eefba822de31b2e973657a58596cf66b6326bd0cd77d93f17d65d2a478dad220

Sharing

Copy URL Twitter E-mail

General

Target

eefba822de31b2e973657a58596cf66b6326bd0cd77d93f17d65d2a478dad220
Size

152KB
MD5

3a6f82dae768f7739666b48f8fae8940
SHA1

7cc3fcdd82f25afcc18f4002ad8f90cb958df70f
SHA256

eefba822de31b2e973657a58596cf66b6326bd0cd77d93f17d65d2a478dad220
SHA512

2417611f278e7d8777b0cb8d31562fa1d24e048019c089706e6501685500c707a1c5aca1a0ca5842826c55220b7a2d87075614f709766c826da4cae4abc50333
SSDEEP

3072:gI+56xHUZiXgxg9aIMKLcyGTsH7YFbclYKHlhUlF2S5lqXmQZRPc9hBSa4G:gls0MXg1y4qUSlYkl+SX5cb4

Score

N/A

Malware Config

Signatures

Files

eefba822de31b2e973657a58596cf66b6326bd0cd77d93f17d65d2a478dad220
.dll windows x86

339ae01e2f465100cebe12088dd7aab3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
CreateEventA
CreateDirectoryA
EnterCriticalSection
WaitForSingleObject
GetTickCount
GlobalFree
HeapFree
CreateProcessA
InterlockedIncrement
LeaveCriticalSection
GetModuleFileNameA
CloseHandle
CreateFileMappingA
SetLastError
TerminateProcess
GetComputerNameA
GetVolumeInformationA
CreateFileA
GetModuleHandleA
Sleep
GetProcAddress
LocalFree
LoadLibraryA
GetCurrentProcess
CreateMutexW
InterlockedCompareExchange
OpenEventA
CopyFileA
WriteProcessMemory
UnmapViewOfFile
ReadProcessMemory
OpenFileMappingA
ExitProcess
WriteFile
GetLastError
GetCommandLineA
GlobalAlloc
InterlockedDecrement
MapViewOfFile

ole32

CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitialize
OleCreate
OleSetContainedObject
CoCreateGuid
CoTaskMemAlloc

user32

GetWindow
DispatchMessageA
DefWindowProcA
FindWindowA
GetClassNameA
UnhookWindowsHookEx
GetParent
PeekMessageA
RegisterWindowMessageA
GetWindowLongA
ScreenToClient
GetSystemMetrics
SetWindowLongA
SetTimer
TranslateMessage
PostQuitMessage
CreateWindowExA
SetWindowsHookExA
GetWindowThreadProcessId
KillTimer
ClientToScreen
DestroyWindow
GetCursorPos
SendMessageA
GetMessageA

oleaut32

SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

OpenProcessToken
DuplicateTokenEx
RegCreateKeyExA
GetUserNameA
SetTokenInformation
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetFolderPathA

Exports

Exports

DesktopMobileTask

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

giv
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

339ae01e2f465100cebe12088dd7aab3

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 960B

giv Size: 4KB - Virtual size: 4B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 960B

giv
Size: 4KB - Virtual size: 4B

.reloc
Size: 8KB - Virtual size: 6KB