9df03724973bebac09f5faf66bbe5e5e01d8613cdf636378968d4f8bfa9d9450

Sharing

Copy URL Twitter E-mail

General

Target

9df03724973bebac09f5faf66bbe5e5e01d8613cdf636378968d4f8bfa9d9450
Size

128KB
MD5

01c01a72c2a94a83e426acd3ceef109d
SHA1

7987f0aa0a716954988e296eb5b129aacc71aad0
SHA256

9df03724973bebac09f5faf66bbe5e5e01d8613cdf636378968d4f8bfa9d9450
SHA512

8f9de8ab9ca5563860f84883de34f73960a75cf2f208d80a45c67598b870a03e1e9a55d75823b449334219db5da881f8268d63d2a1e36ca83a7b517ae035d053
SSDEEP

3072:2CtNMyKWSfe2EcuL7WGLKYNlA+Jn0ialMACij1:2C4VWCe2O7ZNlAjieMDi

Score

N/A

Malware Config

Signatures

Files

9df03724973bebac09f5faf66bbe5e5e01d8613cdf636378968d4f8bfa9d9450
.dll windows x86

a7ec52d935039623fc5295944c6a6df1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetHandleInformation
VirtualAlloc
TlsSetValue
FindFirstVolumeMountPointA
ResumeThread
DeleteVolumeMountPointW
CreateMutexA
GlobalGetAtomNameW
WaitForSingleObject
GetTickCount
SetCalendarInfoA
GetEnvironmentStringsW
CreateEventA
WritePrivateProfileSectionA
GetVolumeNameForVolumeMountPointA
UpdateResourceW
RtlUnwind
TerminateProcess
GetLastError
GetBinaryTypeW
SetSystemTime
GetVDMCurrentDirectories
InitAtomTable
ReleaseSemaphore
GetLocalTime
_lclose
IsValidLocale
BackupWrite
FindFirstChangeNotificationW
Process32FirstW
_lcreat
CreateSemaphoreW
SetConsoleNumberOfCommandsA
ShowConsoleCursor
FileTimeToSystemTime
CloseHandle
SetMailslotInfo
Sleep
SetConsoleTitleA
GetProcAddress
SetProcessPriorityBoost
FindNextChangeNotification
EnumDateFormatsW
GetDiskFreeSpaceA
GetModuleHandleA
TlsGetValue
TerminateThread
VirtualQuery
GetConsoleAliasesA
GetSystemTime
DisconnectNamedPipe
IsDBCSLeadByte
GetConsoleKeyboardLayoutNameW
GetCurrencyFormatW
FindFirstVolumeMountPointW
GetDriveTypeA
_hread
GetConsoleMode
lstrcmpA
ReadFileEx
GetNamedPipeHandleStateW
CancelTimerQueueTimer
SetConsoleNumberOfCommandsW
GetVersion
VirtualFree
FreeLibrary
InterlockedDecrement
GetAtomNameA
GetNumberFormatW
SetFilePointer
GetProcessHeap
ReadFile
GetConsoleCommandHistoryLengthW
LocalAlloc

shell32

StrCmpNIW
FindExecutableA
SHGetDiskFreeSpaceA
DragQueryFileW
DragFinish
StrRChrA
StrCmpNIA
InternalExtractIconListW
SHGetSpecialFolderPathW
ExtractIconExA
FreeIconList
SHEmptyRecycleBinW
ShellAboutA
StrChrIW
SHUpdateRecycleBinIcon
ord180
SHAppBarMessage
SHGetDesktopFolder
SheChangeDirA
SHBrowseForFolderA
DoEnvironmentSubstW
StrCmpNW
ShellAboutW
ExtractAssociatedIconExW
SHGetInstanceExplorer
InternalExtractIconListA
CommandLineToArgvW
SHFormatDrive
SHGetPathFromIDListW
DuplicateIcon
CheckEscapesW
DragQueryFileA
SHLoadInProc
SHInvokePrinterCommandA
StrNCmpA
SHGetMalloc
SHAddToRecentDocs
SHGetSettings
StrNCmpIA
SHGetSpecialFolderLocation
StrStrA
StrRStrIW
ExtractIconExW
SHGetPathFromIDListA
StrCmpNA
SHFileOperationW
Shell_NotifyIconW
ExtractIconW
StrStrIW
DoEnvironmentSubstA
StrChrA
StrStrIA
StrChrIA
SHQueryRecycleBinW
FindExecutableW
StrRChrIA
SHGetDataFromIDListW
StrNCmpW
StrRChrIW
StrStrW
SHBrowseForFolderW

shlwapi

PathIsFileSpecW
PathAddBackslashW
UrlHashA
UrlGetPartA
SHRegCreateUSKeyA
StrCatW
PathFindExtensionW
StrDupA
PathIsUNCA
SHRegSetUSValueW
StrNCatA
PathIsUNCServerShareW
UrlUnescapeA
UrlGetPartW
PathIsRootA
PathRemoveBlanksW
PathCombineA
StrIsIntlEqualW
PathCompactPathA
StrCmpIW
UrlIsW
StrFromTimeIntervalW
PathAppendW
PathIsURLW
PathAddExtensionW
SHRegGetUSValueW
SHQueryInfoKeyW
StrCmpW
PathMatchSpecA
UrlEscapeW
PathRemoveArgsA
UrlCanonicalizeA
PathSetDlgItemPathW
PathRelativePathToA
SHRegSetUSValueA
PathRemoveBackslashA
PathCreateFromUrlA
SHOpenRegStreamW
PathBuildRootW
SHEnumValueA
PathCombineW
SHRegCloseUSKey
PathIsUNCServerA
PathRelativePathToW
UrlApplySchemeW
PathMatchSpecW
UrlGetLocationA
PathParseIconLocationA
PathFindFileNameA
PathUnmakeSystemFolderA
StrCSpnW
StrPBrkW
PathRemoveBackslashW
SHRegOpenUSKeyW
UrlIsNoHistoryA
StrIsIntlEqualA
PathIsContentTypeW
PathSkipRootW
PathIsSystemFolderA
PathIsPrefixA
PathFindFileNameW
PathCompactPathExA
PathCompactPathW
UrlIsOpaqueA
PathRemoveExtensionW
PathSetDlgItemPathA
PathCompactPathExW
SHRegQueryInfoUSKeyW
SHDeleteOrphanKeyW
PathUnquoteSpacesA
SHRegDeleteUSValueW
SHQueryValueExA
SHEnumKeyExW
UrlCreateFromPathA

winmm

timeGetTime
auxSetVolume
midiInStart
waveOutGetDevCapsA
waveInUnprepareHeader
tid32Message
wid32Message
timeGetDevCaps
waveOutMessage
PlaySoundA
waveOutPause

msvcrt

_mbsnccnt
_mbsupr
_mbsnbicmp
_mbsninc
_mbsnset
_mbsspn
_ismbstrail
_ismbbkpunct
_gcvt
_ismbbalpha
_ecvt
_filelengthi64
wcspbrk
_unlock
_wcsupr
asin
__p__osver
fclose
_mbspbrk
_strdate
_local_unwind2
_CIacos
__p__timezone
_wrmdir
_aexit_rtn
asctime
ferror
_mbctokata
_putenv
__threadhandle
_mbsstr
sprintf
_loaddll
fread
fopen
toupper
_spawnve
putchar
fsetpos
_mktemp
fgets
fseek
wcstombs
_jn
mbtowc
memset
fprintf
_ismbcspace
iswlower
fputs
_except_handler3
mktime
fputc
_vsnwprintf
_setjmp
_ftime
_ismbslead
ftell
wcsrchr
_strnicmp
_unlink
_mbsncpy
_ismbclower
_write
__dllonexit
_CIasin
_ismbbalnum
_ismbckata
_mbcjmstojis
feof
tolower
realloc
printf
calloc
_CIlog
_environ
_eof
fwprintf
longjmp
_wstrdate
_errno
fwrite
_rotl
strtol
_ismbcalpha
_pclose
_inpd
_HUGE
_wspawnlpe
_wpopen

Exports

Exports

Aakllwhu
Agokmq
Iupjafq
Lgyifzsh
Pfsg
Wbemz

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7ec52d935039623fc5295944c6a6df1

Headers

File Characteristics

Imports

kernel32

shell32

shlwapi

winmm

msvcrt

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 52KB - Virtual size: 48KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 52KB - Virtual size: 48KB

.reloc
Size: 12KB - Virtual size: 8KB