de53d4dc336a2142ff5f05859d438d365f0517d1a166c7e40311804549b8f43b

Sharing

Copy URL Twitter E-mail

General

Target

de53d4dc336a2142ff5f05859d438d365f0517d1a166c7e40311804549b8f43b
Size

160KB
MD5

d57bb7a3e631d52a7c92fd49c2c7001a
SHA1

9aa33c055e11ef3ea656c6d0c0614ba1d9ffa510
SHA256

de53d4dc336a2142ff5f05859d438d365f0517d1a166c7e40311804549b8f43b
SHA512

57068526645d4505817b18c6d8ddf211b26f31ed28bfe7b81b37f9bccd42db2ab61b61892f7e6704b0b9a83e6e86bc579b5945a2a748100a89d20fb8c5e0ca5c
SSDEEP

3072:tX1oE51Vgi4calJ4I34QqXRCinGqIsZZ1UEuedQAWgBNDuS5:0E9b4lo7hDGqDZTjdQAWgDuS

Score

N/A

Malware Config

Signatures

Files

de53d4dc336a2142ff5f05859d438d365f0517d1a166c7e40311804549b8f43b
.dll windows x86

7b630b10692d2822947f6eec0f15533f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
CreateFileMappingA
CreateFileA
OpenFileMappingA
CreateEventA
EnterCriticalSection
ExitProcess
InterlockedDecrement
CreateMutexW
GetModuleHandleA
CloseHandle
HeapAlloc
TerminateProcess
HeapFree
UnmapViewOfFile
WriteProcessMemory
GetVolumeInformationA
LocalFree
GetModuleFileNameA
GlobalFree
CopyFileA
GetLastError
LeaveCriticalSection
InterlockedIncrement
InterlockedCompareExchange
GetProcAddress
GetProcessHeap
CreateProcessA
MapViewOfFile
LoadLibraryA
ReadProcessMemory
Sleep
WriteFile
GetCurrentProcess
GetComputerNameA
GetCommandLineA
GlobalAlloc
WaitForSingleObject
OpenEventA
SetLastError
GetTickCount

ole32

CoCreateInstance
CoCreateGuid
OleSetContainedObject
OleCreate
CoSetProxyBlanket
CoTaskMemAlloc
CoUninitialize
CoInitialize

user32

RegisterWindowMessageA
PeekMessageA
GetWindowLongA
ClientToScreen
DestroyWindow
SetWindowsHookExA
SetWindowLongA
UnhookWindowsHookEx
TranslateMessage
PostQuitMessage
DispatchMessageA
SetTimer
GetMessageA
SendMessageA
DefWindowProcA
GetParent
GetClassNameA
ScreenToClient
GetWindowThreadProcessId
KillTimer
FindWindowA
GetSystemMetrics
GetCursorPos
GetWindow
CreateWindowExA

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

DuplicateTokenEx
OpenProcessToken
RegSetValueExA
RegCloseKey
GetUserNameA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
SetTokenInformation

shell32

SHGetFolderPathA

Exports

Exports

ClipPad64

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

quic
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b630b10692d2822947f6eec0f15533f

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 944B

quic Size: 4KB - Virtual size: 12B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 944B

quic
Size: 4KB - Virtual size: 12B

.reloc
Size: 8KB - Virtual size: 6KB