f130365cd0227f399c00b2b5037a9d51a931f1759265e98f7b833505a67721ac

Sharing

Copy URL Twitter E-mail

General

Target

f130365cd0227f399c00b2b5037a9d51a931f1759265e98f7b833505a67721ac
Size

168KB
MD5

6ab24b4f8543bcfd333035be378b6452
SHA1

d4a265d03e86c66d6b24534764d72b8d885036f5
SHA256

f130365cd0227f399c00b2b5037a9d51a931f1759265e98f7b833505a67721ac
SHA512

59c00539fa6193a0a10d392327a46ea0627b622480b22b8aa0399efc3817df1f613cb0263e09335ffc40e8e5a233e4aa9f7de40055b646399fb3fd1edf8bf633
SSDEEP

3072:qR46uiChLdD4w3e0qnm+sLy1PtN+7V2az5lHAnCSXlgw7Bkv:qR46uvh+vm+gkPtNM2af1SL7Bk

Score

N/A

Malware Config

Signatures

Files

f130365cd0227f399c00b2b5037a9d51a931f1759265e98f7b833505a67721ac
.dll windows x86

e5c0e2d061fe162f4ff1e72bff744ba4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
GetSystemTime
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
LockResource
SizeofResource
LoadResource
FreeLibrary
FindResourceA
LoadLibraryA
GetProcAddress
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
GetTempFileNameA
CreateDirectoryA
ExitProcess
GetModuleHandleA
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
DeleteFileA
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStringTypeW
GetSystemDirectoryA
GetTempPathA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLocalTime
SetFilePointer
ReadFile
GetEnvironmentVariableA
WriteFile
OutputDebugStringA
CopyFileA
GetFileTime
MoveFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
FileTimeToSystemTime
CreateThread
GetStartupInfoA
CreateProcessA
WinExec
DeleteCriticalSection
SetFileTime
SetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesA
GetComputerNameA
GetVersionExA
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceExA
GetACP
FindFirstFileA
FindNextFileA
GetStringTypeA
MultiByteToWideChar
FindClose
GetFileSize
CreateFileA
CreateMutexA
GetLastError
GetVersion
InitializeCriticalSection
GetWindowsDirectoryA
CloseHandle
GetFullPathNameA
HeapSize
WideCharToMultiByte
SetUnhandledExceptionFilter
GetStdHandle
SetHandleCount
SetEndOfFile
SetStdHandle
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCommandLineA
RaiseException
GetFileType
HeapFree
HeapAlloc
GetTimeZoneInformation
RtlUnwind
TerminateThread
EnterCriticalSection
LeaveCriticalSection
Sleep
GetCPInfo

user32

mouse_event
GetForegroundWindow
wsprintfA
PostMessageA
SendMessageA
GetWindowLongA
GetClassNameA
GetParent
GetWindowTextA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
ToAscii
GetKeyboardState
GetKeyboardLayout
ReleaseDC
GetDC
DrawIcon
GetCursorPos
GetCursor
keybd_event
EnumChildWindows

gdi32

RealizePalette
SelectPalette
GetStockObject
DeleteDC
CreateDCA
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetObjectA
DeleteObject
GetDIBits

advapi32

CloseServiceHandle
UnlockServiceDatabase
ChangeServiceConfigA
OpenServiceA
LockServiceDatabase
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
RegEnumKeyExA
RegDeleteValueA
RegSetValueA
ControlService
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
DeleteService

shell32

ShellExecuteA

shlwapi

StrTrimA
SHDeleteKeyA

ws2_32

getsockname
WSARecv
WSASocketA
WSAIoctl
WSACleanup
inet_ntoa
ntohl
gethostbyname
socket
bind
htons
htonl
closesocket
shutdown
connect
inet_addr
send
select
recv
WSAStartup
ntohs

netapi32

Netbios

imm32

ImmReleaseContext
ImmGetDescriptionA
ImmGetCompositionStringA
ImmGetContext

Exports

Exports

MainFunction
UnHook
installhook

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PWDDATA
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5c0e2d061fe162f4ff1e72bff744ba4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ws2_32

netapi32

imm32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 24KB - Virtual size: 349KB

shared Size: 4KB - Virtual size: 254B

PWDDATA Size: 4KB - Virtual size: 404B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 24KB - Virtual size: 349KB

shared
Size: 4KB - Virtual size: 254B

PWDDATA
Size: 4KB - Virtual size: 404B

.reloc
Size: 12KB - Virtual size: 11KB