df3122c03b3f7768770e5a7b34d1b19d9e20b0d4281bd4324152d2fbce376b2b

Sharing

Copy URL Twitter E-mail

General

Target

df3122c03b3f7768770e5a7b34d1b19d9e20b0d4281bd4324152d2fbce376b2b
Size

95KB
MD5

e65f17c7c0c33da8277b0cc57e2c946a
SHA1

cd0ec53fc1a716965974381037396b2cfeb720b8
SHA256

df3122c03b3f7768770e5a7b34d1b19d9e20b0d4281bd4324152d2fbce376b2b
SHA512

db5565b7ad27b24bcf815e57f2f2d325718e5b95c3b1192ef3ed267a365b7b466878ba98ba64cf3efc50144b180ffb52ed4b74ed9cafb01cb60ced53b9487623
SSDEEP

1536:8sCxVdgmZWI5s9POY3RcvyQ3aeLtnfPYozGS2hnCkNM:NCumZWI5s9mSRuaeLtnfPYoX2hnC5

Score

N/A

Malware Config

Signatures

Files

df3122c03b3f7768770e5a7b34d1b19d9e20b0d4281bd4324152d2fbce376b2b
.dll windows x86

61e1372ab6b84221951b3427a194fff2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
CryptAcquireContextW
CryptImportKey
CryptDestroyKey
MD5Init
MD5Update
MD5Final
CreateProcessAsUserA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo

cabinet

ord23
ord22
ord20

ntdll

ZwWaitHighEventPair
ZwSetHighWaitLowEventPair
ZwCreateEventPair
ZwSetSystemPowerState
RtlAdjustPrivilege
RtlEqualUnicodeString
ZwSetLowEventPair
ZwSetInformationToken
ZwDuplicateToken
ZwAdjustPrivilegesToken
ZwOpenProcessToken
RtlInitUnicodeString
ZwQueryVolumeInformationFile
qsort
RtlImageNtHeader
ZwAlertThread
ZwWaitForSingleObject
ZwDelayExecution
strchr
_snprintf
_wcsicmp
_wcslwr
wcsstr
wcschr
RtlRemoveVectoredExceptionHandler
RtlAddVectoredExceptionHandler
strtoul
sscanf
RtlGetFrame
RtlPushFrame
RtlPopFrame
LdrAccessResource
LdrFindResource_U
_strlwr
ZwSetEaFile
ZwQueryEaFile
ZwClose
RtlFreeUnicodeString
ZwOpenFile
RtlDosPathNameToNtPathName_U
RtlComputeCrc32
strstr
_strnicmp
strncpy
_stricmp
ZwSetEvent
ZwUnmapViewOfSection
ZwOpenEvent
ZwOpenSection
ZwMapViewOfSection
ZwCreateEvent
ZwCreateSection
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
vsprintf
memmove
ZwQueryInformationProcess
RtlTimeToSecondsSince1970
RtlTimeToSecondsSince1980
ZwQueryInformationToken
RtlRandom
RtlImageDirectoryEntryToData
strpbrk
_wcsnicmp
RtlExitUserThread
strrchr
wcsrchr
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
memcpy
memset
_allmul
RtlUnwind
ZwQuerySystemInformation
swprintf
sprintf
DbgPrint
RtlNtStatusToDosError
RtlInterlockedPopEntrySList
RtlInterlockedPushEntrySList
RtlIpv4StringToAddressA
NtQueryVirtualMemory

ws2_32

WSASocketA
shutdown
WSAStartup
WSARecvFrom
WSASendTo
setsockopt
WSASend
WSARecv
WSAIoctl
listen
bind
getsockname
closesocket
WSASocketW
WSAGetLastError

version

VerQueryValueW

shlwapi

SHGetValueA
PathRemoveExtensionA
PathFindFileNameA
StrStrIA
PathRemoveBackslashW
SHSetValueA
SHRegCloseUSKey
SHRegCreateUSKeyA
PathRemoveBackslashA

urlmon

ObtainUserAgentString
CoInternetSetFeatureEnabled
CreateURLMonikerEx
UrlMkSetSessionOption

kernel32

SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LocalFree
GetSystemInfo
GetVersionExA
GetLocaleInfoA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
CreateWaitableTimerA
SetWaitableTimer
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
SetUnhandledExceptionFilter
GetCommandLineA
GetModuleFileNameA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetSystemTimeAsFileTime
OpenProcess
ExitProcess
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
ReadFile
GetFileSize
DeleteFileA
GetProcAddress
WaitForMultipleObjects
SetInformationJobObject
CreateJobObjectW
FlushFileBuffers
SetEndOfFile
WriteFile
CreateFileA
GetTempPathA
TerminateProcess
ResumeThread
AssignProcessToJobObject
SetThreadContext
GetThreadContext
WriteProcessMemory
VirtualAllocEx
CreateProcessA
FreeLibrary
LoadLibraryA
MultiByteToWideChar
CreateThread
CloseHandle
Sleep
VirtualProtect
LoadLibraryW
GetTickCount
VirtualAlloc
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetLastError
BindIoCompletionCallback
VirtualFree

user32

CreateWindowExW
GetMessageW
GetClassNameW
DispatchMessageW
DefWindowProcW
SendMessageW
UnregisterClassW
GetClientRect
ChildWindowFromPoint
wsprintfW
RegisterClassW
KillTimer
PostQuitMessage
ExitWindowsEx
DestroyWindow
SetTimer
PostMessageW
GetSystemMetrics

ole32

CreateBindCtx
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
CoTaskMemAlloc

shell32

ShellExecuteA

secur32

AcquireCredentialsHandleW
EncryptMessage
FreeContextBuffer
DecryptMessage
AcceptSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
DeleteSecurityContext
QueryContextAttributesW

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CryptExportPublicKeyInfo
CryptSignAndEncodeCertificate
CertFreeCertificateContext
CertSetCertificateContextProperty
CertCreateCertificateContext

wintrust

WinVerifyTrust

mswsock

AcceptEx

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61e1372ab6b84221951b3427a194fff2

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

cabinet

ntdll

ws2_32

version

shlwapi

urlmon

kernel32

user32

ole32

shell32

secur32

crypt32

wintrust

mswsock

oleaut32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 10KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 224B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 10KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 224B

.reloc
Size: 6KB - Virtual size: 5KB