870ee78b48b753e1128db9123c67371685399a478dedc2eb4855c6c7ea56cd57

Sharing

Copy URL

Twitter E-mail

General

Target

870ee78b48b753e1128db9123c67371685399a478dedc2eb4855c6c7ea56cd57
Size

142KB
MD5

fdfe634a3fb66467b73e51c05dc1db70
SHA1

47456fddaf5f77e0c3d1d85fd96b9794cf658c5b
SHA256

870ee78b48b753e1128db9123c67371685399a478dedc2eb4855c6c7ea56cd57
SHA512

90a2f0979d51b5f50e25579725cf9940c6f96ab7ebc5cb53e133594f759145fce01d35838503e6c052a2d54959beb147a007330838992ba7a1dbd97ff4b93a68
SSDEEP

3072:cDzoDoEeflHYBTvS4YrOrMrvrUrXQIWSo+ugguXv5C2NYP5r:iZfRiTKFOrMrvrUrgI3o22

Score

N/A

Malware Config

Signatures

Files

870ee78b48b753e1128db9123c67371685399a478dedc2eb4855c6c7ea56cd57
.dll windows x86

d3847426497a375e2e98569a88688f3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memcmp
memchr
memcpy
memset
sprintf
strtoul
strlen

advapi32

RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

shlwapi

SHDeleteValueA

wininet

InternetQueryDataAvailable
HttpSendRequestA
InternetSetCookieA
InternetSetOptionA
InternetQueryOptionA
HttpEndRequestA
InternetReadFile
HttpSendRequestExA
HttpAddRequestHeadersA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetWriteFile

kernel32

LoadLibraryA
InitializeCriticalSectionAndSpinCount
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedDecrement
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
WriteFile
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetCurrentProcessId
GetTickCount
HeapAlloc
GetProcessHeap
HeapValidate
HeapFree
GetLastError
GetCurrentThreadId
SetLastError
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
Sleep
WideCharToMultiByte
GetTimeZoneInformation
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter

Exports

Exports

Callback_OnAfterLoadingPage
Callback_OnBeforeLoadPage3
Callback_OnBeforeProcessUrl
FreeMem
Init
IsGlobal
Start
Stop
TakeFreeMem
TakeGetPage

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3847426497a375e2e98569a88688f3d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

shlwapi

wininet

kernel32

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 107KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 107KB

.reloc
Size: 8KB - Virtual size: 8KB