a0b03c357b30c65e92addebd65000dfb414c005176c33c54febd2b57a1f9331f

Sharing

Copy URL Twitter E-mail

General

Target

a0b03c357b30c65e92addebd65000dfb414c005176c33c54febd2b57a1f9331f
Size

156KB
MD5

9ae0c01da95807001f79586b13cc4152
SHA1

4b4a9dd0ca7360970ffb38a3109781dddf59e2b7
SHA256

a0b03c357b30c65e92addebd65000dfb414c005176c33c54febd2b57a1f9331f
SHA512

8c29a3f7f8c1bd1a6f54846b0d089c8a5c4477e679e3aa093d77720f7b6d41f3b9d2804cbd6c38a819d5ad3395d68ddfdc09881d618d294067eb6806211e5deb
SSDEEP

3072:+v6t5eU65hVMFq85AVhUIAYgpyrDdQ4fLd3h2ToIuOclP/OW0SrV:+Y5ez615kUIAYgYPdQQhRsoIuOch/b

Score

N/A

Malware Config

Signatures

Files

a0b03c357b30c65e92addebd65000dfb414c005176c33c54febd2b57a1f9331f
.dll windows x86

e1342087957586f41f49e88dba5ccb95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedCompareExchange
LeaveCriticalSection
ReadProcessMemory
GetCurrentProcess
MapViewOfFile
GetModuleFileNameA
SetLastError
ExitProcess
HeapFree
UnmapViewOfFile
OpenEventA
CreateMutexW
GetCommandLineA
GetVolumeInformationA
LoadLibraryA
WaitForSingleObject
CreateFileA
TerminateProcess
CreateFileMappingA
CreateEventA
GetProcessHeap
GetProcAddress
GlobalAlloc
GetModuleHandleA
LocalFree
EnterCriticalSection
OpenFileMappingA
WriteProcessMemory
GetTickCount
CreateDirectoryA
WriteFile
GetLastError
CopyFileA
GetComputerNameA
GlobalFree
Sleep
CloseHandle
InterlockedIncrement
CreateProcessA
HeapAlloc

ole32

OleSetContainedObject
CoSetProxyBlanket
CoTaskMemAlloc
CoUninitialize
OleCreate
CoInitialize
CoCreateInstance
CoCreateGuid

user32

GetClassNameA
GetCursorPos
DefWindowProcA
PeekMessageA
SetTimer
SetWindowsHookExA
TranslateMessage
GetMessageA
GetSystemMetrics
ClientToScreen
PostQuitMessage
DestroyWindow
SetWindowLongA
GetWindow
GetWindowThreadProcessId
CreateWindowExA
RegisterWindowMessageA
GetParent
KillTimer
SendMessageA
DispatchMessageA
GetWindowLongA
FindWindowA
UnhookWindowsHookEx
ScreenToClient

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

GetUserNameA
SetTokenInformation
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegDeleteValueA
DuplicateTokenEx
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathA

Exports

Exports

HpMapLite

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 953B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

clfybyw
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1342087957586f41f49e88dba5ccb95

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 953B

clfybyw Size: 4KB - Virtual size: 4B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 953B

clfybyw
Size: 4KB - Virtual size: 4B

.reloc
Size: 8KB - Virtual size: 6KB