97382d6ba29bc14098e18b2120d583df6f8ead799e91ea4452315aa426c235b8

Sharing

Copy URL Twitter E-mail

General

Target

97382d6ba29bc14098e18b2120d583df6f8ead799e91ea4452315aa426c235b8
Size

636KB
MD5

ca9b8b5ff198d1b85bae0117e2303905
SHA1

4d8c6a57d92ec4857b197604c09dbc840f95e286
SHA256

97382d6ba29bc14098e18b2120d583df6f8ead799e91ea4452315aa426c235b8
SHA512

322059e0ffc724e1782cb838bc60591f842c7d7d3100683c2cc3066f6b5bef92df4eef2de642e6d609d508f8ed995ebbf0911527c7afadb30f7c2afdf775e2f1
SSDEEP

3072:HngIMvwXtG7OrfweioRQIPFuDa9ZHSY/gg1G0Z6:HngBKFfweiGQI9u2/R/gaG

Score

N/A

Malware Config

Signatures

Files

97382d6ba29bc14098e18b2120d583df6f8ead799e91ea4452315aa426c235b8
.dll windows x86

b0c9ab754dcf177d5c3a83f3e2d042b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

gdi32

DeleteDC
GetDIBits
CreateFontIndirectA
SetTextColor
SetBkMode
CreateDIBSection
CreateDCA
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
GetStockObject
SelectPalette
DeleteObject
RealizePalette

psapi

GetModuleFileNameExA
EnumProcessModules

ws2_32

WSAStartup
socket
WSAGetLastError
ntohs
WSACleanup
send
recv
closesocket
select
inet_addr
gethostbyname
inet_ntoa
setsockopt
htons
connect

winmm

waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveInClose
waveInStart
waveInReset
waveInOpen

kernel32

ExitThread
FreeLibrary
CloseHandle
CreateThread
GetTickCount
GetProcAddress
LoadLibraryA
DeleteFileA
OutputDebugStringA
WriteFile
GetStdHandle
GetVersionExA
GetLastError
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetDiskFreeSpaceA
GetDriveTypeA
GetLogicalDrives
GetModuleHandleA
GlobalMemoryStatus
GetCurrentProcessId
GetComputerNameA
WinExec
MoveFileExA
GetModuleFileNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetSystemDefaultLangID
OpenProcess
WaitForSingleObject
CreateRemoteThread
GetVersion
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
GetVolumeInformationA
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToFileTime
GetLocalTime
CreateDirectoryA
SetFileAttributesA
GetFileAttributesA
RemoveDirectoryA
MoveFileA
GetTempPathA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
CreateFileA
GetFileTime
SetFileTime
WideCharToMultiByte
Module32Next
Module32First
TerminateProcess
SetPriorityClass
SuspendThread
Thread32Next
Thread32First
ResumeThread
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TerminateThread
GetExitCodeThread
LocalFree
LocalAlloc
GetWindowsDirectoryA
GetSystemTime
WriteProcessMemory
VirtualAllocEx
MultiByteToWideChar
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetSystemDirectoryA
SetLastError
FreeConsole
ReadFile
CreateProcessA
GetStartupInfoA
CreatePipe
InterlockedDecrement
GlobalSize
lstrlenA
CopyFileA

user32

GetDesktopWindow
RedrawWindow
DrawTextA
GetSystemMetrics
mouse_event
keybd_event
GetDC
ReleaseDC
OpenInputDesktop
GetUserObjectInformationA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
PostMessageA
CloseWindowStation
CloseDesktop
SendMessageA
ExitWindowsEx
PostThreadMessageA
GetMessageA
GetForegroundWindow
MessageBoxA

advapi32

GetTokenInformation
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
CloseServiceHandle
QueryServiceConfigA
QueryServiceConfig2A
OpenServiceA
EnumServicesStatusExA
OpenSCManagerA
DeleteService
ControlService
QueryServiceStatus
StartServiceA
LookupAccountSidA
RegisterServiceCtrlHandlerA
ChangeServiceConfigA
QueryServiceStatusEx
SetServiceStatus
RegDeleteKeyA
RegCreateKeyA
RegEnumKeyA
RegOpenKeyA
RegEnumValueA
CreateServiceA
ChangeServiceConfig2A

ole32

CoInitializeEx
CoInitialize
CoTaskMemFree
OleRun
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantClear
GetErrorInfo
SysAllocString

msvfw32

ICCompress
ICClose
ICSendMessage
ICOpen
ICImageCompress

msvcrt

fread
strcmp
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
isdigit
strtoul
strtok
malloc
free
_vsnprintf
fprintf
_strtime
_strdate
strcat
sprintf
strstr
strrchr
fopen
fwrite
fclose
printf
_errno
_open
_read
_strrev
_write
_close
_lseek
remove
_ftol
abs
_CxxThrowException
strncat
wcstombs
_except_handler3
rand
wcslen
_CIacos
_CIpow
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_strnicmp
_stricmp
_strlwr
fseek
memcmp
strncmp
strchr
memset
strlen
strcpy
memcpy
strncpy
atoi

Exports

Exports

SvchostEntry_W32Time

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b0c9ab754dcf177d5c3a83f3e2d042b2

Headers

File Characteristics

Imports

shell32

gdi32

psapi

ws2_32

winmm

kernel32

user32

advapi32

ole32

oleaut32

msvfw32

msvcrt

Exports

Exports

Sections

.text Size: 612KB - Virtual size: 612KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 612KB - Virtual size: 612KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 12KB - Virtual size: 12KB