fdc26f37a045476f7822932065efaf8efd69ffdaf7c629f9d6b6f402c97371bc

Sharing

Copy URL Twitter E-mail

General

Target

fdc26f37a045476f7822932065efaf8efd69ffdaf7c629f9d6b6f402c97371bc
Size

72KB
MD5

1cc3ddf79206b45d13a256a1a594ba8a
SHA1

05e2d931ebe97b716687aaa341a7f7bbd745f229
SHA256

fdc26f37a045476f7822932065efaf8efd69ffdaf7c629f9d6b6f402c97371bc
SHA512

488e29945fff8253e71119cbd331b69de228c5ff1144eab4d05e4f4b4d76caf0e41b642ae51ab79130fc1e1a97dbec856d3035ed63d2d85ca376cba177bc9ff1
SSDEEP

1536:kDVF29M9hxdACrpOwO94TNB5JDyLSeALJoAy41V:SMifACrpO994BYSJ6Ay41V

Score

N/A

Malware Config

Signatures

Files

fdc26f37a045476f7822932065efaf8efd69ffdaf7c629f9d6b6f402c97371bc
.dll windows x86

995867be14bb0fd04d927981140b109e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFile
GetExitCodeThread
GlobalAddAtomA
GetVolumePathNameW
GetDiskFreeSpaceW
ChangeTimerQueueTimer
GetHandleInformation
GetUserDefaultLCID
VerifyVersionInfoW
GetProfileSectionA
GetProfileStringA
VirtualUnlock
GetStringTypeExW
SetProcessShutdownParameters
GetCommandLineA
ConnectNamedPipe
LocalLock
GetSystemInfo
OpenFileMappingW
lstrcmpW
CreateEventW
GlobalAddAtomW
WriteFile
GetSystemDirectoryA
GlobalMemoryStatusEx
FreeEnvironmentStringsW
GetCompressedFileSizeW
InterlockedCompareExchange
GetStartupInfoW
GetDiskFreeSpaceA
GetStdHandle
GetAtomNameW
EscapeCommFunction
GetFileSizeEx
SetEnvironmentVariableA
SetStdHandle
IsBadStringPtrW
lstrcmpiW
WriteProfileStringW
LocalAlloc
GetCurrentProcess
InterlockedIncrement
GetTempFileNameW
SizeofResource
GetConsoleCP
FindCloseChangeNotification
GetSystemTime
GetUserDefaultUILanguage
OpenSemaphoreW
GetCPInfo
WinExec
SetComputerNameExW
GetConsoleOutputCP
CreateFileA
GlobalMemoryStatus
VirtualFree
HeapReAlloc
ReadConsoleA
GetTempPathA
CreateFileMappingW
EnumResourceLanguagesA
UnlockFileEx
GetTempFileNameA
CreateTimerQueue
SetCurrentDirectoryA
LocalFlags
SearchPathA
FindResourceExW
ExitThread
EnumResourceLanguagesW
GetSystemDefaultLangID
GetProfileIntA
GetSystemWindowsDirectoryA
LocalUnlock
GlobalFlags
PeekNamedPipe
OpenProcess
UpdateResourceA
lstrcmpiA
GetTickCount
GetLocalTime
EnumUILanguagesW
GlobalGetAtomNameA
HeapCreate
GetEnvironmentVariableW
GetExitCodeProcess
OpenEventA
HeapUnlock
SetErrorMode
DeleteFileW
SetEvent
TerminateThread
ClearCommError
OpenSemaphoreA
GetDriveTypeW
EnumResourceNamesW
FindNextChangeNotification
GetFileAttributesExA
CompareStringA
LockResource
ReadConsoleInputA
FreeLibraryAndExitThread
GetComputerNameExW
ReleaseSemaphore
GetFileAttributesW
PulseEvent
GetSystemTimeAdjustment
DisconnectNamedPipe
ReadProcessMemory
lstrcatA
lstrcpynA
GlobalReAlloc
GetEnvironmentStrings
CancelWaitableTimer
GetDriveTypeA
CallNamedPipeA
GetStringTypeA
FillConsoleOutputCharacterW
lstrlenA
UnmapViewOfFile
InterlockedExchange
VirtualProtect
CreateThread
MapViewOfFile
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateProcessA
lstrlenW
CreateDirectoryA
EnterCriticalSection
ReleaseMutex
GetLastError
LoadLibraryA
HeapFree
GetModuleHandleA
CloseHandle
GetComputerNameA
CopyFileA
GetProcAddress
HeapAlloc
CreateMutexA
HeapValidate
GetShortPathNameW
lstrcatW

ole32

StringFromIID
OleCreateFromData
OleSetMenuDescriptor
GetHGlobalFromStream
OleRun
OleRegGetMiscStatus
CoGetObjectContext
OleLockRunning
CreatePointerMoniker
OleLoad
CoWaitForMultipleHandles
StgOpenStorageEx
CreateDataAdviseHolder
CreateFileMoniker
GetHGlobalFromILockBytes
CoUninitialize
CoInitialize
CoEnableCallCancellation
StgOpenStorage
BindMoniker
CoImpersonateClient
CoMarshalInterThreadInterfaceInStream
OleSetContainedObject
OleCreateLink
CoRevertToSelf
CoQueryProxyBlanket
CoGetInterfaceAndReleaseStream
CoGetClassObject
CoGetCallContext
OleRegEnumVerbs
CoCreateInstance
PropVariantClear
CoLockObjectExternal

shlwapi

StrCmpNIW
StrRetToStrW
PathBuildRootW
PathUndecorateW
PathRenameExtensionW
PathGetDriveNumberW
UrlIsW
PathSetDlgItemPathW
PathRemoveExtensionW
StrStrW
PathFindFileNameA
PathUnquoteSpacesW
StrStrIW
PathFileExistsA
StrFormatByteSizeW
SHDeleteKeyA
SHRegSetPathW
StrToIntExW
PathMatchSpecW
PathQuoteSpacesW
SHGetValueA
UrlEscapeW
StrToIntW
SHDeleteValueW
StrChrW
PathIsRootW
PathFindFileNameW
UrlGetPartW
PathParseIconLocationW
StrChrA

advapi32

RegQueryValueExA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
DeregisterEventSource
OpenServiceW
CreateProcessWithLogonW
RegCreateKeyExA
RegLoadKeyA
EnumServicesStatusExW
GetTokenInformation
GetServiceDisplayNameW
IsTokenRestricted
StartServiceCtrlDispatcherW
RegConnectRegistryW
OpenProcessToken
EnumDependentServicesA
RegOpenKeyW
RegConnectRegistryA
EnumDependentServicesW
CreateProcessAsUserW
OpenServiceA
RegOpenKeyA
RegSetValueA
RegSaveKeyA
RegCreateKeyA
RegEnumKeyA
RegisterEventSourceW
RegQueryInfoKeyA
RegRestoreKeyW
SetEntriesInAclA
RegOpenCurrentUser
ReadEventLogA
ReportEventW
GetUserNameW
NotifyChangeEventLog
LockServiceDatabase
ReportEventA
MakeSelfRelativeSD
RegCloseKey

shell32

ShellExecuteW
ExtractIconW
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetFileInfoA
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHGetPathFromIDListA
SHAddToRecentDocs
ShellAboutW
SHGetFolderLocation
SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteExA
SHGetFolderPathA

Exports

Exports

DllInit
DllInstall

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

995867be14bb0fd04d927981140b109e

Headers

File Characteristics

Imports

kernel32

ole32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 996B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 996B

.reloc
Size: 4KB - Virtual size: 2KB