e15a720f41506103da1cbfa9524d285e6e76475d1f0c63446bfa572dcbfcf5db

Sharing

Copy URL Twitter E-mail

General

Target

e15a720f41506103da1cbfa9524d285e6e76475d1f0c63446bfa572dcbfcf5db
Size

80KB
MD5

d9ceacb56d8a9078313f4de1b74a1599
SHA1

1bc8bc263494929d32658312ce8cd692795bfa56
SHA256

e15a720f41506103da1cbfa9524d285e6e76475d1f0c63446bfa572dcbfcf5db
SHA512

b0fff6f3772d4fb1e011ded0c7ae14add0f5db30241fbe87b3a3d0ffaa9d6cf121aa238599d99e1deb6cba9b4aa9d214d2dfa9abdda9aeec21eec1f7bab504bb
SSDEEP

768:9AjPxy4Ic07gw57DWZyNmJLci7yRFN4buJfpZ:EIc07/v2yiY7Jfp

Score

N/A

Malware Config

Signatures

Files

e15a720f41506103da1cbfa9524d285e6e76475d1f0c63446bfa572dcbfcf5db
.dll windows x86

a06f81c3437420dc1bae89cd7640b2d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
ReleaseMutex
VirtualFreeEx
VirtualAllocEx
FindClose
FindNextFileA
lstrcmpiA
lstrcatA
GetCurrentProcess
Module32First
VirtualProtectEx
WriteFile
CreateMutexA
DeleteFileA
GetModuleFileNameA
CopyFileA
TerminateProcess
DisableThreadLibraryCalls
IsBadReadPtr
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetTempPathA
GetModuleHandleA
LocalAlloc
CreateFileA
InitializeCriticalSection
GetFileSize
ReadFile
LocalFree
GetLastError
CloseHandle
GetCurrentProcessId
WaitForSingleObject
Sleep
LoadLibraryA
GetProcAddress
WinExec
lstrcpyA
lstrlenA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

user32

GetDC
ReleaseDC
IsRectEmpty
GetWindowRect
GetForegroundWindow
GetWindowTextA
OpenWindowStationA
SetProcessWindowStation
wsprintfA
GetWindowThreadProcessId
SetThreadDesktop
OpenDesktopA

gdi32

GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
GetDIBits
RealizePalette
SelectPalette
GetStockObject

advapi32

SetSecurityDescriptorDacl
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

ws2_32

htons
ioctlsocket
connect
select
recv
send
getpeername
closesocket
WSAStartup
gethostbyname
socket

msvcrt

strstr
malloc
sscanf
_mbscmp
atol
isprint
strchr
wcscmp
_splitpath
_purecall
strncpy
__dllonexit
_onexit
free
_beginthreadex
_mbsnbcmp
_mbsnbcpy
sprintf
strlen
_itoa
strcmp
atoi
memcmp
strcpy
strrchr
strcat
??2@YAPAXI@Z
__CxxFrameHandler
memcpy
memset

shlwapi

StrStrIA

imagehlp

MakeSureDirectoryPathExists

wininet

HttpEndRequestA
HttpQueryInfoA
InternetReadFile
HttpSendRequestExA
InternetWriteFile
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetAttemptConnect

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdipSaveImageToFile
GdiplusStartup
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCloneImage
GdipDisposeImage

Exports

Exports

Inse
_Inse@16

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 48.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a06f81c3437420dc1bae89cd7640b2d6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp60

ws2_32

msvcrt

shlwapi

imagehlp

wininet

gdiplus

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.bss Size: - Virtual size: 48.1MB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 25KB - Virtual size: 24KB

.CRT Size: 512B - Virtual size: 4B

shard Size: 10KB - Virtual size: 9KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 20KB - Virtual size: 19KB

.bss
Size: - Virtual size: 48.1MB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 25KB - Virtual size: 24KB

.CRT
Size: 512B - Virtual size: 4B

shard
Size: 10KB - Virtual size: 9KB

.reloc
Size: 18KB - Virtual size: 17KB