1ffe25b018e2e7089d1507f857c64460861653ea7474eba5ef71b859f273154c

Sharing

Copy URL

Twitter E-mail

General

Target

1ffe25b018e2e7089d1507f857c64460861653ea7474eba5ef71b859f273154c
Size

450KB
MD5

32a6703c98469ead044791c0db6611b0
SHA1

59c75f63c253e5ccc9ff9750aa2abe92571c73c2
SHA256

1ffe25b018e2e7089d1507f857c64460861653ea7474eba5ef71b859f273154c
SHA512

5d7afc1d580ae99829ec3fb1c7cd150ea4af0ebaacbbb68455d9d94fc1a98f0e74a48eaa019a51756614ac2f689e6c307d7ea25586461458f87a8b1b63a6a8e7
SSDEEP

6144:0FKqY6ImTWIOp5EHykl5hFZPTXveNtPHSMjy1Q4iNF9opBZ:0FKqY6IDIObEHykXpDv2tPH5c2yz

Score

N/A

Malware Config

Signatures

Files

1ffe25b018e2e7089d1507f857c64460861653ea7474eba5ef71b859f273154c
.dll windows x86

1d99c48cf7d6b1674092b82b2aa2ead8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetProfileStringW
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
LocalAlloc
LocalFree
OutputDebugStringA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
lstrcpyA
lstrlenA
CloseHandle
CreateEventA
CreateEventW
CreateThread
FindFirstChangeNotificationW
FreeLibrary
GetProcAddress
InterlockedDecrement
IsSystemResumeAutomatic
LoadLibraryW
OpenProcess
SetEvent
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteProfileStringA
lstrcatA
lstrcpyW
lstrcpynW
lstrlenW
DisconnectNamedPipe
FlushInstructionCache
GetModuleFileNameW
GetModuleHandleW
GetProcessHeap
GetTapeParameters
HeapDestroy
LoadLibraryA
SetComputerNameA
VirtualAlloc
VirtualFree
lstrcmpiW
FormatMessageW
GetCurrencyFormatW
GetCurrentThread
GetShortPathNameA
GetVersionExW
InterlockedIncrement
IsBadHugeReadPtr
ResetWriteWatch
lstrcmpW
CreateMutexA
DeviceIoControl
EnumResourceTypesW
FindResourceExW
FreeLibraryAndExitThread
GetCommState
LockFile
MapUserPhysicalPages
ReleaseMutex
ResetEvent
SetCommState
SetupComm
lstrcpynA
ConnectNamedPipe
ConvertThreadToFiber
FindResourceA
GetProcessAffinityMask
InterlockedCompareExchange
InterlockedExchange
VirtualProtectEx
GetCPInfo
GetLastError
HeapFree
HeapAlloc
CompareStringA
MultiByteToWideChar
CompareStringW
GetDriveTypeA
GetFullPathNameA
GetFileType
CreateFileW
ExitProcess
GetConsoleCP
ReadConsoleInputA
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
CreateFileA
DeleteFileA
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
GetCommandLineA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetModuleHandleA
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
HeapCreate
FatalAppExitA
HeapReAlloc
WriteFile
GetModuleFileNameA
GetFileAttributesA
GetLocaleInfoA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetStdHandle
SetEndOfFile
ReadFile
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
HeapSize
PeekConsoleInputA
GetNumberOfConsoleInputEvents
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
RaiseException
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileAttributesW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
GetTimeZoneInformation
GetExitCodeProcess
CreateProcessA
CreateProcessW
SetEnvironmentVariableA
SetEnvironmentVariableW

oleaut32

OleLoadPictureEx
SafeArrayPutElement
VarCyFromStr
VarFormat
VarUI1FromUI4
DosDateTimeToVariantTime
SafeArrayRedim
VarParseNumFromStr
VarR4FromR8
VarDateFromBool
VarDecMul
VarI1FromStr
VarUI2FromUI1
VarUI4FromUI2
CreateTypeLib2
VarCyInt
VarI1FromR4

rpcrt4

RpcMgmtEpEltInqNextW
I_RpcBindingIsClientLocal
NdrConformantArrayMemorySize
NdrPointerMemorySize
RpcCertGeneratePrincipalNameW
NdrAllocate
NdrServerUnmarshall
I_RpcBindingInqTransportType
NdrConformantVaryingArrayBufferSize
NdrSimpleStructFree
RpcBindingServerFromClient
RpcSsDisableAllocate
NdrAsyncClientCall
NdrMesTypeAlignSize
RpcServerInqBindings
RpcObjectSetType

shell32

SHAddToRecentDocs
SHBindToParent
SHGetPathFromIDList
SHCreateProcessAsUserW
ExtractAssociatedIconExW

user32

CharUpperBuffA
LoadStringA
ScrollDC
wsprintfA
CharNextW
CharPrevW
GetMenuItemID
PeekMessageA
wsprintfW
DestroyAcceleratorTable
DialogBoxParamW
DlgDirListComboBoxA
EndDialog
GetCaretBlinkTime
GetDC
GetFocus
GetGUIThreadInfo
GetLastInputInfo
GetMenu
InvalidateRect
IsChild
ReleaseDC
SetFocus
ShowWindow
DdeQueryStringW
EnumDisplaySettingsA
GetClassLongA
GetClipboardFormatNameW
GetKeyNameTextA
LoadStringW
LookupIconIdFromDirectoryEx
MonitorFromPoint
SetThreadDesktop
AppendMenuA
DispatchMessageA
EnumChildWindows
GetClientRect
GetInputState
GetMessageA
OemToCharBuffA
PostThreadMessageA
RemoveMenu
TranslateMessage
GetKeyboardState
GetSystemMetrics
SetPropW

Exports

Exports

Ptopd

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d99c48cf7d6b1674092b82b2aa2ead8

Headers

File Characteristics

Imports

kernel32

oleaut32

rpcrt4

shell32

user32

Exports

Exports

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 45KB - Virtual size: 58KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 45KB - Virtual size: 58KB

.reloc
Size: 14KB - Virtual size: 14KB