bbaced0e10b860842dd27b7e373c4864fc874d1c939453db54ec58c83a0de9e4

Sharing

Copy URL Twitter E-mail

General

Target

bbaced0e10b860842dd27b7e373c4864fc874d1c939453db54ec58c83a0de9e4
Size

148KB
MD5

f6b58ccd62dc88d039395ad7d00472d1
SHA1

9f90181a5b761f5719533b79f03f088bff46959f
SHA256

bbaced0e10b860842dd27b7e373c4864fc874d1c939453db54ec58c83a0de9e4
SHA512

b4e8710344044b726df168351428a34c6ec1a8c8a2d565881566d82e744609ca5a30620b88f49a93d8d529548303e13b7f0bf28fe412229c35c26839f890e5a7
SSDEEP

3072:blXlch97Qp3CUN0NAVZAXd3dBN6qIWjRo3SlEeT4aKT50hN:BXl+9MNFN0ldp6URtEeTPKT0N

Score

N/A

Malware Config

Signatures

Files

bbaced0e10b860842dd27b7e373c4864fc874d1c939453db54ec58c83a0de9e4
.dll windows x86

659ecfea03919942499dcf2b07276feb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFileMappingA
Sleep
WriteFile
CreateMutexW
InterlockedCompareExchange
GetModuleHandleA
GetTickCount
MapViewOfFile
LocalFree
GetVolumeInformationA
EnterCriticalSection
GetCommandLineA
GetComputerNameA
HeapFree
GetLastError
LoadLibraryA
CreateFileMappingA
ExitProcess
CreateFileA
WaitForSingleObject
ReadProcessMemory
GlobalAlloc
CopyFileA
OpenEventA
InterlockedDecrement
InterlockedIncrement
CreateDirectoryA
HeapAlloc
CreateProcessA
GlobalFree
WriteProcessMemory
CloseHandle
GetCurrentProcess
TerminateProcess
CreateEventA
GetProcessHeap
GetModuleFileNameA
UnmapViewOfFile
GetProcAddress
SetLastError
LeaveCriticalSection

ole32

CoCreateInstance
OleSetContainedObject
CoSetProxyBlanket
CoInitialize
CoTaskMemAlloc
CoCreateGuid
OleCreate
CoUninitialize

user32

GetWindowThreadProcessId
GetClassNameA
DispatchMessageA
DestroyWindow
PostQuitMessage
SetWindowsHookExA
FindWindowA
CreateWindowExA
SetWindowLongA
DefWindowProcA
SendMessageA
SetTimer
GetMessageA
GetWindowLongA
TranslateMessage
GetSystemMetrics
PeekMessageA
KillTimer
ScreenToClient
ClientToScreen
GetCursorPos
GetParent
UnhookWindowsHookEx
GetWindow
RegisterWindowMessageA

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegOpenKeyExA
OpenProcessToken
DuplicateTokenEx
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
SetTokenInformation
RegCreateKeyExA
GetUserNameA
RegDeleteKeyA

shell32

SHGetFolderPathA

Exports

Exports

winMapTray

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fqdy
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

659ecfea03919942499dcf2b07276feb

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 968B

fqdy Size: 4KB - Virtual size: 8B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 968B

fqdy
Size: 4KB - Virtual size: 8B

.reloc
Size: 8KB - Virtual size: 6KB