d01e0af12afb6b751ec5dc6c69398641bf18a1ed37c0afd09f9800d0b095d583

Sharing

Copy URL Twitter E-mail

General

Target

d01e0af12afb6b751ec5dc6c69398641bf18a1ed37c0afd09f9800d0b095d583
Size

73KB
MD5

a7c18ed6ec046178e655e3b52abbaf2c
SHA1

2298a25477b9e09888c6203cf848b2e2f5c83a05
SHA256

d01e0af12afb6b751ec5dc6c69398641bf18a1ed37c0afd09f9800d0b095d583
SHA512

a2757cbfe2d78a40f32f84b18fd06028c9dce0271657692f01082c5fbf2fd0427ba09fa227853e3d41d7de3da58853596d8e4b7bca011bde8244ae34226aee12
SSDEEP

1536:5GR1kzRqFg5TOvCwcK2cmhan4LnzhrXEHRqtDshQ9kD2AX:C1kzoN+PgYTkD2

Score

N/A

Malware Config

Signatures

Files

d01e0af12afb6b751ec5dc6c69398641bf18a1ed37c0afd09f9800d0b095d583
.dll windows x86

f12b85e3d5e7a515e864df3ab669a959

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
WSAStartup
connect
closesocket
socket
setsockopt
gethostbyname
htons
send
getpeername
ntohs

shlwapi

StrStrIA
PathCombineW
StrCmpNIA
SHGetValueW

wininet

InternetGetConnectedState

kernel32

SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetSystemInfo
LoadLibraryA
LCMapStringW
LCMapStringA
SetFilePointer
VirtualQuery
InterlockedExchange
IsBadCodePtr
IsBadReadPtr
LeaveCriticalSection
EnterCriticalSection
lstrlenA
OutputDebugStringW
DisableThreadLibraryCalls
InitializeCriticalSection
FlushInstructionCache
WriteProcessMemory
ReadProcessMemory
GetCurrentProcess
VirtualProtect
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetVersionExW
WaitForSingleObjectEx
ReleaseMutex
CreateMutexW
GetPrivateProfileIntW
WritePrivateProfileStringW
lstrcmpW
lstrcmpiW
GetPrivateProfileStringW
CloseHandle
FlushFileBuffers
CreateFileW
lstrlenW
FindClose
FindFirstFileW
DeleteFileW
LocalAlloc
LocalFree
lstrcpynW
ReadFile
GetLastError
GetFileSize
lstrcpynA
Sleep
SetThreadPriority
GetCurrentThread
CreateThread
FindNextFileW
lstrcpyW
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
HeapFree
SetUnhandledExceptionFilter
HeapReAlloc
ExitProcess
TerminateProcess
HeapSize
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetLocaleInfoA

user32

CallNextHookEx
SetWindowsHookExW
wsprintfA
wsprintfW

shell32

SHGetSpecialFolderPathW

Exports

Exports

HookProc
ImportFunction

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f12b85e3d5e7a515e864df3ab669a959

Headers

File Characteristics

Imports

ws2_32

shlwapi

wininet

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 9KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 9KB

.reloc
Size: 6KB - Virtual size: 5KB