cece6d7611f23d3eb026ded8fa19e02e1fe11f8e4452121d1e0555424be8e060

Sharing

Copy URL Twitter E-mail

General

Target

cece6d7611f23d3eb026ded8fa19e02e1fe11f8e4452121d1e0555424be8e060
Size

40KB
MD5

93d33c32ba906642f926a48909bc216d
SHA1

68488b17fc4f32167bfca857c673180c5690ea11
SHA256

cece6d7611f23d3eb026ded8fa19e02e1fe11f8e4452121d1e0555424be8e060
SHA512

9d581e8f7cf606bc32314fb6848088897c9346ab7a2c07ab8db5914ee514daddf46e595794a12ed09843fc6d619447980247a370afa449170622b980ca1ad4ee
SSDEEP

768:Miec0MMZig5cPRjspZV6xzJsdwjEfb+T5Hgs50e:MSMZig5URjspStowjED+lAs6

Score

N/A

Malware Config

Signatures

Files

cece6d7611f23d3eb026ded8fa19e02e1fe11f8e4452121d1e0555424be8e060
.dll windows x86

d4eb0fb261bdb065687e5ee359954bd3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlEscapeW
wnsprintfW
StrToIntW
PathFileExistsW
StrRStrIW
StrStrIW
StrStrIA

ws2_32

getnameinfo
inet_addr

dnsapi

DnsQuery_W
DnsRecordListFree

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW

kernel32

lstrcpynA
CreateFileW
GetFileSize
ReadFile
WriteFile
CloseHandle
GetSystemWindowsDirectoryW
GetVolumeInformationW
lstrlenW
lstrcpynW
lstrlenA
lstrcpyA
lstrcmpiA
lstrcatW
WideCharToMultiByte
lstrcatA
SetFilePointer
SetEndOfFile
lstrcpyW
CreateEventW
lstrcmpiW
CreateThread
WaitForSingleObject
SetEvent
CreateProcessW
SuspendThread
TerminateThread
Sleep
GetModuleFileNameW
FreeLibraryAndExitThread
LoadLibraryW
OpenMutexW
GetTickCount
GetLastError
CreateMutexW
GetCurrentProcess
GetProcAddress
VirtualAlloc
VirtualFree
VirtualQuery
MultiByteToWideChar
MapViewOfFile
CreateFileMappingW
ResetEvent
GetSystemInfo
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
DisableThreadLibraryCalls
ExitProcess
CreateWaitableTimerW
SetWaitableTimer
GetCurrentThread
GetFileTime
SetFileTime
lstrcmpW
MoveFileW
MoveFileExW
WaitForMultipleObjects
FindFirstFileW
FindNextFileW
FindClose
GetSystemTime
UnmapViewOfFile

user32

MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
CallNextHookEx
PostMessageW
SetWindowsHookExW
wsprintfW

advapi32

CreateProcessAsUserW
RegQueryValueExW
RegCloseKey
SetNamedSecurityInfoW
ImpersonateLoggedOnUser
OpenProcessToken
RevertToSelf
RegSetValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegFlushKey
RegQueryInfoKeyW
RegEnumValueW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ord680

ole32

StringFromCLSID
CoTaskMemFree
CoCreateGuid

Exports

Exports

Startup
e
iep
l
r

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4eb0fb261bdb065687e5ee359954bd3

Headers

File Characteristics

Imports

shlwapi

ws2_32

dnsapi

wininet

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB