ccf4098301f5426c38e4f6428e8ed3b776ee085a0f78ebe7b4e158a519090105

Sharing

Copy URL

Twitter E-mail

General

Target

ccf4098301f5426c38e4f6428e8ed3b776ee085a0f78ebe7b4e158a519090105
Size

76KB
MD5

720f4b2ef1aff0889c750498a193cdcd
SHA1

4223fd3ce0a179af85a5e21cd9d28c14286a6e78
SHA256

ccf4098301f5426c38e4f6428e8ed3b776ee085a0f78ebe7b4e158a519090105
SHA512

7719bfd3e00010f9b0aeba5166d324332b58b57318b74806aca98e12c993122d1629696787a841ac7926f9a3a7322e78e6311db850535e4cf52828ea22b1e266
SSDEEP

1536:kEDuOu9FnH+DQQmm98F6M8/QC+s5IOeHnToIf1OxczY68bOD6:k+QeDPL/Q7sTeHTBfEuzY68bOD

Score

N/A

Malware Config

Signatures

Files

ccf4098301f5426c38e4f6428e8ed3b776ee085a0f78ebe7b4e158a519090105
.dll windows x86

66e94aae561a702d611ebb9ecd11b7af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostMessageA
OpenDesktopA
GetThreadDesktop
OpenWindowStationA
OpenInputDesktop
wsprintfA
CloseWindow
CreateWindowExA
IsWindow
GetUserObjectInformationA
GetDesktopWindow
GetDC
ExitWindowsEx
GetWindowTextA
GetProcessWindowStation
GetKeyNameTextA
CallNextHookEx
GetActiveWindow
UnhookWindowsHookEx
SendMessageA
SetWindowsHookExA
keybd_event
MapVirtualKeyA
SystemParametersInfoA
WindowFromPoint
SetThreadDesktop
CloseDesktop
IsWindowVisible
CloseWindowStation
SetProcessWindowStation
GetWindowThreadProcessId
EnumWindows
GetCursorPos
ReleaseDC
SetCursorPos
SetCapture
GetSystemMetrics
SetRect
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
mouse_event

kernel32

Sleep
CloseHandle
OpenEventA
SetErrorMode
CreateMutexA
GetTickCount
lstrcpyA
SetUnhandledExceptionFilter
FreeConsole
lstrcpynA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
DeleteFileA
CreateProcessA
lstrcatA
ReleaseMutex
WaitForSingleObject
lstrlenA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
FreeLibrary
GetProcAddress
GetDiskFreeSpaceExA
WriteFile
MoveFileA
CreateThread
LoadLibraryA
MoveFileExA
GetSystemDirectoryA
GlobalMemoryStatus
GetComputerNameA
GetVersionExA
GetLocalTime
GetFileAttributesA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
HeapFree
GetProcessHeap
HeapAlloc
SetEvent
InterlockedExchange
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetLastError
SetLastError
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
ResetEvent
CancelIo
OpenProcess
Process32Next
LocalSize
Process32First
CreateToolhelp32Snapshot
TerminateThread
GetDiskFreeSpaceA
lstrcmpiA
GetCurrentThreadId
GetTempPathA
GetCurrentProcess
CreateEventA
GetDriveTypeA
GetSystemInfo

msvcrt

strstr
printf
strrchr
strcmp
_ftol
strcpy
??2@YAPAXI@Z
_except_handler3
_CxxThrowException
sprintf
strcat
memcpy
ceil
atoi
strtok
fclose
fread
fopen
__dllonexit
_onexit
??1type_info@@UAE@XZ
free
_initterm
memmove
_adjust_fdiv
wcstombs
??3@YAXPAX@Z
strncpy
memcmp
_beginthreadex
malloc
_EH_prolog
strlen
memset
__CxxFrameHandler

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

shell32

SHGetFileInfoA

shlwapi

SHDeleteKeyA

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

gdi32

GetPaletteEntries
CreateHalftonePalette
SelectObject
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
send
gethostname
socket
select
recv
gethostbyname
htons
inet_addr
setsockopt
connect
closesocket
getsockname

psapi

GetModuleFileNameExA
EnumProcessModules

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

urlmon

URLDownloadToFileA

advapi32

InitializeSecurityDescriptor
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
QueryServiceStatus
DeleteService
SetServiceStatus
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
SetSecurityDescriptorDacl
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
RegisterServiceCtrlHandlerA
FreeSid
RegOpenKeyExA
RegQueryValueA
RegCloseKey

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Exports

Exports

ServiceMain

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66e94aae561a702d611ebb9ecd11b7af

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

msvcp60

shell32

shlwapi

imm32

gdi32

ws2_32

psapi

avicap32

urlmon

advapi32

wtsapi32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB