a472c2996d5a7e56d68d158af255324b5fc50e14d75ceb8fd70885c5de886c34

Sharing

Copy URL Twitter E-mail

General

Target

a472c2996d5a7e56d68d158af255324b5fc50e14d75ceb8fd70885c5de886c34
Size

132KB
MD5

655141c81305f2572118ec803c813b9f
SHA1

8f4a2dc31adefb905c86c5b9d3c86867df863479
SHA256

a472c2996d5a7e56d68d158af255324b5fc50e14d75ceb8fd70885c5de886c34
SHA512

db556fde60d62c19060164503737fc7db036c05f074bcb1ed15e8063190764bbdb973f0dd1149298fe1b89cb9f26d04152c35277e6180af00fc857f39d9ba3b6
SSDEEP

3072:N1vMKyPCBednCWTEwfPDqw9skP2ZHyfVekCsXqANUO:jtyqgdnnEQDfuyjtzN

Score

N/A

Malware Config

Signatures

Files

a472c2996d5a7e56d68d158af255324b5fc50e14d75ceb8fd70885c5de886c34
.dll windows x86

d05611be56c37b527a71a59533f0eead

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
InterlockedExchange
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
SwitchToThread
FormatMessageW
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
SetLastError
LocalFree
MultiByteToWideChar
LocalAlloc
GetFileSize
lstrlenA
lstrlenW
WideCharToMultiByte
CompareFileTime
CreateEventA
lstrcmpA
DuplicateHandle
WaitForSingleObjectEx
lstrcpyA
SystemTimeToFileTime
GetSystemTime
GetSystemTimeAsFileTime
FindCloseChangeNotification
lstrcatA
LocalReAlloc
GetSystemDefaultLangID
MapViewOfFile
GetTempPathA
UnmapViewOfFile
ReleaseMutex
SetFilePointer
DeleteFileW
ExpandEnvironmentStringsW
GetLocaleInfoW
GetModuleFileNameW
LeaveCriticalSection
GetCurrentProcess
GetModuleHandleW
VirtualQuery
ResetEvent
InterlockedDecrement
SetEvent
Sleep
TryEnterCriticalSection
WaitForSingleObject
CloseHandle
GetLastError
VirtualProtect
GlobalFree
GlobalAlloc
GetTempFileNameA
GetCommandLineA

user32

LoadStringW

advapi32

EqualSid
GetAce
RegGetKeySecurity
FreeSid
CryptDestroyKey
CryptExportKey
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExA
RegCloseKey
CryptAcquireContextA
ReportEventW
RegisterEventSourceW
LsaFreeMemory
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl

ole32

CoCreateInstance
CoTaskMemFree

rpcrt4

RpcRevertToSelf
RpcImpersonateClient
RpcBindingFree
RpcStringFreeA
RpcStringBindingComposeA
RpcBindingFromStringBindingA

msvcr71

_callnewh
__dllonexit
__CppXcptFilter
_adjust_fdiv
_initterm
atol
wcscat
_ltoa
_XcptFilter
wcspbrk
_wcsicmp
_except_handler3
memset
memcpy
_CxxThrowException
_onexit
malloc
free
_wtoi
wcsrchr

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d05611be56c37b527a71a59533f0eead

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

msvcr71

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 36KB - Virtual size: 69KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 36KB - Virtual size: 69KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB