ba415f286a45ea1c5ff9447e9856404ef8b1a7abb7110e46e6abb7606dfa945c

Sharing

Copy URL Twitter E-mail

General

Target

ba415f286a45ea1c5ff9447e9856404ef8b1a7abb7110e46e6abb7606dfa945c
Size

156KB
MD5

2cd7e308158874ac27deae44d3d5a9af
SHA1

33e371406e949dd0643d41664342fa4863eb34be
SHA256

ba415f286a45ea1c5ff9447e9856404ef8b1a7abb7110e46e6abb7606dfa945c
SHA512

d764413f7543ae4c9809eba8975d50ad8b790efd9695dd8939cbe540101a3b99e48ad953587e11b4b3018323d7fa439f6a781f259bdbfaad9f05e6affd02a9ca
SSDEEP

3072:V3sWNjUNIdinyfb461KjNtCtTYeeDyn4xdZTiC5ecCF/J6POo9SH2Dw:1vNjUasyfbNKmtTZeDy4xdZR5ecCJJs/

Score

N/A

Malware Config

Signatures

Files

ba415f286a45ea1c5ff9447e9856404ef8b1a7abb7110e46e6abb7606dfa945c
.dll windows x86

8358b810ecdf3e97ff2b4181f5066ec1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiSetDeviceRegistryPropertyW
CM_Get_Child
CM_Get_Depth
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_IDA
CM_Get_Device_ID_Size
CM_Get_First_Log_Conf
CM_Get_Parent
CM_Get_Sibling
CM_Locate_DevNodeA
CM_Move_DevNode_Ex
CM_Request_Device_EjectW
CM_Set_HW_Prof
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiCreateDeviceInfoList
SetupDiDeleteDeviceInterfaceData
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiEnumDriverInfoW
SetupDiGetClassDevsA
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupOpenFileQueue
SetupDiSetSelectedDriverW
SetupDiSetSelectedDevice
CM_Add_Res_Des
SetupDiSetDeviceInterfaceDefault
SetupDiSetDeviceInstallParamsW
SetupDiOpenDeviceInfoA

user32

MsgWaitForMultipleObjectsEx
PeekMessageA
UnregisterDeviceNotification
MessageBoxW
GetUpdateRect
CharUpperA

shell32

SHGetFolderPathW

ws2_32

WSAAccept
WSAAsyncGetServByPort
WSAGetLastError
__WSAFDIsSet
accept
bind
connect
getsockname
getsockopt
inet_addr
ioctlsocket
recv
select

ole32

CLSIDFromString
CoCreateInstance
CoCreateObjectInContext
CoInitialize
CoQueryProxyBlanket
CoSetProxyBlanket
CoUninitialize
HBRUSH_UserMarshal

kernel32

lstrlenW
lstrcmpiA
_lopen
_lcreat
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
TlsSetValue
TlsGetValue
TlsAlloc
TerminateThread
Sleep
SizeofResource
SignalObjectAndWait
SetUnhandledExceptionFilter
SetThreadPriorityBoost
SetLastError
SetFilePointer
SetEvent
Beep
CloseHandle
ConnectNamedPipe
CreateFileA
CreateFileMappingA
CreateNamedPipeW
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
EraseTape
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextChangeNotification
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeLibrary
GetACP
GetCommMask
GetComputerNameExW
GetConsoleFontSize
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetHandleInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNamedPipeHandleStateA
GetOverlappedResult
GetProcAddress
GetShortPathNameW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultUILanguage
GetVersionExA
GetVolumeInformationW
HeapDestroy
HeapUnlock
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
IsBadReadPtr
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
Module32FirstW
MoveFileW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
ProcessIdToSessionId
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReadFileScatter
RemoveDirectoryW
ResetEvent
SetCommBreak
SetEndOfFile

advapi32

SystemFunction015
SystemFunction011
StartServiceCtrlDispatcherA
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
SetEntriesInAclW
RevertToSelf
ReportEventW
RegisterEventSourceW
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCloseKey
OpenServiceW
OpenSCManagerW
MapGenericMask
LsaLookupSids
LsaGetQuotasForAccount
IsValidSid
InitializeSecurityDescriptor
ImpersonateSelf
ImpersonateNamedPipeClient
GetUserNameW
GetTokenInformation
GetNamedSecurityInfoW
GetFileSecurityW
GetExplicitEntriesFromAclW
FreeSid
FreeEncryptionCertificateHashList
EqualSid
DeregisterEventSource
DeleteService
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CreateServiceW
ConvertToAutoInheritPrivateObjectSecurity
CloseServiceHandle
AllocateAndInitializeSid
AccessCheck

Exports

Exports

GetCounter
HrCopyStreamToByte
PszScanToWhiteA
Update

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 979B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8358b810ecdf3e97ff2b4181f5066ec1

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

user32

shell32

ws2_32

ole32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 93KB - Virtual size: 92KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 979B

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 979B