d26ee009637aacda25d2cfdf776c3277905569ba5f43667a0013ef48e256c676

Sharing

Copy URL Twitter E-mail

General

Target

d26ee009637aacda25d2cfdf776c3277905569ba5f43667a0013ef48e256c676
Size

40KB
MD5

72dfa4abae68dbf637c4707ebd89f18c
SHA1

0b3a7a20ce840ef4c735cdc7ae0743509e680fd7
SHA256

d26ee009637aacda25d2cfdf776c3277905569ba5f43667a0013ef48e256c676
SHA512

5eb6d1330a496ac2fb4abd5b7052429b030a8eb76163ac31f8537f7d38ac003e084d714fd23fc0a11c49f78a6246ff9170d6c0843be2987ac9ab78c95970594c
SSDEEP

768:AIqezVoNowruENRtPPkDHY+4xX34mdDs/ilhIf:ALepoNRruENRhPv+4xc6lhIf

Score

N/A

Malware Config

Signatures

Files

d26ee009637aacda25d2cfdf776c3277905569ba5f43667a0013ef48e256c676
.dll windows x86

db8f4a603738b62fb04774d060beedc6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
WaitForMultipleObjects
DeleteFileW
Sleep
GetTickCount
CreateThread
GetComputerNameW
ReadFile
SetFilePointer
GetFileSize
CreateFileW
GetWindowsDirectoryW
Process32First
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
CreateProcessA
GetStartupInfoA
CreatePipe
GetWindowsDirectoryA
MultiByteToWideChar
PeekNamedPipe
GetTempFileNameA
FindClose
FindNextFileW
FindFirstFileW
GetDriveTypeA
GetModuleFileNameA
GetVersionExA
VirtualFree
VirtualAlloc
ExitProcess
GetLastError
CreateEventA
GetLocalTime
FindFirstFileA
SetFileAttributesA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
OutputDebugStringA
FreeLibrary
CreateFileA
WriteFile
CloseHandle
LoadLibraryA
GetProcAddress
FileTimeToSystemTime

advapi32

RegCloseKey
CreateProcessAsUserA
OpenProcessToken
DuplicateTokenEx
RegOpenKeyExA
RegQueryValueExA

msvcrt

strstr
??1type_info@@UAE@XZ
free
_initterm
_CxxThrowException
_adjust_fdiv
memmove
_mbschr
_except_handler3
_mbsstr
_mbsnbcpy
rand
strrchr
swprintf
sprintf
wcslen
wcscat
wcscpy
strchr
atoi
__CxxFrameHandler
??2@YAPAXI@Z
malloc
??3@YAXPAX@Z
_stricmp
_strnicmp
_wcsicmp

msvcp60

??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_Xlen@std@@YAXXZ
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z

ws2_32

htons
socket
accept
listen
connect
WSAGetLastError
recv
send
select
ioctlsocket
setsockopt
closesocket
WSAStartup
bind
gethostbyname
inet_ntoa
inet_addr

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

Exports

Exports

ServiceMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db8f4a603738b62fb04774d060beedc6

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

msvcp60

ws2_32

wininet

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB