b6e0cc85b3c9fde2481e29ee57161488486b6325aee1b7bf944451ab41975f74

Sharing

Copy URL Twitter E-mail

General

Target

b6e0cc85b3c9fde2481e29ee57161488486b6325aee1b7bf944451ab41975f74
Size

176KB
MD5

3df68e1ea4e0ef82c0cb854ebb2541c0
SHA1

dbb9278cf1a422d571e193c7cca4d9ff2a9d25a1
SHA256

b6e0cc85b3c9fde2481e29ee57161488486b6325aee1b7bf944451ab41975f74
SHA512

e3c0ac4a51dc5f7654dffb9b6cff4205358af185e280c3c7ac252cbfb429186de818137d9df3e6a5055f82a778ebfaf5154d9c8a38d2d56d7889f4ca37dfaeee
SSDEEP

3072:qKhDRcv7tUMMpHlE0rwBgiOEWvS3kMzP1veW7dmgNi:qKLcv7tUPHlE8RiOEWvp+P1R7D

Score

N/A

Malware Config

Signatures

Files

b6e0cc85b3c9fde2481e29ee57161488486b6325aee1b7bf944451ab41975f74
.dll windows x86

60f09e90e019fafc0b88cd24bb6df5af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
CreateProcessW
GlobalFree
SetEvent
GetCurrentDirectoryA
GetFullPathNameA
FileTimeToLocalFileTime
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
CompareStringW
CompareStringA
HeapSize
RtlUnwind
VirtualQuery
VirtualProtect
VirtualAlloc
SetStdHandle
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
GetCPInfo
GetOEMCP
SetEnvironmentVariableW
SetEnvironmentVariableA
GetStartupInfoA
GetFileType
SetHandleCount
WideCharToMultiByte
HeapFree
HeapReAlloc
HeapAlloc
GetFileAttributesA
ExitProcess
FindNextFileA
FindFirstFileA
GetCommandLineA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetLastError
GetModuleFileNameA
FlushFileBuffers
CreateFileA
CreateFileMappingA
MapViewOfFile
WaitForMultipleObjects
GetCurrentThread
GetFileInformationByHandle
FindNextFileW
FindClose
GetCompressedFileSizeW
LocalFree
GetTempPathW
GetFileAttributesW
MoveFileExW
RemoveDirectoryW
CreateDirectoryW
OutputDebugStringA
GetModuleHandleW
DeleteFileW
GetComputerNameExW
GetModuleFileNameW
FreeLibrary
BackupRead
ReadFile
CloseHandle
SetErrorMode
GetStdHandle
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
GetExitCodeThread
OutputDebugStringW
GetModuleHandleA
GetVersionExA
GetSystemInfo
lstrcmpiA
QueryPerformanceFrequency
MultiByteToWideChar
GetACP
InitializeCriticalSection
InterlockedExchange
Sleep
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
CreateThread
DuplicateHandle
CreatePipe
CreateFileW
GetShortPathNameW
GetVersion
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
FreeEnvironmentStringsA
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
GetVersionExW
WriteFile
DisableThreadLibraryCalls
InterlockedCompareExchange
CreateSemaphoreA
FindAtomA
GetAtomNameA
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
ReleaseSemaphore
SetConsoleCursorInfo
SetConsoleCursorPosition
WriteConsoleOutputA
GetStartupInfoW
GetCurrentDirectoryW
SetFilePointer
ExitThread
SetUnhandledExceptionFilter

user32

SetFocus
IsDlgButtonChecked
GetClientRect
GetWindowRect
CheckDlgButton
FindWindowW
GetDlgItem
ExitWindowsEx
LoadStringW

advapi32

FreeSid
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameW
ReportEventW
GetExplicitEntriesFromAclW
EqualSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExW
RegCloseKey
OpenThreadToken
RevertToSelf
MapGenericMask
AccessCheck
RegEnumKeyA
SetSecurityDescriptorDacl
LookupPrivilegeValueW
RegCreateKeyW
SetSecurityDescriptorOwner
AllocateAndInitializeSid
RegQueryValueExA
RegSetValueExA
GetSecurityDescriptorControl
GetNamedSecurityInfoW
RegDeleteKeyW
RegSetValueExW

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoInitialize
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoQueryProxyBlanket

msvcrt

malloc
_onexit
tolower
time
strtoul
strtol
strstr
strrchr
strlen
strerror
strcspn
strcmp
strchr
srand
_lock
signal
realloc
rand
qsort
printf
memset
memmove
sprintf
getenv
ftell
fseek
free
fputs
fputc
fprintf
fflush
fclose
exit
clock
clearerr
atoi
abort
mbstowcs
_unlock
__dllonexit

Exports

Exports

InstancesDeviceAccessesAny
SoftwareDevice
TwoYour

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60f09e90e019fafc0b88cd24bb6df5af

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 56KB - Virtual size: 128KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 56KB - Virtual size: 128KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 4KB - Virtual size: 1KB