f92e50ca04b2535d6f081b5f1732e40ec1b800a40ba5e0d6fe259dde919abd47

Sharing

Copy URL Twitter E-mail

General

Target

f92e50ca04b2535d6f081b5f1732e40ec1b800a40ba5e0d6fe259dde919abd47
Size

152KB
MD5

6dc537e480100a92fc2a3a6839e42c00
SHA1

0f3460c61f00ea41e10cf6355a0f1f1705bf1a88
SHA256

f92e50ca04b2535d6f081b5f1732e40ec1b800a40ba5e0d6fe259dde919abd47
SHA512

0df3cb2aa315e6c9db9cd04ae5873967f808b1c2436e56b9308919830ce3e9ab0eaf28f2d0f787438935ab84736e335e4cd003dfd5851f722716cd4068d82fc1
SSDEEP

3072:TpVClY2jMQg8K5uu8YHDOogDTlJlPZkWbaWNcN563dTwZiEWlqfQBHCbNC0:/yjMQg/5uEDOokZrbX4563KiraMHsC

Score

N/A

Malware Config

Signatures

Files

f92e50ca04b2535d6f081b5f1732e40ec1b800a40ba5e0d6fe259dde919abd47
.dll windows x86

77ba85ff5323ec3c26ef5642f473d493

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
OpenFileMappingA
InterlockedDecrement
LeaveCriticalSection
SetLastError
EnterCriticalSection
OpenEventA
LocalFree
ExitProcess
MapViewOfFile
CreateEventA
GetModuleHandleA
InterlockedIncrement
HeapFree
GetCommandLineA
WriteProcessMemory
GetLastError
CreateFileMappingA
CreateDirectoryA
TerminateProcess
CopyFileA
LoadLibraryA
GetVolumeInformationA
CreateProcessA
GetComputerNameA
CreateMutexW
UnmapViewOfFile
GetTickCount
CloseHandle
CreateFileA
GetProcAddress
GetCurrentProcess
GlobalFree
HeapAlloc
Sleep
WaitForSingleObject
InterlockedCompareExchange
GlobalAlloc
GetProcessHeap
WriteFile
GetModuleFileNameA

ole32

CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoInitialize
OleCreate
OleSetContainedObject
CoCreateGuid
CoSetProxyBlanket

user32

ScreenToClient
FindWindowA
GetWindow
SetWindowsHookExA
GetParent
CreateWindowExA
RegisterWindowMessageA
DispatchMessageA
GetMessageA
PeekMessageA
GetClassNameA
TranslateMessage
GetWindowLongA
GetSystemMetrics
GetWindowThreadProcessId
PostQuitMessage
GetCursorPos
KillTimer
SetTimer
ClientToScreen
DefWindowProcA
UnhookWindowsHookEx
SetWindowLongA
DestroyWindow
SendMessageA

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegDeleteValueA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
SetTokenInformation
RegCreateKeyExA
DuplicateTokenEx
GetUserNameA
OpenProcessToken

shell32

SHGetFolderPathA

Exports

Exports

AppleHelpOffice

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nldkkn
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77ba85ff5323ec3c26ef5642f473d493

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 992B

nldkkn Size: 4KB - Virtual size: 4B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 992B

nldkkn
Size: 4KB - Virtual size: 4B

.reloc
Size: 8KB - Virtual size: 6KB