98da0ccb50c6235ba9fc02b860f3708e5e6993271b21d8ffc8576e39c909e7bf

Sharing

Copy URL Twitter E-mail

General

Target

98da0ccb50c6235ba9fc02b860f3708e5e6993271b21d8ffc8576e39c909e7bf
Size

36KB
MD5

2045e82c597f8f58e98ffac3138996b0
SHA1

9918743028ed1e7794e8c38e72a6f7afae77029f
SHA256

98da0ccb50c6235ba9fc02b860f3708e5e6993271b21d8ffc8576e39c909e7bf
SHA512

9cd45d829eb5800b90d3ec3cace91f9ee2b71ebc7c0f0807475e9aa1251d7045c86414b325b0d3629a65f38c6e131706fc631e43d6debb02dc55398f244ad225
SSDEEP

768:D0CpacROMcxZZdEUnqSleCPq1lCDrL7yAlCkESruUifbEJd:D0CUMmZMUqSlbqTCDrVCkVuzfQJd

Score

N/A

Malware Config

Signatures

Files

98da0ccb50c6235ba9fc02b860f3708e5e6993271b21d8ffc8576e39c909e7bf
.dll windows x86

1d136a910fc59d4fab03db34253ef8ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord341
ord654
ord5603
ord5608
ord4278
ord5683
ord823
ord939
ord2818
ord5572
ord2915
ord6143
ord1247
ord6467
ord538
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord354
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord3584
ord543
ord803
ord1105
ord5861
ord940
ord5856
ord1997
ord6407
ord798
ord5194
ord533
ord941
ord2827
ord3337
ord6648
ord5465
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord5186
ord665
ord3318
ord1979
ord6883
ord4277
ord858
ord4129
ord6282
ord6283
ord922
ord540
ord537
ord924
ord860
ord6877
ord535
ord825
ord4202
ord2764
ord800
ord4274
ord541
ord3726
ord5829
ord3830
ord801

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
__CxxFrameHandler
isprint
_stricmp
atoi
strcmp
free
malloc
memcpy
strlen
memset
rand
_ftol
time
_EH_prolog
_strlwr
_onexit
__dllonexit

kernel32

GetModuleFileNameA
GetProcessHeap
CreateToolhelp32Snapshot
Process32First
Process32Next
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
InitializeCriticalSection
GetTickCount
LoadLibraryA
GetProcAddress
OpenProcess
FreeLibrary
CloseHandle
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentThreadId
LocalFree
DeleteCriticalSection
LocalAlloc

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

wsock32

WSACleanup
socket
gethostname
ioctlsocket
bind
gethostbyname
recv
closesocket
WSAStartup
htons
inet_addr
inet_ntoa

shlwapi

PathFileExistsA

Exports

Exports

GetModuleId
GetModuleVersion
ModuleStartup
OnKernelEventReceived

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d136a910fc59d4fab03db34253ef8ba

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

wsock32

shlwapi

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 2KB