e40645b6ceea07a39c9c8466493e1e8b9e6aadfa06f1ec209addb00d62740bc4

Sharing

Copy URL Twitter E-mail

General

Target

e40645b6ceea07a39c9c8466493e1e8b9e6aadfa06f1ec209addb00d62740bc4
Size

306KB
MD5

f66a4508ab048ce59c2c0c0b31a79281
SHA1

3501007647d976707ba880f020c1b2c9fb64549b
SHA256

e40645b6ceea07a39c9c8466493e1e8b9e6aadfa06f1ec209addb00d62740bc4
SHA512

836434c740b718bea62604d0b63139c7a3126491f02400ebeb2bd5f05735914c4974e82a1de4d9d65241d7d3ae25ded5687b8e3878aac3b7aa48b56bdb6672b6
SSDEEP

6144:FxAuB+A9TWD1H3CWv4Xcy/kUFYNVKxuUZ1fyiabY4ZT:FMwWH3CWod/kUeVKAkF/4ZT

Score

N/A

Malware Config

Signatures

Files

e40645b6ceea07a39c9c8466493e1e8b9e6aadfa06f1ec209addb00d62740bc4
.dll windows x86

847380c4ff4b72595d652fd0dbd160f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ollydbg.exe

ord90
ord31
ord78
ord93
ord59
ord23
ord53
ord170
ord185
ord89
ord117
ord179
ord38
ord79
ord36
ord186
ord76
ord99
ord115
ord46
ord85
ord2
ord45
ord84
ord92
ord172
ord101
ord73
ord54
ord107
ord60
ord88
ord104
ord44
ord114

kernel32

VirtualProtect
CreateToolhelp32Snapshot
CloseHandle
GetCommandLineA
ExitProcess
CreateFileA
SetFilePointer
CreateProcessA
HeapAlloc
ReadFile
HeapFree
WaitForSingleObject
GetLastError
GetProcessHeap
VirtualProtectEx
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualQueryEx
GlobalAlloc
Sleep
SizeofResource
MultiByteToWideChar
LockResource
DeviceIoControl
GetCurrentProcessId
GetFileSize
GetTempPathA
FindResourceA
DeleteFileA
LoadResource
QueryDosDeviceA
ReadProcessMemory
GetLogicalDriveStringsA
LocalAlloc
GetSystemInfo
LocalFree
OpenThread
DebugActiveProcess
VirtualFreeEx
GetModuleFileNameA
lstrcmpiA
ContinueDebugEvent
SetThreadContext
WaitForDebugEvent
GetVersionExA
GlobalUnlock
SuspendThread
ResumeThread
GlobalLock
CreateThread
GetTickCount
CreateRemoteThread
VirtualAllocEx
GetModuleHandleA
SetEndOfFile
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
OpenProcess
SetHandleCount
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
RtlUnwind
GetStdHandle
WriteFile
HeapReAlloc
Process32Next
LoadLibraryA
VirtualAlloc
GlobalFree
GetProcAddress
DeleteCriticalSection
VirtualFree
Process32First
GetCurrentProcess
WriteProcessMemory
HeapCreate
HeapDestroy
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
GetThreadContext
VirtualQuery
GetCurrentThreadId

user32

DefWindowProcA
BeginPaint
SendMessageA
EndPaint
CreateMDIWindowA
PostMessageA
OpenClipboard
EnableWindow
CloseClipboard
SetClipboardData
DialogBoxParamA
GetClipboardData
RegisterClassA
EmptyClipboard
GetKeyState
SendDlgItemMessageA
DrawTextExA
GetDC
ReleaseDC
EndDialog
CheckDlgButton
IsDlgButtonChecked
GetComboBoxInfo
SetWindowTextA
GetDlgCtrlID
GetDlgItemTextA
SetDlgItemTextA
UpdateWindow
GetUserObjectSecurity
CloseDesktop
SetProcessWindowStation
OpenDesktopA
OpenWindowStationA
MessageBoxA
SetUserObjectSecurity
CloseWindowStation
GetProcessWindowStation
wsprintfA
ScreenToClient
GetWindowRect
GetSysColor
ShowWindow
FillRect
GetWindowTextA
MoveWindow
DrawTextA
SetWindowLongA
InvalidateRect
IsWindowVisible
CreateWindowExA
FindWindowExA
GetClientRect
CallWindowProcA
GetDlgItem

gdi32

CreateSolidBrush
SetTextColor
SetBkColor
DeleteObject

comdlg32

GetOpenFileNameA

advapi32

BuildExplicitAccessWithNameA
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
RevertToSelf
CreateProcessAsUserA
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
AdjustTokenPrivileges
LookupPrivilegeValueA
CreateServiceA
DeleteService
CloseServiceHandle
OpenServiceA
ControlService
OpenSCManagerA
StartServiceA
MakeAbsoluteSD
GetKernelObjectSecurity
GetTokenInformation
ImpersonateLoggedOnUser
LsaClose
DuplicateTokenEx
GetSecurityDescriptorDacl
GetAce
LsaFreeMemory
LsaEnumerateAccountRights
LookupPrivilegeValueW
LsaOpenPolicy
LogonUserA
GetLengthSid
SetSecurityDescriptorDacl
CopySid
CreateRestrictedToken
SetKernelObjectSecurity
GetAclInformation
SetEntriesInAclA
AddAce

netapi32

NetUserAdd
NetUserDel

shlwapi

StrCmpNIA

imagehlp

CheckSumMappedFile

psapi

GetModuleFileNameExA
EnumProcessModules
GetMappedFileNameA

Exports

Exports

_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginshortcut

Sections

.text
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

HookStub
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fengyue
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

847380c4ff4b72595d652fd0dbd160f3

Headers

File Characteristics

Imports

ollydbg.exe

kernel32

user32

gdi32

comdlg32

advapi32

netapi32

shlwapi

imagehlp

psapi

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 92KB

HookStub Size: 512B - Virtual size: 4KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 40KB

.rsrc Size: 65KB - Virtual size: 68KB

.fengyue Size: 112KB - Virtual size: 112KB

.reloc Size: 4KB - Virtual size: 8KB

.text
Size: 90KB - Virtual size: 92KB

HookStub
Size: 512B - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 40KB

.rsrc
Size: 65KB - Virtual size: 68KB

.fengyue
Size: 112KB - Virtual size: 112KB

.reloc
Size: 4KB - Virtual size: 8KB