ba7cd527197f0237b453350aead793a0165fcbeb54a87f77216125ed1d5cd3b4

Sharing

Copy URL Twitter E-mail

General

Target

ba7cd527197f0237b453350aead793a0165fcbeb54a87f77216125ed1d5cd3b4
Size

148KB
MD5

8e753ca42b8cdffaf7929c46bc689cf0
SHA1

bd967a4de2b17707760fcd509fbf7e8f13faf70c
SHA256

ba7cd527197f0237b453350aead793a0165fcbeb54a87f77216125ed1d5cd3b4
SHA512

3f60ee6e76c609309c8ff72d5d2869e605ae0d6b2376c9169f6bd524f58e760a474b7afb723ed6de7e5922c09c9b052ddf271931119c0e066e252752b27b5ad4
SSDEEP

3072:Kk4/mAGpd3k3slx4+3cbkg+absT+cXrOV9T:OpGp+38n3PT+39T

Score

N/A

Malware Config

Signatures

Files

ba7cd527197f0237b453350aead793a0165fcbeb54a87f77216125ed1d5cd3b4
.dll windows x86

df72ea4766170a1acfa3adbf86ad9efc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
LeaveCriticalSection
OpenEventA
GetTickCount
EnterCriticalSection
UnmapViewOfFile
WaitForSingleObject
InterlockedDecrement
CreateMutexW
CopyFileA
GetCommandLineA
CreateFileMappingA
SetLastError
GlobalAlloc
LocalFree
GetModuleHandleA
CreateEventA
InterlockedCompareExchange
MapViewOfFile
ExitProcess
CreateFileA
WriteFile
GlobalFree
CloseHandle
GetLastError
GetProcAddress
WriteProcessMemory
GetComputerNameA
CreateDirectoryA
CreateProcessA
GetVolumeInformationA
GetCurrentProcess
GetProcessHeap
Sleep
LoadLibraryA
ReadProcessMemory
HeapAlloc
TerminateProcess
HeapFree
GetModuleFileNameA
OpenFileMappingA

ole32

CoInitialize
CoCreateGuid
OleSetContainedObject
CoUninitialize
CoTaskMemAlloc
OleCreate
CoSetProxyBlanket
CoCreateInstance

user32

ClientToScreen
CreateWindowExA
GetWindowLongA
GetWindow
TranslateMessage
ScreenToClient
PostQuitMessage
UnhookWindowsHookEx
GetWindowThreadProcessId
PeekMessageA
GetMessageA
SetWindowLongA
DestroyWindow
SetWindowsHookExA
DefWindowProcA
SendMessageA
GetParent
FindWindowA
KillTimer
GetClassNameA
GetSystemMetrics
RegisterWindowMessageA
DispatchMessageA
SetTimer
GetCursorPos

oleaut32

SysFreeString
SysStringLen
SysAllocString
SysAllocStringLen

shlwapi

UrlUnescapeW
StrStrIW

advapi32

DuplicateTokenEx
RegCloseKey
RegSetValueExA
SetTokenInformation
RegDeleteValueA
OpenProcessToken
RegOpenKeyExA
RegDeleteKeyA
GetUserNameA
RegCreateKeyExA
RegQueryValueExA

shell32

SHGetFolderPathA

Exports

Exports

SystemWeb80

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df72ea4766170a1acfa3adbf86ad9efc

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 964B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 964B

.reloc
Size: 8KB - Virtual size: 6KB