eea6845e946117116d19f25659f811ab049aa16fe3221a308c529c74efef4922

Sharing

Copy URL Twitter E-mail

General

Target

eea6845e946117116d19f25659f811ab049aa16fe3221a308c529c74efef4922
Size

64KB
MD5

2b0fddb3b1b4bfa928a49c9286c2e606
SHA1

4931d292fe970f787942f0cc9623daa18f88c37e
SHA256

eea6845e946117116d19f25659f811ab049aa16fe3221a308c529c74efef4922
SHA512

e5cc4d5ab773570cadedf4d9af01d1ece00ccb4de57dd1df7f9563f8a3894b7e02e250bf697152bbc4d8935b4e7d76da78ef39c09137275666ad794b997bb0ec
SSDEEP

768:txq+TTIa0ylAZfWRD7I/uxrfhyZsz/AN4JxnQ5TpqADw:txIa0W4fWF7qux1n/7nQ5TpZ

Score

N/A

Malware Config

Signatures

Files

eea6845e946117116d19f25659f811ab049aa16fe3221a308c529c74efef4922
.dll windows x86

9ad72119ca9723471cbe449810ab3e36

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
lstrlenW
ReleaseMutex
VirtualFreeEx
VirtualAllocEx
FindClose
FindNextFileA
lstrcmpiA
lstrcatA
GetCurrentProcess
Module32First
VirtualProtectEx
GetModuleHandleA
MultiByteToWideChar
CreateMutexA
DeleteFileA
GetModuleFileNameA
CopyFileA
TerminateProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
DisableThreadLibraryCalls
IsBadReadPtr
WriteFile
GetTempPathA
InitializeCriticalSection
LocalAlloc
CreateFileA
GetFileSize
ReadFile
LocalFree
GetLastError
CloseHandle
GetCurrentProcessId
WaitForSingleObject
Sleep
LoadLibraryA
GetProcAddress
WinExec
lstrcpyA
lstrlenA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

user32

GetForegroundWindow
GetWindowRect
GetDC
ReleaseDC
IsRectEmpty
OpenWindowStationA
OpenDesktopA
wsprintfA
GetWindowThreadProcessId
EnumWindows
SetThreadDesktop

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

ws2_32

htons
ioctlsocket
connect
select
recv
send
getpeername
closesocket
WSAStartup
gethostbyname
socket

msvcrt

strstr
free
sscanf
strchr
wcscmp
_splitpath
_purecall
rand
srand
__dllonexit
_onexit
malloc
strncpy
_mbscmp
atol
_mbsnbcmp
_mbsnbcpy
sprintf
strlen
_beginthreadex
_itoa
atoi
strcmp
strcpy
strrchr
strcat
memset
memcpy
__CxxFrameHandler
??2@YAPAXI@Z

shlwapi

StrStrIA

imagehlp

MakeSureDirectoryPathExists

wininet

HttpEndRequestA
HttpQueryInfoA
InternetReadFile
HttpSendRequestExA
InternetWriteFile
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetAttemptConnect

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdipSaveImageToFile
GdiplusStartup
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCloneImage
GdipDisposeImage

Exports

Exports

Install
_Install@16

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ad72119ca9723471cbe449810ab3e36

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp60

ws2_32

msvcrt

shlwapi

imagehlp

wininet

gdiplus

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 23KB - Virtual size: 39KB

shard Size: 10KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 23KB - Virtual size: 39KB

shard
Size: 10KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 3KB