61302f78876e091b222e3b46be0fae96094136cde55406a512298864b73c6b2d

Sharing

Copy URL Twitter E-mail

General

Target

61302f78876e091b222e3b46be0fae96094136cde55406a512298864b73c6b2d
Size

84KB
MD5

48efe4b697a48b65cd6f87446aede912
SHA1

9f342ad61b34e9908b46f47b76180f9dab26ab5a
SHA256

61302f78876e091b222e3b46be0fae96094136cde55406a512298864b73c6b2d
SHA512

5dfe3a04de4297d46473b5992fbbe01d82c784fab06ba32966630f9334f3002fdf25fa3a052b71ad81fac2c5965e12042e65cbbf1b95f753f731e151594f76d8
SSDEEP

768:NmVJ5xoIYMnRaFb1QKMUOFOOyZCA3iLNlQK9p2NbEfs3Dg1p:QVLeIYMnG7ZOQOyZCISNltpEE00p

Score

N/A

Malware Config

Signatures

Files

61302f78876e091b222e3b46be0fae96094136cde55406a512298864b73c6b2d
.dll windows x86

77758f362c0b50391bbe93f6f2a98fd4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrW
StrCmpNIA
StrRStrIW
StrCpyNW
StrCpyW
PathFileExistsW
StrCatW
StrChrA
StrCmpW
StrStrA
StrStrIW

ws2_32

WSASetLastError
WSASetEvent
inet_ntoa
gethostbyname
WSACleanup
gethostbyaddr
WSAStartup
getsockname

kernel32

VirtualFreeEx
GetVersionExA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetSystemTime
UnmapViewOfFile
VirtualAlloc
VirtualFree
lstrlenW
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetCurrentThreadId
GetModuleHandleA
Sleep
lstrlenA
WideCharToMultiByte
GetCurrentProcess
FlushInstructionCache
VirtualProtect
SetLastError
CloseHandle
GetModuleFileNameW
CreateFileW
GetFileSize
ReadFile
FlushFileBuffers
WriteFile
OpenMutexW
ReleaseMutex
QueryPerformanceCounter
GetTickCount
lstrcpyW
LoadLibraryW
GetSystemDirectoryW
GetTempPathW
GetCurrentProcessId
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualQuery
TerminateProcess
LocalAlloc
LocalFree
GetLocaleInfoA
lstrcatW
CreateThread
EnterCriticalSection
LeaveCriticalSection
ExitThread
DeleteCriticalSection
FreeLibraryAndExitThread
DisableThreadLibraryCalls
InitializeCriticalSection
GetModuleHandleExW
CreateMutexW
CreateProcessW
MoveFileExW
OpenFileMappingW
CreateFileMappingW
MapViewOfFile

user32

wsprintfA
PeekMessageW
CharLowerA
CharLowerW
MsgWaitForMultipleObjects
wsprintfW
DispatchMessageW
TranslateMessage

advapi32

SetSecurityDescriptorDacl
RegQueryValueExW
RegDeleteKeyW
RegFlushKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey

ole32

CoSetProxyBlanket
CoInitializeSecurity
IIDFromString
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

Exports

Exports

a
s

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77758f362c0b50391bbe93f6f2a98fd4

Headers

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 7KB

.CRT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 7KB

.CRT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 4KB