aa8fd72c195ab8050f120001cf7ee63bc45ddd7f1f8efa6771d59ec98cae31ca

Sharing

Copy URL Twitter E-mail

General

Target

aa8fd72c195ab8050f120001cf7ee63bc45ddd7f1f8efa6771d59ec98cae31ca
Size

110KB
MD5

65fda25924de689878bdece19cd114d6
SHA1

4e9bdfdc7b61e9817e439eaf6e1b6eb34937a0c9
SHA256

aa8fd72c195ab8050f120001cf7ee63bc45ddd7f1f8efa6771d59ec98cae31ca
SHA512

cd58bcc0e245a2ac5ad7e65e4b187ad451c8f2608af3048c6504baab5f6b26e3ee0633569c0a0f60db6b9ca6913c9e850294c704dae6b83a13f5e447dfd823ca
SSDEEP

1536:PBXkdZY9TiTvO+x0ZcYf80iKVnhl+MMbuFfDOrBWqf:dkPck5KV1FL+Bx

Score

N/A

Malware Config

Signatures

Files

aa8fd72c195ab8050f120001cf7ee63bc45ddd7f1f8efa6771d59ec98cae31ca
.dll windows x86

2ac3163028ad46172c36eef16fb9c66d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PulseEvent
InterlockedDecrement
WaitForMultipleObjects
ResetEvent
InterlockedIncrement
FreeLibraryAndExitThread
TerminateProcess
InterlockedCompareExchange
ReleaseMutex
SetEvent
OpenEventA
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
GetLastError
DisableThreadLibraryCalls
ReadDirectoryChangesW
GetFileAttributesExA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
VirtualFree
VirtualProtect
VirtualAlloc
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateFileA
Thread32First
Module32Next
Module32First
VirtualQuery
GetSystemInfo
QueryDosDeviceA
GetModuleHandleA
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
OpenThread
GetCurrentThreadId
ExitProcess
WriteFile
DeleteFileA
ReadFile
MoveFileA
SetFilePointer
lstrlenW
GetTempFileNameA
GetTempPathA
FindNextFileA
FindFirstFileA
MultiByteToWideChar
CreateProcessA
CreatePipe
CreateFileMappingA
MapViewOfFile
GetFileSize
WaitForSingleObject
ExitThread
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CreateEventA
CreateThread
Sleep
WinExec
CopyFileA
SetFileAttributesA
FreeLibrary
CreateMutexA
CloseHandle
GetCurrentProcess
LoadLibraryA
GetProcAddress
GetCurrentThread
Thread32Next
GetCurrentProcessId

user32

MessageBoxA
SetTimer
SetDlgItemTextA
GetDlgItemTextA
DialogBoxParamA
GetWindowTextA
PostMessageA
IsWindow
DispatchMessageA
TranslateMessage
ReleaseDC
FillRect
InflateRect
EnumDesktopWindows
GetClassNameA
EnumChildWindows
EnumWindows
OffsetRect
SetWindowPos
GetDlgItem
SendMessageA
EndDialog
KillTimer
GetMessageA
CallNextHookEx
SetWindowsHookExA
GetWindowThreadProcessId
UnhookWindowsHookEx
PrintWindow
GetWindowRect
GetClientRect
IsRectEmpty
GetWindowDC
GetDC
GetDesktopWindow
ExitWindowsEx
GetParent
ShowWindow

gdi32

GetStockObject
DeleteObject
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
DeleteDC
BitBlt

advapi32

RegDeleteValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegEnumValueA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear

wininet

HttpSendRequestExA
HttpEndRequestA
InternetCrackUrlA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetWriteFile

ws2_32

inet_ntoa
closesocket
WSAStartup
WSACleanup
setsockopt
gethostbyname

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

_memicmp
_stricmp
??3@YAXPAX@Z
_mbsstr
memcpy
??2@YAPAXI@Z
__CxxFrameHandler
time
_adjust_fdiv
_initterm
_onexit
__dllonexit
printf
atol
strstr
_ltoa
abs
wcsstr
_mbsnbcat
_mbslwr
_ismbcalpha
memmove
malloc
wcscmp
free
_mbscmp
_mbsupr
_snprintf
_except_handler3
_ismbcprint
memcmp
strncpy
_purecall
clock
memset
_mbsrchr
_mbsnbcpy
_mbsicmp
_mbstok
atoi
_mbschr
strlen
sprintf
strcpy
strcat

gdiplus

GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage
GdipFree
GdipDisposeImage
GdipSaveImageToStream
GdiplusStartup

comctl32

ord17

iphlpapi

GetAdaptersInfo

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

shell32

SHGetFolderPathA

Exports

Exports

_LOADLIBRARY_DUMMY
_RunAs@16

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ac3163028ad46172c36eef16fb9c66d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

ws2_32

psapi

shlwapi

msvcrt

gdiplus

comctl32

iphlpapi

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 101KB - Virtual size: 101KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 101KB - Virtual size: 101KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 4KB