d1238b35b7829c012c6566e8bd081d522bd505277e426f62a56f42cf296b7828

General

Target

d1238b35b7829c012c6566e8bd081d522bd505277e426f62a56f42cf296b7828
Size

522KB
MD5

5fb96a4b94e3f4c570a15283b0cf5f0f
SHA1

d74d8c112666deaa119eae752ae13958118ac3e8
SHA256

d1238b35b7829c012c6566e8bd081d522bd505277e426f62a56f42cf296b7828
SHA512

a394e81de922af028a7a0d0452c26440b3bbbddaebe5e19b76ff87bd00a9ff259bea4dd56c533c581ce227602db81193124759daa93646b3508641321b12cd0c
SSDEEP

12288:q13xPPJmaIU5pPfLjZ0PGuyK6T765z3Mr:+ZmoR5pumT7+u

Score

N/A

Malware Config

Signatures

Files

d1238b35b7829c012c6566e8bd081d522bd505277e426f62a56f42cf296b7828
.dll windows x86

d01358ef385cb44d774188aa7ae6078e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA
PathFileExistsA
PathAppendW
PathRemoveFileSpecW

kernel32

EnterCriticalSection
Sleep
GetStartupInfoA
SetHandleCount
InterlockedIncrement
GetModuleFileNameA
HeapAlloc
GetLastError
TlsSetValue
TlsFree
SetLastError
LCMapStringA
GetOEMCP
SetUnhandledExceptionFilter
SetFilePointer
lstrcmpW
GetCurrentProcessId
GetLocalTime
UnhandledExceptionFilter
CreateFileA
LCMapStringW
HeapFree
GetStringTypeW
TlsAlloc
GetStdHandle
InterlockedDecrement
RaiseException
TerminateProcess
GetCurrentThreadId
GetFileType
GetCurrentProcess
VirtualAlloc
CreateFileW
LeaveCriticalSection
VerSetConditionMask
GetCommandLineW
QueryPerformanceCounter
HeapReAlloc
GetVersionExW
GetACP
VirtualFree
GetSystemTimeAsFileTime
MultiByteToWideChar
GetStringTypeA
IsDebuggerPresent
SetStdHandle
TlsGetValue
GetEnvironmentStringsW
GetTickCount
GetModuleFileNameW
GetConsoleOutputCP
LoadLibraryA
DeleteCriticalSection
GetCPInfo
VerifyVersionInfoW
HeapCreate
WriteConsoleA
ExitProcess
GetLocaleInfoA
FlushFileBuffers
GetConsoleMode
WideCharToMultiByte
GetPrivateProfileIntW
IsValidCodePage
WriteConsoleW
GetConsoleCP
CloseHandle
HeapSize
GetProcAddress
FreeEnvironmentStringsW
WriteFile
GetModuleHandleW
GetTempPathW
InitializeCriticalSectionAndSpinCount

advapi32

ConvertStringSidToSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Exports

Exports

keeg

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 469KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d01358ef385cb44d774188aa7ae6078e

Headers

File Characteristics

Imports

shlwapi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.data Size: 469KB - Virtual size: 469KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 50KB - Virtual size: 49KB

.data
Size: 469KB - Virtual size: 469KB

.reloc
Size: 2KB - Virtual size: 1KB