b6b852e70fa931954a460991708af5b231f677868a73b21cfcb99e7e9f4de556

Sharing

Copy URL Twitter E-mail

General

Target

b6b852e70fa931954a460991708af5b231f677868a73b21cfcb99e7e9f4de556
Size

78KB
MD5

4b7da06a884208079890c2ee50b7d5ed
SHA1

ffba42278e85b2dcfc52d5c89658991f75029888
SHA256

b6b852e70fa931954a460991708af5b231f677868a73b21cfcb99e7e9f4de556
SHA512

447ae77a87ab092fd3e81589bd79fc4af96d370ac1ae9ad7bf3296939af32bb57404dd409671a9901c3cdb1158f66a538d9c550130401f3cefbea2fe9803bef5
SSDEEP

1536:bRKkOL9EXUrd/Ziz2mN8PTCcOXxiiZXzS:dKBeG3izvmTEiW2

Score

N/A

Malware Config

Signatures

Files

b6b852e70fa931954a460991708af5b231f677868a73b21cfcb99e7e9f4de556
.dll windows x86

75dc13b2dbdb1ec4ca4ae435134a1849

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
ResetEvent
WaitForSingleObject
CreateEventA
SleepEx
SetEvent
OpenEventA
WriteFile
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
DisableThreadLibraryCalls
ReadDirectoryChangesW
GetFileAttributesExA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
VirtualProtect
ExitProcess
CreateFileMappingA
FreeLibraryAndExitThread
VirtualFree
VirtualAlloc
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
GetCurrentProcessId
VirtualQuery
GetSystemInfo
Thread32Next
Thread32First
QueryDosDeviceA
OpenProcess
lstrlenW
GetVersionExA
FindNextFileA
FindFirstFileA
MultiByteToWideChar
ReadFile
CreatePipe
GetLastError
MapViewOfFile
GetFileSize
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CloseHandle
CreateThread
ReleaseMutex
GetTempPathA
GetTempFileNameA
Sleep
CreateProcessA
WinExec
CopyFileA
SetFileAttributesA
FreeLibrary
CreateMutexA
LoadLibraryA
PulseEvent

user32

KillTimer
CallNextHookEx
SetWindowsHookExA
SetDlgItemTextA
GetDlgItemTextA
DialogBoxParamA
IsWindow
EnumDesktopWindows
GetWindowTextA
GetClassNameA
EnumChildWindows
EnumWindows
GetParent
OffsetRect
SetWindowPos
GetDlgItem
GetWindowThreadProcessId
UnhookWindowsHookEx
PrintWindow
GetWindowRect
GetClientRect
IsRectEmpty
GetWindowDC
GetDC
GetDesktopWindow
MessageBoxA
ShowWindow
SetTimer
SendMessageA

gdi32

GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
CreateCompatibleDC
DeleteObject
DeleteDC

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegCloseKey

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString
VariantClear
SysStringLen

msvcp60

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

wininet

InternetWriteFile
HttpEndRequestA
HttpSendRequestExA
InternetConnectA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA

ws2_32

setsockopt
closesocket
WSACleanup

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

fflush
strstr
_ltoa
abs
wcsstr
_mbslwr
memmove
malloc
wcscmp
free
_mbscmp
_mbsstr
fwrite
_snprintf
_ismbcprint
memcmp
strncpy
memset
_purecall
clock
_mbsrchr
??2@YAPAXI@Z
sprintf
strcpy
strcat
__CxxFrameHandler
fclose
fopen
atol
printf
_except_handler3
__dllonexit
_onexit
_initterm
_adjust_fdiv
_mbsupr
_memicmp
_mbsnbcpy
_mbsicmp
_mbstok
atoi
strlen
_mbschr
memcpy

gdiplus

GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipFree
GdipDisposeImage
GdipSaveImageToStream
GdiplusStartup

comctl32

ord17

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

shell32

SHGetFolderPathA

Exports

Exports

?GetOS@Utility@@SAKXZ
_LOADLIBRARY_DUMMY
_RunAs@0

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75dc13b2dbdb1ec4ca4ae435134a1849

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp60

wininet

ws2_32

psapi

shlwapi

msvcrt

gdiplus

comctl32

iphlpapi

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 70KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 71KB - Virtual size: 70KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB