c126f7256b0f3b6aedbdb664188d45aa7d313890874dc18902fd98a902ab14fe

Sharing

Copy URL

Twitter E-mail

General

Target

c126f7256b0f3b6aedbdb664188d45aa7d313890874dc18902fd98a902ab14fe
Size

1.1MB
MD5

f1262cf53a092762f5c365079966441a
SHA1

062ec1100492cbd2344b11733c5984de2ad7a2d3
SHA256

c126f7256b0f3b6aedbdb664188d45aa7d313890874dc18902fd98a902ab14fe
SHA512

bf044f11b53b3f83c2a6274bb028129697a8218ac4cc462404cf95704fcfab2515b2317154577842c35b0ac5a4201cad2c14482831bfb2e38574c11e050c55b7
SSDEEP

24576:D2M9oc3usS7D5qRoIx+O76wcQ+24oG6in/BE:D2M9Rm26w/4LE

Score

N/A

Malware Config

Signatures

Files

c126f7256b0f3b6aedbdb664188d45aa7d313890874dc18902fd98a902ab14fe
.dll windows x86

b1860b619d2d5f2480b15aab30a5048d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

d2cmp

ord10079

d2common

ord10385
ord10596
ord10344
ord10424
ord10331
ord10163
ord10328
ord10162
ord10968
ord10950
ord10085
ord10295
ord10313
ord10315
ord10316
ord10314
ord10296
ord10057
ord10034
ord10045
ord10336
ord10037
sgptDataTables
ord10513
ord10426
ord10666
ord10298
ord10519
ord10077
ord10062
ord10066
ord10342
ord10521
ord10425
ord10099
ord10035
ord10487
ord11277
ord10913
ord10920
ord10912
ord10039
ord10074
ord10075
ord10931
ord10924
ord10078
ord10076
ord10071
ord10081
ord10056
ord10073
ord10626
ord10600
ord10068
ord10067
ord10079
ord10080
ord10229
ord10137
ord11230
ord10038
ord10001
ord10391
ord10189
ord10187
ord10178
ord10177
ord11029
ord10963
ord10947
ord10948
ord10397
ord10368
ord10304
ord10755
ord10305
ord10277
ord10754
ord10810
ord10881
ord10708
ord10709
ord10442
ord10720
ord10853
ord10719
ord10175
ord10176
ord10707
ord10826
ord11114
ord10427
ord11243
ord10484
ord11068
ord11067
ord10311
ord10312
ord10280
ord10710
ord10711
ord10281
ord10690
ord10357
ord10488
ord10486
ord10954
ord10535
ord11013
ord10322
ord10321
ord10940
ord10953
ord10952
ord10949
ord10517
ord11012
ord11011
ord10518
ord10618
ord10701
ord10731
ord10376
ord10523
ord10462
ord10258
ord10866
ord10695
ord10855
ord10820
ord10616
ord10514
ord10524
ord11107
ord10732
ord10283
ord10261
ord10386
ord10352
ord10751
ord10348
ord10262
ord10439
ord10750
ord10781
ord10782
ord10257
ord10756
ord10839
ord10736
ord10520
ord10759
ord10765
ord10840
ord10242
ord10270
ord10770
ord10768
ord10299
ord10785
ord10767
ord10265
ord10811
ord10795
ord10833
ord10263
ord10264
ord10783
ord10246
ord10409
ord10250
ord10243
ord10854
ord10284
ord10332
ord10249
ord10290
ord10369
ord10289
ord10689
ord10307
ord10957
ord10964
ord10253
ord10455
ord10447
ord10443
ord10448
ord10444
ord10730
ord10966
ord10254
ord10835
ord10255
ord10267
ord10271
ord10638
ord10367
ord10276
ord10446
ord10445
ord10449
ord10450
ord10722
ord10601
ord11108
ord11109
ord10771
ord10266
ord10749
ord10867
ord10822
ord10525
ord10816
ord10240
ord10821
ord10746
ord10567
ord10735
ord10516
ord10693
ord10717
ord10828
ord10697
ord10699
ord10655
ord10300
ord10260
ord11278
ord10847
ord11270
ord10526
ord10138
ord10599
ord10604
ord10875
ord10694
ord10733
ord10914
ord10691
ord10793
ord10772
ord10792
ord10773
ord10791
ord10696
ord10706
ord10704
ord10702
ord10700
ord10698
ord10817
ord10815
ord10865
ord10753
ord10623
ord10465
ord10475
ord10470
ord10483
ord10728
ord10789
ord10862
ord10799
ord10797
ord10882
ord10726
ord10724
ord10718
ord10876
ord11247
ord10602
ord10802
ord10082
ord10241
ord10725
ord10723
ord10384
ord10351
ord10350
ord10883
ord10762
ord10752
ord10659
ord10485
ord10474
ord11041
ord11042
ord10813
ord10859
ord10603
ord10739
ord10860
ord10605
ord10617
ord10861
ord10612
ord10611
ord10613
ord11115
ord11116
ord11118
ord11117
ord10415
ord11218
ord11217
ord11119
ord11126
ord10398
ord10148
ord10150
ord11129
ord10142
ord10184
ord10182
ord10170
ord10179
ord10146
ord11136
ord11123
ord11121
ord10466
ord10480
ord11120
ord11124
ord11128
ord11130
ord10562
ord11059
ord11058
ord11289
ord11263
ord11127
ord10407
ord10119
ord10198
ord11137
ord10201
ord10147
ord10234
ord11284
ord10127
ord10128
ord11141
ord10118
ord11125
ord11276
ord11142
ord11143
ord11140
ord10102
ord10437
ord10564
ord10565
ord10473
ord10476
ord10477
ord10478
ord10220
ord10188
ord10185
ord11122
ord11003
ord11002
ord11006
ord10976
ord11135
ord10124
ord11292
ord11062
ord10974
ord10945
ord11246
ord11261
ord10893
ord10583
ord11082
ord11086
ord11084
ord10629
ord10902
ord10909
ord10901
ord10631
ord10468
ord10481
ord10472
ord10471
ord10552
ord10668
ord10559
ord11050
ord10324
ord10106
ord10161
ord10143
ord10557
ord10493
ord11060
ord10469
ord10363
ord10134
ord10378
ord10373
ord11057
ord10154
ord10323
ord10984
ord10985
ord10190
ord10186
ord10463
ord10180
ord10217
ord10222
ord10895
ord10530
ord10490
ord10206
ord10191
ord10158
ord10095
ord10046
ord10025
ord10113
ord10096
ord11063
ord10059
ord11257
ord10097
ord10090
ord11025
ord11064
ord10122
ord10210
ord10030
ord10592
ord10590
ord11017
ord10121
ord10560
ord10136
ord10396
ord10624
ord10458
ord10394
ord10120
ord10625
ord10047
ord10627
ord10087
ord10060
ord10459
ord10933
ord10428
ord10393
ord10395
ord10337
ord10285
ord10402
ord10403
ord10401
ord11088
ord11065
ord10563
ord10291
ord10434
ord11023
ord10432
ord10566
ord10892
ord10975
ord10400
ord11307
ord11147
ord11152
ord10010
ord11151
ord10086
ord11146
ord10429
ord10660
ord10420
ord10946
ord10421
ord10293
ord10231
ord10628
ord10259
ord10274
ord11301
ord10339
ord11083
ord10356
ord10423
ord10630
ord10942
ord10734
ord10292

d2net

ord10016
ord10006
ord10020
ord10021
ord10014
ord10010
ord10011
ord10024
ord10012
ord10015
ord10019

fog

ord10029
ord10030
ord10137
ord10086
ord10055
ord10142
ord10050
ord10143
ord10147
ord10042
ord10024
ord10127
ord10128
ord10126
gdwBitMasks
ord10025
ord10118
ord10119
ord10120
ord10018
ord10115
ord10129
ord10130
ord10229
ord10230
ord10213
gdwInvBitMasks
ord10252
ord10023
ord10045
ord10046

storm

ord491
ord403
ord501
ord401
ord509
ord423
ord405
ord506

kernel32

GetTimeZoneInformation
GetProcAddress
HeapReAlloc
GetStringTypeA
HeapAlloc
LoadLibraryA
GetTickCount
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
IsBadCodePtr
EnterCriticalSection
QueryPerformanceCounter
Sleep
InterlockedDecrement
InterlockedIncrement
QueryPerformanceFrequency
GetLocalTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetStringTypeW
GetFileType
GetStartupInfoA
LCMapStringW
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
GetModuleFileNameA
GetSystemTime
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapFree
GetOEMCP
HeapSize
HeapCreate
GetModuleHandleA
CloseHandle
WriteFile
ReadFile
SetHandleCount
GetStdHandle
LCMapStringA
GetACP
IsBadReadPtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
FlushFileBuffers
VirtualFree
SetFilePointer
SetUnhandledExceptionFilter
GetCPInfo
IsBadWritePtr
VirtualAlloc
SetStdHandle
CreateFileA
MultiByteToWideChar

user32

PtInRect
wsprintfA
CopyRect

winmm

timeGetTime

d2lang

?unicode2Win@Unicode@@SIPADPADPBU1@H@Z
ord10004

Sections

.text
Size: 984KB - Virtual size: 982KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1860b619d2d5f2480b15aab30a5048d

Headers

File Characteristics

Imports

d2cmp

d2common

d2net

fog

storm

kernel32

user32

winmm

d2lang

Sections

.text Size: 984KB - Virtual size: 982KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 96KB - Virtual size: 141KB

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 984KB - Virtual size: 982KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 96KB - Virtual size: 141KB

.reloc
Size: 28KB - Virtual size: 26KB