e904c2dc635497ec8d1f4a85c56a78b51fafeb3ad324d7ba326a28b3dd6dd39a

Sharing

Copy URL Twitter E-mail

General

Target

e904c2dc635497ec8d1f4a85c56a78b51fafeb3ad324d7ba326a28b3dd6dd39a
Size

136KB
MD5

984c7314d36e0b524b9438595ca8a605
SHA1

613f85661f7028f0440c9e58d1ddb40511f59a2f
SHA256

e904c2dc635497ec8d1f4a85c56a78b51fafeb3ad324d7ba326a28b3dd6dd39a
SHA512

71ab406145bb8786f87463dad10146bada3e70d9c63066d73a2f049e649418527ff951a8dd387c3ef277cd02f7049e60956040c2e556628d8e319ecfc20a5416
SSDEEP

3072:+Cq9UDEIG6DNr06FVkdk0fjAxyxliauwZNT9NAATpygS90w+0JOZekIBCaGgS:koq6ZJVkdHAxdafNT9NAAS82/

Score

N/A

Malware Config

Signatures

Files

e904c2dc635497ec8d1f4a85c56a78b51fafeb3ad324d7ba326a28b3dd6dd39a
.dll windows x86

38915e7c4b4e5007fd336716c8820b0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceExW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileSizeEx
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetThreadLocale
GetTickCount
GetVersionExA
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
FindNextFileW
LoadLibraryW
LoadResource
LockResource
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
RtlUnwind
SetThreadLocale
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
WideCharToMultiByte
lstrcmpiW
lstrlenW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitProcess
EnterCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
CreateFileW
LoadLibraryExW
CreateFileMappingW

user32

CharNextW
UnregisterClassA

ntdll

memcpy
memmove
memset
wcstoul
_wcsicmp
_vsnwprintf
_vsnprintf
RtlInitUnicodeString
RtlFreeHeap
RtlAllocateHeap
NtQueryValueKey

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msvcrt

calloc
_unlock
_purecall
_onexit
_lock
_initterm
_errno
free
_amsg_exit
__set_app_type
__p__fmode
__dllonexit
__CxxFrameHandler
_XcptFilter
_CxxThrowException
malloc
printf
_callnewh
realloc

userenv

ForceSyncFgPolicy
RsopResetPolicySettingStatus

shell32

ShellHookProc
SHGetSettings
WOWShellExecute
DragAcceptFiles
SHUpdateRecycleBinIcon
SHLoadInProc

advapi32

GetTraceEnableLevel
GetTraceLoggerHandle
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags

Exports

Exports

ADeviceGetCaps
AShutDown
CreateDataObject
CreateTempFileStream
HrCreatePhonebookEntry
UpdateRebarBandColors

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38915e7c4b4e5007fd336716c8820b0d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

version

msvcrt

userenv

shell32

advapi32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 22KB - Virtual size: 22KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 15KB