8a74614a70dc15e80a23bc0ed721c3760871f2d7669b6e495f1f0d948f56a16f

Sharing

Copy URL Twitter E-mail

General

Target

8a74614a70dc15e80a23bc0ed721c3760871f2d7669b6e495f1f0d948f56a16f
Size

140KB
MD5

8e16a2229a29050a0e0ef984ee60c9f0
SHA1

03b8ea9622f08e1202f3880616490608cc4c90f0
SHA256

8a74614a70dc15e80a23bc0ed721c3760871f2d7669b6e495f1f0d948f56a16f
SHA512

816caf30ca77dd68e8ed83fcf9ab2f3f5c34f615d82dcfd666f0a9afe3f724dd3d00697da14e761742830ae5a4396861d162e45c88a656966c18823451e46088
SSDEEP

3072:uo50h/C9ttzaFn0yFA33Xid80I5yUtm4jesdqqpFtwi3RUAhq:f0ha9ten0yu3yOMp4esJ/U

Score

N/A

Malware Config

Signatures

Files

8a74614a70dc15e80a23bc0ed721c3760871f2d7669b6e495f1f0d948f56a16f
.dll windows x86

e12ab86d24615a953775b3f3f8feb9f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
WriteFile
SetLastError
GetVolumeInformationA
MapViewOfFile
LoadLibraryA
GetCommandLineA
CreateProcessA
GetProcAddress
CreateFileMappingA
CopyFileA
EnterCriticalSection
TerminateProcess
ExitProcess
OpenFileMappingA
CreateEventA
InterlockedIncrement
HeapAlloc
GetProcessHeap
GetModuleFileNameA
ReadProcessMemory
GetComputerNameA
CloseHandle
GlobalAlloc
HeapFree
LocalFree
Sleep
LeaveCriticalSection
InterlockedDecrement
CreateFileA
GetCurrentProcess
WaitForSingleObject
GlobalFree
InterlockedCompareExchange
GetLastError
CreateMutexW
GetTickCount
GetModuleHandleA
WriteProcessMemory
OpenEventA
CreateDirectoryA

ole32

CoCreateGuid
OleCreate
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
OleSetContainedObject
CoInitialize
CoTaskMemAlloc

user32

GetMessageA
SendMessageA
GetWindow
FindWindowA
GetCursorPos
PostQuitMessage
DispatchMessageA
RegisterWindowMessageA
KillTimer
GetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowLongA
GetSystemMetrics
CreateWindowExA
PeekMessageA
DefWindowProcA
DestroyWindow
GetParent
TranslateMessage
GetClassNameA
SetTimer
ClientToScreen
GetWindowThreadProcessId
ScreenToClient

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysAllocStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

OpenProcessToken
SetTokenInformation
RegOpenKeyExA
GetUserNameA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
DuplicateTokenEx
RegDeleteValueA

shell32

SHGetFolderPathA

Exports

Exports

NativePadUsb

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e12ab86d24615a953775b3f3f8feb9f0

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 988B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 988B

.reloc
Size: 8KB - Virtual size: 6KB