVirtualKeyA
FindWindowA
LoadCursorA
OpenClipboard

advapi32

SetSecurityDescriptorDacl
GetUserNameA
CreateProcessAsUserA
FreeSid
InitializeAcl
AllocateAndInitializeSid
GetLengthSid
IsValidSid
AddAccessAllowedAce
RegQueryValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor

msvcrt

fwrite
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
wcstombs
fseek
ftell
malloc
realloc
free
atoi
isalpha
_CxxThrowException
_mbsstr
strftime
_mbsicmp
localtime
difftime
_ftol
srand
rand
time
strstr
_mbsnbcmp
sprintf
_mbscmp
strcat
_mbsrev
??3@YAXPAX@Z
memset
??2@YAPAXI@Z
memcpy
strlen
_mbsrchr
strcpy
__CxxFrameHandler
fopen
fread
fclose

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

?g_dwOperation@@3KA
?g_dwTargetPID@@3KA
FlushBuffer
Init
SM
WLEvtLock
WLEvtLogoff
WLEvtLogon
WLEvtShutdown
WLEvtStartScreenSaver
WLEvtStartup
WLEvtStopScreenSaver
WLEvtUnlock

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

959bc88f35feb5567ae50c732c1a9e38

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

advapi32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 3KB

Shared Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 3KB

Shared
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB