a6e0dc29afbc9c414f5c54fc59a8ad1d729dd8bbcda487bc4df635df82a57679

Sharing

Copy URL Twitter E-mail

General

Target

a6e0dc29afbc9c414f5c54fc59a8ad1d729dd8bbcda487bc4df635df82a57679
Size

352KB
MD5

3345de41585c8a5b1ae6c75d15bc534e
SHA1

42c78f71ea887dc6fb86ad1dca2dc0fe3a1d025b
SHA256

a6e0dc29afbc9c414f5c54fc59a8ad1d729dd8bbcda487bc4df635df82a57679
SHA512

3b7b87593f5880617210f385dec1982adcae73fccc5cf214552d76779ee8aa48fe38a42fe0766e7aa08a93a7d609b847844607d21250587d40726421f6524f01
SSDEEP

6144:4JNrx6h6LIknpuuhFBuqLjviRaaCz9wa1wzjh2ojCScNMLW:WNrVBukjvmA5wPeSc

Score

N/A

Malware Config

Signatures

Files

a6e0dc29afbc9c414f5c54fc59a8ad1d729dd8bbcda487bc4df635df82a57679
.dll windows x86

fdea407f0fa8ba7aa4358543162a75b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetTcpTable

dbghelp

SymGetModuleInfo
SymInitialize
SymGetModuleBase
SymSetOptions
SymGetSymFromAddr

msvcrt

_except_handler3
memset
memcpy
_snprintf
fclose
fseek
realloc
fwrite
fread
fopen
strncpy
malloc
calloc
free
sprintf
atoi
isprint
strstr

psapi

GetModuleFileNameExA

netapi32

NetQueryDisplayInformation
NetApiBufferFree

dnsapi

DnsFlushResolverCache

wininet

InternetReadFile
HttpOpenRequestA
InternetCheckConnectionA
HttpSendRequestA
InternetOpenA
InternetConnectA
InternetQueryOptionA
InternetSetStatusCallback
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpQueryInfoA
InternetCloseHandle

ws2_32

ntohs
WSASetLastError
WSAGetLastError
accept
listen
send
gethostbyname
closesocket
socket
bind
recv
shutdown
htons
WSAStartup
inet_ntoa
connect
gethostname
getpeername
htonl
setsockopt
select
__WSAFDIsSet
inet_addr
recvfrom

shell32

ExtractIconExA
ShellExecuteA
SHGetFolderPathA
SHFileOperationA
ord680

shlwapi

PathMakeSystemFolderA
PathFileExistsA
StrCmpNIA
PathAppendA
PathGetDriveNumberA
StrStrA
StrChrIA
PathAddBackslashA
StrStrIW
PathFindFileNameA
StrStrIA
StrToIntA

ntdll

ZwQueryInformationThread
RtlImageNtHeader
RtlCreateUserThread

kernel32

FileTimeToSystemTime
GetSystemTime
LocalFree
GetFileInformationByHandle
GetFileType
LocalAlloc
GetLocalTime
SystemTimeToFileTime
SetFilePointer
GetFileSize
FileTimeToDosDateTime
WriteProcessMemory
Module32Next
VirtualAllocEx
Module32First
GetProcessTimes
CreateRemoteThread
VirtualQuery
GetPrivateProfileStringA
GetShortPathNameA
GetFileAttributesW
GetFileAttributesA
GetVersionExW
WideCharToMultiByte
VirtualProtect
GetThreadPriority
InterlockedExchange
FlushInstructionCache
lstrcmpA
FindFirstChangeNotificationA
FindNextChangeNotification
TerminateThread
WinExec
MoveFileA
ExitThread
GetCommandLineA
GetCommandLineW
HeapValidate
GetProcessHeap
GetTempPathA
GetCurrentDirectoryA
GetTempFileNameA
CopyFileA
WaitForMultipleObjects
GetLogicalDriveStringsA
SetCurrentDirectoryA
SetThreadPriority
GetDriveTypeA
SetErrorMode
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
GetLastError
SetLastError
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
GetTickCount
GetVolumeInformationA
GetSystemWindowsDirectoryA
CreateMutexA
GetCurrentProcess
GetTimeFormatA
GetCurrentThread
VirtualFree
GetDateFormatA
VirtualAlloc
AddVectoredExceptionHandler
DeleteFileA
GetSystemDefaultLangID
Process32First
OpenProcess
GetTimeZoneInformation
GetEnvironmentVariableA
Process32Next
CreateToolhelp32Snapshot
CloseHandle
WaitForSingleObject
LoadLibraryExA
ReleaseMutex
CreateFileA
MoveFileExA
lstrcpynA
SetEndOfFile
SetFilePointerEx
WriteFile
IsBadWritePtr
ReadFile
CreateDirectoryA
GetFileSizeEx
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
SetEvent
Sleep
OpenMutexA
GetCurrentThreadId
GetCurrentProcessId
lstrcpyA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingA
CreateProcessA
CreateThread
HeapCreate
lstrcmpiA
OpenEventA
lstrcmpiW
OpenFileMappingA
GetComputerNameA
lstrlenA
CreateEventA
GetVersionExA
ResetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection

user32

GetWindowDC
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
CharUpperA
GetSystemMetrics
GetDC
SetThreadDesktop
GetThreadDesktop
ReleaseDC
GetShellWindow
GetWindow
DestroyIcon
FindWindowA
GetDesktopWindow
GetIconInfo
RegisterWindowMessageA
SendMessageA
WindowFromPoint
DrawIcon
CreateDesktopA
GetTopWindow
IsWindowVisible
PostMessageA
IsWindow
MapVirtualKeyA
IsIconic
IsRectEmpty
GetClassLongA
GetWindowThreadProcessId
MapWindowPoints
GetMenuItemInfoA
SetWindowPos
SendMessageTimeoutA
GetWindowLongA
GetAncestor
GetWindowInfo
GetParent
GetWindowRect
GetSystemMenu
DefWindowProcW
EndMenu
HiliteMenuItem
DefMDIChildProcA
GetCursor
GetMenuItemCount
DefMDIChildProcW
DefWindowProcA
GetMenuState
CopyIcon
TrackPopupMenuEx
GetMenuItemRect
GetMenu
MenuItemFromPoint
GetSubMenu
SetKeyboardState
GetMenuItemID
OpenDesktopA
PrintWindow
WindowFromDC
SetLayeredWindowAttributes
EnumChildWindows
RedrawWindow
GetWindowRgn
SetClassLongA
SetWindowLongA
GetScrollBarInfo
MoveWindow
DialogBoxIndirectParamA
SetWindowTextA
ShowWindow
EndDialog
GetDlgItem
CreateWindowExA
GetWindowTextLengthA
GetClientRect
LoadIconA
AttachThreadInput
DestroyWindow
wsprintfA
GetUserObjectInformationA
PtInRect
GetFocus
GetLastActivePopup
RealChildWindowFromPoint
GetClassNameA
GetCursorPos
GetWindowTextW
GetOpenClipboardWindow
GetActiveWindow
GetWindowTextA
GetGUIThreadInfo
GetKeyboardState
ToAscii
FindWindowW
DispatchMessageW

gdi32

CreateFontIndirectA
GetObjectA
GetClipRgn
BitBlt
GetViewportOrgEx
GetDeviceCaps
SelectClipRgn
OffsetRgn
CreateRectRgn
DeleteDC
CreateDIBSection
GetDIBits
SetViewportOrgEx
CreateCompatibleBitmap
GdiFlush
DeleteObject
SelectObject
CreateCompatibleDC

advapi32

RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
GetTokenInformation
OpenProcessToken
RegNotifyChangeKeyValue
RegEnumKeyExA
RegDeleteValueA
GetUserNameA
RegCloseKey
RegFlushKey
RegOpenKeyExA

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdea407f0fa8ba7aa4358543162a75b8

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

dbghelp

msvcrt

psapi

netapi32

dnsapi

wininet

ws2_32

shell32

shlwapi

ntdll

kernel32

user32

gdi32

advapi32

Sections

.text Size: 232KB - Virtual size: 232KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 68KB - Virtual size: 68KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 232KB - Virtual size: 232KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 68KB - Virtual size: 68KB

.reloc
Size: 16KB - Virtual size: 16KB