cc10c31f2f92e8dc7a772bc52c6272a575bca413eca33da3a0b5c52e2aa3a980

Sharing

Copy URL Twitter E-mail

General

Target

cc10c31f2f92e8dc7a772bc52c6272a575bca413eca33da3a0b5c52e2aa3a980
Size

156KB
MD5

13b7b3b6774133342e78c51a269df4c0
SHA1

cb4771da9675aff9b6266bfabd6f6159a48bfdc5
SHA256

cc10c31f2f92e8dc7a772bc52c6272a575bca413eca33da3a0b5c52e2aa3a980
SHA512

ebc9dc941021721a88aa3b50c544f14d352b35fc550153d5850fda99602e52f0792c582bca58178f20f79cf2873b3cc81ab12ea2cc0dca5e2daa462629481241
SSDEEP

3072:OqkIGeNRm0yJP86Z56b3r/m9u2QhGBaW4+RvghSkVPyQDt3049qw0cwYzG:OhITRm0qJTyre9u7e4+RvoSEtEyqNcB

Score

N/A

Malware Config

Signatures

Files

cc10c31f2f92e8dc7a772bc52c6272a575bca413eca33da3a0b5c52e2aa3a980
.dll windows x86

c0f628f9dbdfa2d21c6730d38426d84b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
HeapAlloc
GetCurrentProcess
GetProcessHeap
InterlockedCompareExchange
CreateProcessA
InterlockedDecrement
WaitForSingleObject
Sleep
UnmapViewOfFile
TerminateProcess
WriteProcessMemory
EnterCriticalSection
OpenFileMappingA
ReadProcessMemory
WriteFile
GetCommandLineA
LoadLibraryA
GetModuleFileNameA
InterlockedIncrement
CreateFileA
GetComputerNameA
GetTickCount
GlobalFree
CloseHandle
CreateMutexW
HeapFree
CreateFileMappingA
CopyFileA
MapViewOfFile
LeaveCriticalSection
GetModuleHandleA
GetLastError
LocalFree
GetProcAddress
ExitProcess
GetVolumeInformationA
CreateEventA
GlobalAlloc
OpenEventA
SetLastError

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoTaskMemAlloc
OleCreate
OleSetContainedObject
CoUninitialize
CoSetProxyBlanket

user32

ClientToScreen
GetSystemMetrics
GetWindowThreadProcessId
SetWindowsHookExA
ScreenToClient
SetTimer
KillTimer
PostQuitMessage
DestroyWindow
GetWindowLongA
UnhookWindowsHookEx
SetWindowLongA
GetWindow
SendMessageA
FindWindowA
GetCursorPos
DefWindowProcA
RegisterWindowMessageA
PeekMessageA
TranslateMessage
GetMessageA
DispatchMessageA
GetParent
CreateWindowExA
GetClassNameA

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegQueryValueExA
DuplicateTokenEx
RegCloseKey
SetTokenInformation
GetUserNameA
RegSetValueExA
OpenProcessToken
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA

shell32

SHGetFolderPathA

Exports

Exports

d3dCommonsvc

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eprrwg
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0f628f9dbdfa2d21c6730d38426d84b

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 948B

eprrwg Size: 4KB - Virtual size: 4B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 948B

eprrwg
Size: 4KB - Virtual size: 4B

.reloc
Size: 8KB - Virtual size: 6KB