b0d2994712af744cb1d2f3cd75656f74ba565207bfe418ed9515e8df043eb55a

Sharing

Copy URL

Twitter E-mail

General

Target

b0d2994712af744cb1d2f3cd75656f74ba565207bfe418ed9515e8df043eb55a
Size

156KB
MD5

cb9218e4e492caa2d6c35a12dbb97185
SHA1

d4d2cc94ecc59fa1403a80b849047f6da9c84f89
SHA256

b0d2994712af744cb1d2f3cd75656f74ba565207bfe418ed9515e8df043eb55a
SHA512

845a55c9b6eb493c282b4492002cce46b342d7fbfe7bfb7e90e7f443509f9a51ea1d448820d6e16a1b999c9b39fd4c5148d8169cd0d68e60a01199060252ac92
SSDEEP

3072:ZVhDfm9PFR+03DfOyVsEmtbRHm4KeyGcAqIHcMGyRf541:ZVQ9PFQ03DGyVsEGbftqqdGy341

Score

N/A

Malware Config

Signatures

Files

b0d2994712af744cb1d2f3cd75656f74ba565207bfe418ed9515e8df043eb55a
.dll windows x86

abe6478b246997f66feada8d408ccfa7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
GetCurrentProcess
HeapFree
UnmapViewOfFile
TerminateProcess
GetModuleHandleA
CreateEventA
GetModuleFileNameA
CreateProcessA
CloseHandle
HeapAlloc
EnterCriticalSection
GetLastError
Sleep
InterlockedIncrement
WaitForSingleObject
CopyFileA
ExitProcess
WriteFile
SetLastError
GlobalAlloc
InterlockedDecrement
GetCommandLineA
LocalFree
GetComputerNameA
GlobalFree
CreateFileA
OpenEventA
InterlockedCompareExchange
GetProcAddress
GetTickCount
OpenFileMappingA
GetVolumeInformationA
CreateDirectoryA
CreateFileMappingA
LeaveCriticalSection
MapViewOfFile
WriteProcessMemory
CreateMutexW
GetProcessHeap
LoadLibraryA

ole32

CoSetProxyBlanket
CoCreateGuid
OleSetContainedObject
CoTaskMemAlloc
CoInitialize
OleCreate
CoCreateInstance
CoUninitialize

user32

GetParent
UnhookWindowsHookEx
DefWindowProcA
FindWindowA
GetCursorPos
ScreenToClient
KillTimer
GetClassNameA
GetWindow
PostQuitMessage
SetWindowLongA
DispatchMessageA
GetWindowLongA
DestroyWindow
ClientToScreen
GetWindowThreadProcessId
SendMessageA
TranslateMessage
GetMessageA
GetSystemMetrics
PeekMessageA
CreateWindowExA
SetTimer
RegisterWindowMessageA
SetWindowsHookExA

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
SysAllocString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

DuplicateTokenEx
OpenProcessToken
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
GetUserNameA
SetTokenInformation
RegCloseKey
RegDeleteKeyA

shell32

SHGetFolderPathA

Exports

Exports

AsyncPadmm

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abe6478b246997f66feada8d408ccfa7

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 125KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 128KB - Virtual size: 125KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB