9de1a539ecc5b85afbddf45000cc0d79364aa4a4bf7f4b98657b2f01b53fd6a9

General

Target

9de1a539ecc5b85afbddf45000cc0d79364aa4a4bf7f4b98657b2f01b53fd6a9
Size

84KB
MD5

708f927bff6fc3290a23ab151d994f78
SHA1

8da905f5908fd219d64cb3e1d7afcc33ac96750f
SHA256

9de1a539ecc5b85afbddf45000cc0d79364aa4a4bf7f4b98657b2f01b53fd6a9
SHA512

88bbeb6539a7773daecca29010d5a7e4da047ad7c1ca139cd63d00a691440657a9d2d3d330c0301573b8ff797db11ba6a836f3099acf966e35b7b7d2190dc929
SSDEEP

768:/CMbc9tbm1Lt7XBUr91w71COUIEn55AmI6IMHkS4dGHk1iNjfM5XrgvTVfautO:/RbLbBG91wA6a5AjMHke2iN45bg70ut

Score

N/A

Malware Config

Signatures

Files

9de1a539ecc5b85afbddf45000cc0d79364aa4a4bf7f4b98657b2f01b53fd6a9
.dll windows x86

4360bf10cad7366e680e0912ce966672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
DisableThreadLibraryCalls
lstrcmpiW
CreateThread
WideCharToMultiByte
VirtualFreeEx
MultiByteToWideChar
lstrcmpiA
GetProcAddress
VirtualAllocEx
GetModuleHandleA
GetCurrentProcessId
lstrcmpA
VirtualFree
VirtualAlloc
GetModuleHandleW
GetModuleFileNameA
VirtualProtect
IsBadReadPtr
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA

user32

SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx

ntdll

NtQueryInformationThread
NtClose
RtlFreeAnsiString
NtOpenProcess
strstr
RtlUnicodeStringToAnsiString

Exports

Exports

getActiveDesktop
getSpecials
getWnd

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4360bf10cad7366e680e0912ce966672

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 64KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 12KB