e1d959ed7341699d7ca466074a971b5e296f3db2d34ce607be426e3e1fda877e

Sharing

Copy URL Twitter E-mail

General

Target

e1d959ed7341699d7ca466074a971b5e296f3db2d34ce607be426e3e1fda877e
Size

144KB
MD5

4de088d47ab40fc493a49f68d1591e35
SHA1

5c0a3203f486c90c86b70b3edb5ad10f00400760
SHA256

e1d959ed7341699d7ca466074a971b5e296f3db2d34ce607be426e3e1fda877e
SHA512

76897f14a84a4415a2a172c61486d79ab1fd5494f1d3a88591f55348f39144725826fe8aea210891294ba0dba2c3a83c2ca47a9a97927f9b3a7168aff2f6d4ed
SSDEEP

3072:e2Wuy42luK+vW91hqkdhdcf7C1BD83evnoaEJU2Uw:e7uy4WuXO91lQKBDeewaE22

Score

N/A

Malware Config

Signatures

Files

e1d959ed7341699d7ca466074a971b5e296f3db2d34ce607be426e3e1fda877e
.dll windows x86

0ece6eb10315afc8e0331a4183eb96aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
UnmapViewOfFile
InterlockedCompareExchange
SetLastError
CreateFileA
Sleep
LocalFree
WaitForSingleObject
LeaveCriticalSection
CreateDirectoryA
OpenFileMappingA
ReadProcessMemory
MapViewOfFile
CreateFileMappingA
GetVolumeInformationA
GetCurrentProcess
LoadLibraryA
GetCommandLineA
ExitProcess
InterlockedDecrement
GetModuleFileNameA
GetLastError
GetProcessHeap
GlobalFree
WriteFile
CloseHandle
HeapAlloc
TerminateProcess
OpenEventA
EnterCriticalSection
CreateProcessA
GetTickCount
WriteProcessMemory
HeapFree
CopyFileA
GetProcAddress
GlobalAlloc
CreateEventA
InterlockedIncrement
CreateMutexW
GetComputerNameA

ole32

CoInitialize
OleCreate
CoCreateGuid
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
OleSetContainedObject
CoTaskMemAlloc

user32

GetSystemMetrics
RegisterWindowMessageA
CreateWindowExA
GetWindow
GetWindowLongA
GetClassNameA
DefWindowProcA
DestroyWindow
PostQuitMessage
TranslateMessage
PeekMessageA
ClientToScreen
KillTimer
SetWindowsHookExA
SetWindowLongA
GetMessageA
UnhookWindowsHookEx
GetWindowThreadProcessId
FindWindowA
GetParent
SetTimer
DispatchMessageA
ScreenToClient
SendMessageA
GetCursorPos

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

DuplicateTokenEx
RegSetValueExA
OpenProcessToken
GetUserNameA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
SetTokenInformation
RegOpenKeyExA
RegCloseKey

shell32

SHGetFolderPathA

Exports

Exports

fxPadclass

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ece6eb10315afc8e0331a4183eb96aa

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 964B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 964B

.reloc
Size: 8KB - Virtual size: 6KB