170cbdb5107c6f30c85cf4540507b91cd237bfbb58880c6b321cefd6f0701fb0

Sharing

Copy URL Twitter E-mail

General

Target

170cbdb5107c6f30c85cf4540507b91cd237bfbb58880c6b321cefd6f0701fb0
Size

148KB
MD5

98ad7e8f439c756519b50f59da9acc70
SHA1

1114ede492bd60fd3d16812e05ef7a602e1363cb
SHA256

170cbdb5107c6f30c85cf4540507b91cd237bfbb58880c6b321cefd6f0701fb0
SHA512

18270ec093026bda695211c3bb55422293bad3f5be371e9088e96ba1e3b60b3891e339feee9cc607de4603bbe3f6d6783bb7f105afdfd69fd1bba28db17a018f
SSDEEP

3072:koiw81FU2GQx4bx8e+331l8p+fTEMu2oJj:7iLDUwoxs16ye2oJ

Score

N/A

Malware Config

Signatures

Files

170cbdb5107c6f30c85cf4540507b91cd237bfbb58880c6b321cefd6f0701fb0
.dll windows x86

321ba51f1e844a496f7bc13537e4a016

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
CreateFileA
OpenFileMappingA
LoadLibraryA
HeapAlloc
LocalFree
HeapFree
MapViewOfFile
ReadProcessMemory
CreateMutexW
ExitProcess
CopyFileA
WaitForSingleObject
CreateDirectoryA
UnmapViewOfFile
TerminateProcess
InterlockedDecrement
GlobalAlloc
InterlockedCompareExchange
GetProcAddress
CloseHandle
CreateEventA
GetComputerNameA
GetCurrentProcess
GetModuleHandleA
GetProcessHeap
CreateProcessA
GlobalFree
SetLastError
EnterCriticalSection
WriteFile
CreateFileMappingA
GetLastError
WriteProcessMemory
InterlockedIncrement
GetCommandLineA
Sleep
GetModuleFileNameA
GetTickCount
GetVolumeInformationA
OpenEventA

ole32

CoCreateGuid
OleSetContainedObject
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateInstance
OleCreate
CoInitialize
CoUninitialize

user32

TranslateMessage
FindWindowA
SetTimer
GetWindow
RegisterWindowMessageA
DestroyWindow
GetCursorPos
SetWindowsHookExA
GetSystemMetrics
GetClassNameA
CreateWindowExA
ScreenToClient
DefWindowProcA
KillTimer
PeekMessageA
SetWindowLongA
GetWindowLongA
GetWindowThreadProcessId
ClientToScreen
UnhookWindowsHookEx
GetParent
PostQuitMessage
GetMessageA
SendMessageA
DispatchMessageA

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

OpenProcessToken
GetUserNameA
DuplicateTokenEx
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
SetTokenInformation

shell32

SHGetFolderPathA

Exports

Exports

ClipmapTray

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

321ba51f1e844a496f7bc13537e4a016

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 996B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 996B

.reloc
Size: 8KB - Virtual size: 6KB