73947976e7378d3ce8a307eb401268686afa9f010d1a870cf8113f647dd4a16f

Sharing

Copy URL Twitter E-mail

General

Target

73947976e7378d3ce8a307eb401268686afa9f010d1a870cf8113f647dd4a16f
Size

72KB
MD5

8bfe2bdf1f3f29c844c4f33e3de83d07
SHA1

ff70ee976f6dfb0e198f103ddaf86e3621f0c134
SHA256

73947976e7378d3ce8a307eb401268686afa9f010d1a870cf8113f647dd4a16f
SHA512

4633b790b9dcf6754ed8d4628d872fbe4ce3e47b2a4119065eb98d2c4a45b6a85b99f8ba14c2bbd28e33b8e783b5ebe2bd2619181133445f0aa64852e68ea679
SSDEEP

1536:uy+AfUYZqOFhes8hT7mqH3FEcOjxAwd/0v6mMnY/aLlx+CSGf:uVAUODTiqO3F4RMiVLlx+CZf

Score

N/A

Malware Config

Signatures

Files

73947976e7378d3ce8a307eb401268686afa9f010d1a870cf8113f647dd4a16f
.dll windows x86

77ceeac570cfba2c2a11e6d07b2462dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

kernel32

CreateToolhelp32Snapshot
Sleep
DeleteFileA
GetSystemDirectoryA
GetLastError
OpenMutexA
Process32First
WaitForSingleObject
SetEvent
CreateThread
CreateEventA
FlushFileBuffers
Process32Next
GetCurrentProcess
CreateFileA
SetFilePointer
WriteFile
CloseHandle
CopyFileA
QueryPerformanceCounter
HeapSize
RtlUnwind
ExitProcess
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
HeapFree
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapAlloc
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
IsBadWritePtr
VirtualProtect
GetSystemInfo
VirtualQuery
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
InterlockedExchange
InitializeCriticalSection
SetStdHandle

user32

ExitWindowsEx

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

shell32

ShellExecuteA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77ceeac570cfba2c2a11e6d07b2462dd

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 4KB