c8139e247c1165bce2cd160f3468dde373a5d3358bc3aedc8880e4d2636a5fb3

Sharing

Copy URL Twitter E-mail

General

Target

c8139e247c1165bce2cd160f3468dde373a5d3358bc3aedc8880e4d2636a5fb3
Size

38KB
MD5

261bb18c4419ac2f7b57833aa9daf260
SHA1

2c1a01927e036ad3978c0cf1c670c7e2241a1836
SHA256

c8139e247c1165bce2cd160f3468dde373a5d3358bc3aedc8880e4d2636a5fb3
SHA512

99039147a8291ec820a0ea163c59c25a3411b212f411c3622f6bed096d2b9a14d0214dd574c40ad202c83d7bcccefaa104e93029f5404f90d3f51b3e63d17bdf
SSDEEP

768:7zvGhVRt//9jFyBPjtk+qUD7UNR7cWpYZgWzkd+kwM4kuB6xOKZ1BZKsizPeAPvw:7bEVz/1YAhZcv6xdBZ2Syvw

Score

N/A

Malware Config

Signatures

Files

c8139e247c1165bce2cd160f3468dde373a5d3358bc3aedc8880e4d2636a5fb3
.dll windows x86

5ead7eda92ed717ceee928e684811c35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PeekMessageA
GetMessageA
wsprintfA

wsock32

htons
gethostbyname
inet_addr
closesocket
WSAGetLastError
send
recv
ioctlsocket
WSACleanup
WSAStartup
connect
socket
setsockopt
gethostname

shlwapi

StrStrA
StrRChrA
StrToIntA
StrStrIA
wnsprintfA

kernel32

GetModuleHandleA
LoadLibraryExA
GetVersionExA
VirtualAlloc
VirtualFree
FreeLibrary
CloseHandle
WriteFile
lstrlenA
lstrcmpiA
TerminateProcess
lstrcatA
lstrcmpA
GetLastError
GetTickCount
lstrcpyA
FileTimeToLocalFileTime
FindClose
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
GetDiskFreeSpaceA
GetDriveTypeA
lstrcpynA
GetLogicalDriveStringsA
WaitForSingleObject
GetVersion
ReadFile
SetFilePointer
GetFileSize
DeleteFileA
GetTempPathA
GetTempFileNameA
GetWindowsDirectoryA
SetCurrentDirectoryA
GlobalFree
WideCharToMultiByte
LocalFree
OpenThread
GetCurrentThreadId
SleepEx
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
LocalAlloc
CreateFileA
GetSystemTime
CreateThread
GetModuleFileNameA
Sleep
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
TerminateThread

dnsapi

DnsQuery_A
DnsRecordListFree

advapi32

OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
OpenThreadToken
GetTokenInformation
ConvertSidToStringSidA
OpenProcessToken
GetUserNameA
CreateProcessAsUserA

winhttp

WinHttpOpen
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser

wininet

InternetOpenA
InternetConnectA
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetReadFile
HttpQueryInfoA
InternetWriteFile
HttpEndRequestA
InternetQueryOptionA
HttpSendRequestExA
InternetCloseHandle

msvcrt

srand
_strnicmp
strncpy
free
malloc
atoi
isalpha
strstr
fclose
fopen
time
strcat
difftime
strlen
strcpy
strchr
strrchr
__CxxFrameHandler
exit
_strlwr
isdigit
_initterm
_adjust_fdiv
_itoa
_stricmp
rand
memset
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z

dbghelp

ImageNtHeader

Exports

Exports

CReset
CResetA
StartProtect

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ead7eda92ed717ceee928e684811c35

Headers

File Characteristics

Imports

user32

wsock32

shlwapi

kernel32

dnsapi

advapi32

winhttp

wininet

msvcrt

dbghelp

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 2KB