f79c9eb7e24464e24ec1b816c65dd730510988bebc826ae42e393761068183bb

Sharing

Copy URL Twitter E-mail

General

Target

f79c9eb7e24464e24ec1b816c65dd730510988bebc826ae42e393761068183bb
Size

74KB
MD5

73babd4160614efc5f8df4b2575e6b48
SHA1

c9d25b7a17a4af5580d83535116ccd6a66e4b361
SHA256

f79c9eb7e24464e24ec1b816c65dd730510988bebc826ae42e393761068183bb
SHA512

84604108f9eedce1e61eb73546fb31345a19812d2864fe2bb44668ac92e29b8bd26c95a72660cf285366d50e1be3510528c5f334014af1775283a295e6f6e1fb
SSDEEP

1536:eKOPn7C+H3PjNJhbHczgHg/Fy741vocL:eNP7Cqbbm/Fr1

Score

N/A

Malware Config

Signatures

Files

f79c9eb7e24464e24ec1b816c65dd730510988bebc826ae42e393761068183bb
.dll windows x86

e76ceebd9ed3b501b44dbb8ce825fa7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
CreateFileA
CreateEventA
SleepEx
PulseEvent
WriteFile
OpenEventA
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
DisableThreadLibraryCalls
ReadDirectoryChangesW
GetFileAttributesExA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
InterlockedIncrement
InterlockedDecrement
FreeLibraryAndExitThread
VirtualFree
VirtualProtect
VirtualAlloc
Process32Next
MapViewOfFile
CreateToolhelp32Snapshot
Module32Next
Module32First
GetCurrentProcessId
VirtualQuery
GetSystemInfo
GetProcAddress
Thread32Next
Thread32First
QueryDosDeviceA
OpenProcess
TerminateProcess
lstrlenW
GetVersionExA
FindNextFileA
FindFirstFileA
MultiByteToWideChar
ReadFile
CreatePipe
GetModuleHandleA
GetLastError
GetFileSize
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CloseHandle
CreateThread
WaitForSingleObject
ReleaseMutex
GetTempPathA
GetTempFileNameA
Sleep
CreateProcessA
WinExec
CopyFileA
SetFileAttributesA
FreeLibrary
CreateMutexA
LoadLibraryA
Process32First

user32

GetWindowThreadProcessId
CallNextHookEx
PrintWindow
UnhookWindowsHookEx
SetTimer
GetWindowRect
GetClientRect
IsRectEmpty
GetWindowDC
GetDC
GetDesktopWindow
MessageBoxA
ShowWindow
KillTimer
SendMessageA
GetDlgItem
SetWindowPos
OffsetRect
GetParent
EnumWindows
EnumChildWindows
GetClassNameA
GetWindowTextA
EnumDesktopWindows
IsWindow
DialogBoxParamA
GetDlgItemTextA
SetDlgItemTextA
SetWindowsHookExA

gdi32

GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
CreateCompatibleDC
DeleteObject
DeleteDC

advapi32

RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegCloseKey

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear

msvcp60

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

wininet

HttpEndRequestA
HttpSendRequestA
HttpAddRequestHeadersA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestExA
InternetWriteFile
HttpQueryInfoA
InternetCrackUrlA
InternetOpenA
InternetConnectA

urlmon

URLDownloadToFileA

ws2_32

WSACleanup
closesocket
setsockopt

shell32

SHGetFolderPathA

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

_mbsrchr
_mbsnbcpy
_mbsicmp
_mbstok
atoi
strlen
_mbschr
__CxxFrameHandler
strcat
strcpy
sprintf
??2@YAPAXI@Z
clock
_mbsstr
memmove
_mbslwr
wcsstr
abs
_ltoa
strstr
atol
printf
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
memset
strncpy
memcmp
_ismbcprint
_snprintf
_mbsupr
_CxxThrowException
_mbscmp
free
wcscmp
memcpy
_memicmp
_initterm
_adjust_fdiv
malloc

gdiplus

GdiplusStartup
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToStream

comctl32

ord17

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

Exports

Exports

?GetOS@Utility@@SAKXZ
_LOADLIBRARY_DUMMY

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e76ceebd9ed3b501b44dbb8ce825fa7c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp60

wininet

urlmon

ws2_32

shell32

psapi

shlwapi

msvcrt

gdiplus

comctl32

iphlpapi

rpcrt4

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB