9edfa47cd435528d24bd43d85a84968c27ffc11f4410fc6941a0cae20f633485

Sharing

Copy URL Twitter E-mail

General

Target

9edfa47cd435528d24bd43d85a84968c27ffc11f4410fc6941a0cae20f633485
Size

23KB
MD5

99aaac20eef48c54a76e588c9e7b8f4f
SHA1

ea0660a46a6425a8d3bf594e8204e58711dd3751
SHA256

9edfa47cd435528d24bd43d85a84968c27ffc11f4410fc6941a0cae20f633485
SHA512

871354add1c1a2f6c3bc7394693a5b11c9bdcf99517aee98d48fef4816cda4f742faa06960d2472b2429cb8503c0d81746c23ea29ef86d33d9bd58185750f11c
SSDEEP

384:qAq+kAdDlnVZHbgzrYQalRdFamXIYAnyyy2xlmYdbocFouoi0GgWvwWk:qTOdlVZ7UYQyhJyy2uYHT0cG

Score

N/A

Malware Config

Signatures

Files

9edfa47cd435528d24bd43d85a84968c27ffc11f4410fc6941a0cae20f633485
.dll windows x86

8e01d930bcdffd101da12a994b2ce5fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsA
FreeLibrary
GetModuleHandleA
ExitThread
DeleteFileA
GlobalFree
GetTempPathA
CreateDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
DeviceIoControl
Process32Next
Process32First
CreateNamedPipeA
GetSystemDirectoryA
GetCurrentProcessId
CreateEventA
lstrcmpiW
DuplicateHandle
OpenProcess
LoadLibraryExA
GlobalMemoryStatusEx
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
Sleep
ConnectNamedPipe
GetLastError
ReadFile
LoadLibraryA
GetProcAddress
InterlockedExchange
GetModuleFileNameA
CreateFileA
GetFileSize
CloseHandle
GetTickCount
MoveFileA
MoveFileExA
CopyFileA
SetFilePointer
GlobalAlloc
WriteFile
CreateThread
CreateToolhelp32Snapshot
lstrcmpiA

user32

wsprintfW
wsprintfA

advapi32

CreateProcessAsUserA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegisterServiceCtrlHandlerW
SetServiceStatus
CreateServiceA
RegCreateKeyExA
RegSetValueExA
StartServiceA
QueryServiceStatus
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle
SetTokenInformation
DuplicateTokenEx
OpenProcessToken

ws2_32

closesocket
gethostbyname
inet_addr
WSAStartup
setsockopt
getsockopt
connect
htons
socket
send
gethostname
recv

Exports

Exports

ServiceMain
wcslen

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

...
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e01d930bcdffd101da12a994b2ce5fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1KB

... Size: 512B - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1KB

...
Size: 512B - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB