6d3efbd1fa6a1c436e0a0b8ef3a544f6bbb0d6e14d82940f76c7d092d6a885e8

Sharing

Copy URL Twitter E-mail

General

Target

6d3efbd1fa6a1c436e0a0b8ef3a544f6bbb0d6e14d82940f76c7d092d6a885e8
Size

93KB
MD5

eada598cc45e8f44709423296b66cd44
SHA1

12983d655d40c776e065d0b7afdd58434adbf003
SHA256

6d3efbd1fa6a1c436e0a0b8ef3a544f6bbb0d6e14d82940f76c7d092d6a885e8
SHA512

5dfd8ba33b6a2068f24af17d4ab089ecef2d0ca1aafc6267d96290a9412b6755b2a95b64660e9799ccf735d7b8ec5e1a360bdbd5fe81b03803268f3e8de59515
SSDEEP

1536:E6YlNaTQSTlWIROq6xWl93aK3k5NdkND75SgyIZCnlR8UUwgE:l8gQElW0exOB3KID753yIZCT8UUK

Score

N/A

Malware Config

Signatures

Files

6d3efbd1fa6a1c436e0a0b8ef3a544f6bbb0d6e14d82940f76c7d092d6a885e8
.dll windows x86

42760fe0d015c309500e5dd6f825afec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
lstrlenA
GetExitCodeThread
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
SetErrorMode
CreateThread
MoveFileExA
GetCommandLineA
GetLocaleInfoA
UnmapViewOfFile
VirtualAlloc
GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileA
ReadFile
SetFilePointer
GetPrivateProfileStringA
lstrcpyA
GetLocalTime
VirtualFree
lstrcmpA
GetLastError
GetCurrentThread
WriteFile
GetTickCount
CopyFileA
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
CreateMutexA
GetFileAttributesA
GetVersionExA
CreateFileW
CreateProcessW
GetVersionExW
DeleteFileW
GetPrivateProfileStringW
SetCurrentDirectoryW
GetModuleFileNameW
CompareStringW
FlushFileBuffers
GetStringTypeW
lstrlenW
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
Sleep
GetModuleFileNameA
OpenMutexA
lstrcpynA
CloseHandle
LCMapStringW
WriteConsoleW
SetStdHandle
HeapReAlloc
MultiByteToWideChar
SetEnvironmentVariableA
HeapSize
LoadLibraryW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
VirtualQuery
SetLastError
VirtualProtect
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
DecodePointer
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
IsProcessorFeaturePresent
GetTimeZoneInformation
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
EnterCriticalSection

user32

CharLowerA
CreateDesktopA
CloseDesktop
OpenDesktopA
wsprintfW

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

ws2_32

htons
recv
closesocket
WSAStartup
send
connect
socket
ntohs

shlwapi

StrStrIA
PathRemoveFileSpecA
PathRemoveFileSpecW

Exports

Exports

?Detoured@@YGPAUHINSTANCE__@@XZ
start

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42760fe0d015c309500e5dd6f825afec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 7KB