7ad13fe73bdbb961ed9b87f3c3e73c3e2848ac4e9fb24f93111b4d66e9f36070

Sharing

Copy URL Twitter E-mail

General

Target

7ad13fe73bdbb961ed9b87f3c3e73c3e2848ac4e9fb24f93111b4d66e9f36070
Size

128KB
MD5

f27b1db30c91371784441e3551ef4b97
SHA1

33ff3b2a52f22501c1f290ab224eb4916ed97b50
SHA256

7ad13fe73bdbb961ed9b87f3c3e73c3e2848ac4e9fb24f93111b4d66e9f36070
SHA512

2773e932bb63c222ba1f86451b95a6f71ce8fb2c6ed49b1183e4b57eb0b753d546b9b00a4eb1026c9a4c1d8e1fc09f4f4e06268348a3f0c8e6735f0c0a74a67e
SSDEEP

1536:zrHAWpBWCBVX+gRT6Yt0oki05JR5p25RC94UjDBLbj9k9CHurW+sd6iDo:HAWf3BBXNDtnC94UjDBvjqCHx6qo

Score

N/A

Malware Config

Signatures

Files

7ad13fe73bdbb961ed9b87f3c3e73c3e2848ac4e9fb24f93111b4d66e9f36070
.dll windows x86

7179d905b0401d6c81ecdfaddc76ba36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwClose
RtlAdjustPrivilege
RtlCreateSecurityDescriptor
RtlInitUnicodeString
ZwLoadDriver
RtlSetDaclSecurityDescriptor
_snprintf
memcpy

ws2_32

WSAStartup
connect
inet_addr
htons
socket
closesocket
gethostbyname
send

shlwapi

SHDeleteKeyA
SHGetValueA
PathFindFileNameA
SHSetValueA

iphlpapi

GetAdaptersInfo

kernel32

GetTickCount
GetTempPathA
GetCurrentProcessId
CreateToolhelp32Snapshot
CreateFileMappingA
WritePrivateProfileStringA
VirtualFree
VirtualAlloc
GetVersionExA
OpenProcess
Sleep
TerminateProcess
CopyFileA
GetModuleFileNameA
CloseHandle
DeleteFileA
MultiByteToWideChar
GetProcAddress
LoadLibraryA
CreateFileA
GetFileSize
SetFilePointer
MapViewOfFile
UnmapViewOfFile
MoveFileExA
Process32First
Process32Next
WriteFile
lstrcmpiA

winspool.drv

GetPrintProcessorDirectoryA
DeletePrintProcessorA
AddPrintProcessorA

advapi32

LsaQueryInformationPolicy
LsaFreeMemory
LsaOpenPolicy
LsaClose
OpenServiceA
ControlService
OpenSCManagerA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.people
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.moomoo
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 776B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7179d905b0401d6c81ecdfaddc76ba36

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ws2_32

shlwapi

iphlpapi

kernel32

winspool.drv

advapi32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 32B - Virtual size: 32B

.people Size: 68KB - Virtual size: 68KB

.moomoo Size: 26KB - Virtual size: 26KB

.rsrc Size: 776B - Virtual size: 776B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 32B - Virtual size: 32B

.people
Size: 68KB - Virtual size: 68KB

.moomoo
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 776B - Virtual size: 776B

.reloc
Size: 12KB - Virtual size: 12KB