d868068709f3c342ef05141d48e51694aa04185161a82bdcb8f6ffc96390f068

Sharing

Copy URL Twitter E-mail

General

Target

d868068709f3c342ef05141d48e51694aa04185161a82bdcb8f6ffc96390f068
Size

65KB
MD5

499b64cd9a67a29ec802af660f72c4aa
SHA1

798826c094cabf3b576e680caad97b83bbe1b13f
SHA256

d868068709f3c342ef05141d48e51694aa04185161a82bdcb8f6ffc96390f068
SHA512

b57330d3874787913d3f4a1669b44c19b4883bf31e74da055ecda301b23c26d080eff780e474b74f3789dce887da66dfc36a39d1aabf53ffd6939638baa4e227
SSDEEP

1536:L3y1tju09FSr+eA5kdMKBAkZ4z12KOyksba:+19bp5kxSW4zgKOXs

Score

N/A

Malware Config

Signatures

Files

d868068709f3c342ef05141d48e51694aa04185161a82bdcb8f6ffc96390f068
.dll windows x86

9202c9b2e726a9a62b4ae66230582306

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CreateEventA
ReleaseMutex
SleepEx
PulseEvent
WriteFile
OpenEventA
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
DisableThreadLibraryCalls
ReadDirectoryChangesW
GetFileAttributesExA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetProcAddress
GetModuleHandleA
FreeLibraryAndExitThread
VirtualFree
CreateFileMappingA
VirtualAlloc
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
GetCurrentProcessId
VirtualQuery
GetSystemInfo
Thread32Next
Thread32First
QueryDosDeviceA
OpenProcess
TerminateProcess
lstrlenW
GetVersionExA
FindNextFileA
FindFirstFileA
MultiByteToWideChar
ReadFile
CreatePipe
GetLastError
MapViewOfFile
GetFileSize
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CloseHandle
CreateThread
WaitForSingleObject
GetTempPathA
Sleep
GetTempFileNameA
CreateProcessA
WinExec
CopyFileA
SetFileAttributesA
FreeLibrary
CreateMutexA
LoadLibraryA
VirtualProtect

user32

CallNextHookEx
SetDlgItemTextA
GetWindowThreadProcessId
UnhookWindowsHookEx
PrintWindow
GetWindowRect
GetClientRect
IsRectEmpty
GetWindowDC
GetDC
GetDesktopWindow
MessageBoxA
ShowWindow
KillTimer
SendMessageA
GetDlgItem
SetWindowPos
OffsetRect
GetParent
EnumWindows
EnumChildWindows
GetClassNameA
GetWindowTextA
EnumDesktopWindows
IsWindow
DialogBoxParamA
SetTimer
GetDlgItemTextA
SetWindowsHookExA

gdi32

GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
CreateCompatibleDC
DeleteObject
DeleteDC

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegCloseKey

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
SysFreeString
SysStringLen
SysAllocString

msvcp60

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

wininet

InternetWriteFile
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestExA
HttpSendRequestA
HttpEndRequestA
InternetCrackUrlA
InternetOpenA
InternetConnectA

urlmon

URLDownloadToFileA

ws2_32

setsockopt
closesocket
WSACleanup

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

memset
clock
_mbsrchr
_mbsnbcpy
_mbsicmp
_mbstok
atoi
strlen
_mbschr
__CxxFrameHandler
strcat
strcpy
strncpy
??2@YAPAXI@Z
memcpy
_mbslwr
wcsstr
abs
_ltoa
strstr
atol
printf
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
memcmp
_ismbcprint
_snprintf
_mbsupr
_CxxThrowException
_mbscmp
free
wcscmp
malloc
_mbsstr
sprintf
_memicmp
_initterm
_adjust_fdiv
memmove

gdiplus

GdipDisposeImage
GdipSaveImageToStream
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipFree

comctl32

ord17

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

shell32

SHGetFolderPathA

Exports

Exports

?GetOS@Utility@@SAKXZ
_LOADLIBRARY_DUMMY

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9202c9b2e726a9a62b4ae66230582306

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp60

wininet

urlmon

ws2_32

psapi

shlwapi

msvcrt

gdiplus

comctl32

iphlpapi

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 59KB - Virtual size: 58KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB