b3b62ab346c97bc4364f6c148514a41bdc3d21232483ac849fc5662b013b498c

Sharing

Copy URL

Twitter E-mail

General

Target

b3b62ab346c97bc4364f6c148514a41bdc3d21232483ac849fc5662b013b498c
Size

70KB
MD5

cb64f0c169fcac7ad7d163b9b23ce8c6
SHA1

435dba2293b53e71977145ef6f104283cd1ea4b9
SHA256

b3b62ab346c97bc4364f6c148514a41bdc3d21232483ac849fc5662b013b498c
SHA512

8da495d5105c2ff125f6d030fa4b024c672c114fcb93b9fea25741fce1161362855a1409528eabef1829b01f0d58ff84515f05242db9570f31b17aec28a51401
SSDEEP

1536:7jgrbbsjjCKU19K+XwZK5FdY38cD94fMP67oahYVjwmTw:oXbsjjCKUoK5FdY38k9iMP6kahYVjwms

Score

N/A

Malware Config

Signatures

Files

b3b62ab346c97bc4364f6c148514a41bdc3d21232483ac849fc5662b013b498c
.dll windows x86

595181e6c31da7b37f4ac30d5e20f603

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
CreateProcessA
GetLocalTime
GetVersionExA
GetCurrentProcessId
HeapAlloc
GetProcessHeap
GetSystemInfo
TerminateThread
ExitProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetStartupInfoA
LocalFree
ReadFile
LocalAlloc
GetSystemDirectoryA
HeapFree
lstrlenA
FindFirstFileA
GlobalMemoryStatus
GetComputerNameA
OpenEventA
SetErrorMode
CreateDirectoryA
GetCurrentProcess
DeleteFileA
GetWindowsDirectoryA
SetFileAttributesA
SetFilePointer
CopyFileA
ExpandEnvironmentStringsA
GetModuleFileNameA
CreateThread
CreateFileA
WriteFile
WinExec
GetCurrentThreadId
GetTickCount
CancelIo
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
Sleep
EnterCriticalSection
LeaveCriticalSection
VirtualFree
FreeLibrary
DeleteCriticalSection
LoadLibraryA
GetProcAddress
WaitForMultipleObjects

user32

GetMessageA
PostThreadMessageA
GetInputState
wsprintfA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA

advapi32

DeleteService
RegOpenKeyA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
StartServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSaveKeyA
RegRestoreKeyA
RegDeleteKeyA
SetServiceStatus

msvcrt

wcstombs
_strrev
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
free
calloc
srand
_access
_stricmp
??3@YAXPAX@Z
memcpy
memmove
putchar
ceil
_ftol
puts
strlen
strstr
__CxxFrameHandler
memset
??2@YAPAXI@Z
memcmp
_CxxThrowException
rand
sprintf
strcpy
strncpy
strcspn
strcat
atoi
strrchr
malloc
_beginthreadex

ws2_32

WSAIoctl
setsockopt
connect
htons
gethostbyname
WSACleanup
closesocket
ntohs
recv
select
send
inet_addr
inet_ntoa
sendto
htonl
WSASocketA
getsockname
WSAStartup
socket

urlmon

URLDownloadToFileA

iphlpapi

GetIfTable

Exports

Exports

EndWork
Runing
ServiceMain
Working

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

595181e6c31da7b37f4ac30d5e20f603

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

urlmon

iphlpapi

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 9KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 192B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 9KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 192B

.reloc
Size: 3KB - Virtual size: 2KB