d3c0b9e01c621f9cd2e5a530ae4c2afe32704255b65c327788117ee474b0e359

Sharing

Copy URL

Twitter E-mail

General

Target

d3c0b9e01c621f9cd2e5a530ae4c2afe32704255b65c327788117ee474b0e359
Size

72KB
MD5

537043ecc87d878abe086e8908705d30
SHA1

01742a35d235dca47369649367ec3155502820a3
SHA256

d3c0b9e01c621f9cd2e5a530ae4c2afe32704255b65c327788117ee474b0e359
SHA512

55e44fb2511ca0f0ace6b813eba398f25bee70cbf57224788dad739b449fb3e17923e13091ddb4fd7bfbdee17ed6fa5e492ac1ff4532cc79965df6f1d2ae722c
SSDEEP

1536:FfFyiNZe2Ii92xWy0M2I4HfFba7biyP8IJBE3hO1fYD58:7yiN3dP5M2I4HfFba7biyP8CO3hO1fYO

Score

N/A

Malware Config

Signatures

Files

d3c0b9e01c621f9cd2e5a530ae4c2afe32704255b65c327788117ee474b0e359
.dll windows x86

3d971ad935f800bc355891f9add9ebdf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
WSASocketA
WSAIoctl
inet_ntoa
WSAStartup
WSACleanup
recv
send
htons
gethostbyname
WSAGetLastError
inet_addr
socket
connect
closesocket

advapi32

CreateProcessAsUserA
AllocateAndInitializeSid
FreeSid
GetUserNameA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
IsValidSid
AddAccessAllowedAce
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueA
InitializeAcl
GetLengthSid

gdi32

DeleteObject
SelectObject
SetTextColor
SetBkMode
ExtTextOutA
SetBkColor
CreateFontIndirectA

kernel32

GetFileInformationByHandle
SystemTimeToFileTime
GetLocalTime
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
LocalAlloc
RaiseException
WideCharToMultiByte
GetModuleFileNameA
CloseHandle
SetEndOfFile
SetFilePointer
WriteFile
GetFileSize
Sleep
GetLastError
CreateFileA
GetComputerNameA
GetSystemDirectoryA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
OpenFileMappingA
FlushViewOfFile
ResetEvent
SetEvent
GlobalUnlock
GlobalLock
CreateThread
GetTickCount
GetTempPathA
GetFileAttributesA
WaitForSingleObject
ExitProcess
GetCurrentProcessId
OpenEventA
CreateEventA
HeapFree
GetProcessHeap
HeapAlloc
CreateToolhelp32Snapshot
Process32Next
VirtualFreeEx
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
Process32First
OpenProcess
ResumeThread
CreateProcessA
ExpandEnvironmentStringsA
LoadLibraryA
FreeLibrary
ReadFile
GetVersionExA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GlobalMemoryStatus
GetSystemInfo
FileTimeToSystemTime

user32

GetDesktopWindow
GetSystemMetrics
SetWindowsHookExA
GetClassNameA
FindWindowA
EnumChildWindows
CallWindowProcA
UnhookWindowsHookEx
CreateWindowExA
SetClipboardViewer
GetMessageA
TranslateMessage
DispatchMessageA
IsWindow
PostMessageA
DestroyWindow
LoadIconA
LoadCursorA
RegisterClassA
SendMessageA
OpenClipboard
GetClipboardData
CloseClipboard
DefWindowProcA
GetClientRect
BeginPaint
DrawTextA
ReleaseDC
EndPaint
SystemParametersInfoA
SetWindowLongA
SetWindowPos
ShowWindow
UpdateWindow
GetKeyState
GetKeyNameTextA
ToAscii
CallNextHookEx
GetForegroundWindow
GetParent
GetWindowTextA
MapVirtualKeyA
GetWindowLongA
GetKeyboardState

msvcr90

_mbscmp
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
strcpy_s
wcstombs
strftime
fseek
ftell
malloc
realloc
free
atoi
isalpha
_mbsstr
_mbsicmp
srand
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
strlen
_mbsrchr
strcpy
__CxxFrameHandler3
fwrite
fread
fclose
fopen
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_difftime64
_localtime64
_time64
_mbsnbcpy
_mbsrev
rand
_mbsnbcmp
strcat
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
sprintf
strstr
_except_handler4_common

msvcp90

?_Xran@_String_base@std@@SAXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

?g_dwOperation@@3KA
?g_dwTargetPID@@3KA
FlushBuffer
Init
SM
WLEvtLock
WLEvtLogoff
WLEvtLogon
WLEvtShutdown
WLEvtStartScreenSaver
WLEvtStartup
WLEvtStopScreenSaver
WLEvtUnlock

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d971ad935f800bc355891f9add9ebdf

Headers

File Characteristics

Imports

ws2_32

advapi32

gdi32

kernel32

user32

msvcr90

msvcp90

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

Shared Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

Shared
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 4KB - Virtual size: 3KB