a849b0d5578b154c906edec3516c70a75cf3c05720cfcbdcdf456179c395a630

Sharing

Copy URL Twitter E-mail

General

Target

a849b0d5578b154c906edec3516c70a75cf3c05720cfcbdcdf456179c395a630
Size

66KB
MD5

dfd20ce51e9df45cdcc103b4d9740961
SHA1

900c821d4afdc9eeaf51b667e88da7f7b2340829
SHA256

a849b0d5578b154c906edec3516c70a75cf3c05720cfcbdcdf456179c395a630
SHA512

373898856210b41a2a593dac56f8723237c2c43a2568deb3c0f6711f7ca7fcbfdafeaf323e65da055df65711bf6689cf47a9292272c76a082321cb5b26d223d8
SSDEEP

1536:PUF84S9mIuc1BLtAhtT3ICwGCI+6DVYWmoLb:q29RLuLT3IuCI16WmoL

Score

N/A

Malware Config

Signatures

Files

a849b0d5578b154c906edec3516c70a75cf3c05720cfcbdcdf456179c395a630
.dll windows x86

c883f472c5afe81625f0fe46f1fd68af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
CreateFileMappingA
CreateFileA
ResetEvent
WaitForSingleObject
CreateEventA
SleepEx
SetEvent
OpenEventA
WriteFile
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
DisableThreadLibraryCalls
ReadDirectoryChangesW
GetFileAttributesExA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetFileSize
ExitProcess
PulseEvent
FreeLibraryAndExitThread
VirtualFree
VirtualAlloc
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
GetCurrentProcessId
VirtualQuery
GetSystemInfo
Thread32Next
Thread32First
QueryDosDeviceA
OpenProcess
lstrlenW
GetVersionExA
FindNextFileA
FindFirstFileA
MultiByteToWideChar
ReadFile
CreatePipe
GetLastError
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CreateThread
ReleaseMutex
GetTempPathA
GetTempFileNameA
Sleep
CreateProcessA
WinExec
CopyFileA
SetFileAttributesA
FreeLibrary
CreateMutexA
LoadLibraryA
VirtualProtect
CloseHandle

user32

UnhookWindowsHookEx
PrintWindow
GetWindowRect
GetClientRect
GetWindowThreadProcessId
CallNextHookEx
GetDC
GetDesktopWindow
SendMessageA
GetDlgItem
IsRectEmpty
SetWindowsHookExA
ShowWindow
IsWindow
GetWindowDC
EnumDesktopWindows
GetWindowTextA
GetClassNameA
EnumWindows
EnumChildWindows

gdi32

DeleteObject
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
DeleteDC
BitBlt

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
SysStringLen
SysAllocString
SysFreeString

msvcp60

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

wininet

HttpQueryInfoA
InternetWriteFile
HttpEndRequestA
InternetCrackUrlA
InternetConnectA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
HttpSendRequestExA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA

ws2_32

gethostbyname
inet_ntoa
setsockopt
closesocket
WSACleanup

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

fopen
atol
printf
_except_handler3
__dllonexit
_onexit
_initterm
_adjust_fdiv
fclose
_memicmp
_mbsstr
_mbsupr
_snprintf
_ismbcprint
memcmp
strncpy
memset
_purecall
fwrite
fflush
strstr
_ltoa
abs
wcsstr
_mbslwr
free
wcscmp
malloc
_mbscmp
memmove
clock
_mbsrchr
_mbsnbcpy
_mbsicmp
_mbstok
atoi
strlen
_mbschr
__CxxFrameHandler
strcat
strcpy
sprintf
??2@YAPAXI@Z
memcpy

gdiplus

GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToStream
GdiplusStartup

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

shell32

SHGetFolderPathA

Exports

Exports

?GetOS@Utility@@SAKXZ
_LOADLIBRARY_DUMMY

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c883f472c5afe81625f0fe46f1fd68af

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp60

wininet

ws2_32

psapi

shlwapi

msvcrt

gdiplus

iphlpapi

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 62KB - Virtual size: 61KB

.reloc
Size: 3KB - Virtual size: 3KB