bd67c3e09c1dd0978f16721bbd59a7c868d1632d8d01ce4ade2cbeeb68364ecd

Sharing

Copy URL Twitter E-mail

General

Target

bd67c3e09c1dd0978f16721bbd59a7c868d1632d8d01ce4ade2cbeeb68364ecd
Size

104KB
MD5

89f885a7a30a4f38b9210d01faae89fe
SHA1

f0f47b4dbbbd66dd27e53b5d5859234a1e0d8c41
SHA256

bd67c3e09c1dd0978f16721bbd59a7c868d1632d8d01ce4ade2cbeeb68364ecd
SHA512

65ab3911d44a8d7d29ef66510c4be8de8f7d6b6adaf959bd37a5e89b34df8cafe3775a5e153b3ae9b1eb95eab700dde38deae623f3faed48d3a6787316eba6ff
SSDEEP

1536:as8zSpPljKJ1SFI2TsJIbIYVR1EOsXj5ZTwzJZQtN8:x8z2Pl2J15eYIbIYVR1EOyZ0zJG

Score

N/A

Malware Config

Signatures

Files

bd67c3e09c1dd0978f16721bbd59a7c868d1632d8d01ce4ade2cbeeb68364ecd
.dll windows x86

4a5fc8ab95b87e08f05fc0a5d27c8f10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
FileTimeToSystemTime
Thread32Next
Thread32First
CreateToolhelp32Snapshot
Process32Next
Process32First
GetWindowsDirectoryA
TerminateProcess
GetFileSize
GlobalFree
GlobalAlloc
WaitForSingleObject
GetStartupInfoA
CreatePipe
GetEnvironmentVariableA
PeekNamedPipe
GetVolumeInformationA
GetDiskFreeSpaceExA
SearchPathA
ExpandEnvironmentStringsA
SetEvent
GetSystemInfo
DuplicateHandle
TerminateThread
ExitThread
GetCurrentProcess
VirtualAlloc
CreateThread
MultiByteToWideChar
DeviceIoControl
QueryDosDeviceA
CreateProcessA
MoveFileA
CreateDirectoryA
FindFirstFileA
SetFilePointer
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetDriveTypeA
GetCurrentThreadId
GetSystemTime
lstrcmpA
GetProcessHeap
HeapAlloc
CreateEventA
HeapFree
VirtualQueryEx
ReadProcessMemory
GetEnvironmentVariableW
WideCharToMultiByte
GetLogicalDrives
WaitForMultipleObjects
GetTempPathA
FlushFileBuffers
GetLocaleInfoA
lstrcpyA
lstrcatA
ReadFile
SetEndOfFile
GetVersionExA
GetFileAttributesA
WriteFile
Sleep
GetLastError
GetSystemDirectoryA
LoadLibraryExA
GetModuleHandleA
GetCurrentProcessId
LocalAlloc
LocalFree
CopyFileA
DeleteFileA
GetModuleFileNameA
GetTempFileNameA
FreeLibrary
LoadLibraryA
GetProcAddress
SetFileTime
SetFileAttributesA
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetTickCount

user32

GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextLengthA
GetWindowTextA
ExitWindowsEx
GetSystemMetrics
GetThreadDesktop
wsprintfA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
CloseDesktop
CloseWindowStation
CharUpperA
EnumWindows
GetWindowThreadProcessId
GetWindowLongA
OpenWindowStationA
GetProcessWindowStation

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetDIBits
CreateDCA

advapi32

RegOpenKeyA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupAccountSidA
DeleteService
CreateServiceA
GetAclInformation
GetLengthSid
IsValidSid
AllocateAndInitializeSid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegOpenKeyExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatus
ControlService
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegEnumKeyA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
QueryServiceConfigA
EnumServicesStatusA
ChangeServiceConfigA
CreateProcessAsUserA
RegEnumKeyExA
GetUserNameW
LookupPrivilegeValueA

shell32

SHFileOperationA

msvcrt

_initterm
_adjust_fdiv
?terminate@@YAXXZ
time
sprintf
_tempnam
remove
_lseek
strrchr
srand
rand
_onexit
wcscmp
strncpy
wcslen
strchr
rename
_local_unwind2
atoi
_except_handler3
_CxxThrowException
??2@YAPAXI@Z
fopen
fread
fclose
__dllonexit
printf
??1type_info@@UAE@XZ
calloc
strstr
__CxxFrameHandler
??3@YAXPAX@Z
_close
_write
_read
malloc
free
_open
_strupr

netapi32

NetApiBufferFree
NetUserGetInfo
NetShareEnum
NetUserEnum

ws2_32

send
connect
WSCEnumProtocols
sendto
socket
recv
WSAStartup
WSACleanup
htons
closesocket
gethostname
inet_ntoa
gethostbyname
inet_addr

iphlpapi

GetAdaptersInfo
GetNetworkParams

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

psapi

GetModuleFileNameExA
EnumProcessModules

ntdll

_stricmp
_strcmpi

Exports

Exports

ServiceMain

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a5fc8ab95b87e08f05fc0a5d27c8f10

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

netapi32

ws2_32

iphlpapi

version

psapi

ntdll

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 49KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 49KB

.reloc
Size: 8KB - Virtual size: 7KB