9dce6351cd89754957cdb201bfd1c5a3c520acfbc41a6e87f5da5101191cff70

Sharing

Copy URL Twitter E-mail

General

Target

9dce6351cd89754957cdb201bfd1c5a3c520acfbc41a6e87f5da5101191cff70
Size

253KB
MD5

6e51b2513e5954b1a646c52aeea1ecb0
SHA1

0758b6d91527f8b61c220ae6160d148d13f0d965
SHA256

9dce6351cd89754957cdb201bfd1c5a3c520acfbc41a6e87f5da5101191cff70
SHA512

efae87b29a00860714f71778c3fa1a0e6e8b0d9fcf2a4d5cc19db82a67276b6d19fc1f056cbd8bd751b61179d2461aa22833f05f039d86811db4836b440a923d
SSDEEP

6144:/wOmnxwL7Yn/+j1hr4xRIMQeWAO5Po7Qcc/HRE0:/wOmnxwLGYhsxGu1O5Po7boO0

Score

N/A

Malware Config

Signatures

Files

9dce6351cd89754957cdb201bfd1c5a3c520acfbc41a6e87f5da5101191cff70
.dll windows x86

4bec8ad16bda6f9a4104f8f28991d8e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
CryptAcquireContextW
CryptImportKey
CryptDestroyKey
MD5Init
MD5Update
MD5Final
CreateProcessAsUserA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo

ntdll

ZwAlertThread
ZwWaitHighEventPair
ZwSetHighWaitLowEventPair
ZwCreateEventPair
ZwSetLowEventPair
RtlAdjustPrivilege
RtlEqualUnicodeString
ZwQuerySystemInformation
ZwSetInformationToken
ZwDuplicateToken
ZwAdjustPrivilegesToken
ZwOpenProcessToken
RtlInitUnicodeString
ZwQueryVolumeInformationFile
strstr
qsort
RtlImageNtHeader
ZwWaitForSingleObject
ZwDelayExecution
strchr
_snprintf
_wcsicmp
_wcslwr
wcsstr
wcschr
RtlRemoveVectoredExceptionHandler
RtlAddVectoredExceptionHandler
strtoul
sscanf
RtlGetFrame
RtlPushFrame
RtlPopFrame
LdrAccessResource
LdrFindResource_U
ZwSetEaFile
ZwQueryEaFile
ZwClose
RtlFreeUnicodeString
RtlComputeCrc32
_strnicmp
_strlwr
strncpy
_stricmp
ZwSetEvent
ZwUnmapViewOfSection
ZwOpenEvent
ZwOpenSection
ZwMapViewOfSection
ZwCreateEvent
ZwCreateSection
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
vsprintf
memmove
ZwQueryInformationProcess
RtlTimeToSecondsSince1970
RtlTimeToSecondsSince1980
ZwQueryInformationToken
RtlRandom
RtlImageDirectoryEntryToData
strpbrk
_wcsnicmp
RtlExitUserThread
strrchr
wcsrchr
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
memcpy
memset
_allmul
RtlUnwind
ZwSetSystemPowerState
ZwOpenFile
RtlDosPathNameToNtPathName_U
swprintf
sprintf
RtlNtStatusToDosError
RtlInterlockedPopEntrySList
RtlInterlockedPushEntrySList
RtlIpv4StringToAddressA
NtQueryVirtualMemory

ws2_32

closesocket
WSAGetLastError
WSASocketA
shutdown
WSAStartup
WSARecvFrom
WSASendTo
setsockopt
WSASend
WSARecv
WSAIoctl
listen
bind
WSASocketW
getsockname

version

VerQueryValueW

shlwapi

SHGetValueA
PathRemoveExtensionA
PathFindFileNameA
PathRemoveBackslashA
StrStrIA
PathRemoveBackslashW
SHSetValueA
SHRegCloseUSKey
SHRegCreateUSKeyA

urlmon

ObtainUserAgentString
CoInternetSetFeatureEnabled
CreateURLMonikerEx
UrlMkSetSessionOption

kernel32

SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LocalFree
GetSystemInfo
GetVersionExA
GetLocaleInfoA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
CreateWaitableTimerA
SetWaitableTimer
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
SetUnhandledExceptionFilter
GetCommandLineA
GetModuleFileNameA
ReleaseMutex
CreateMutexA
GetSystemTimeAsFileTime
WaitForMultipleObjects
OpenProcess
ExitProcess
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetProcAddress
GetExitCodeProcess
SetInformationJobObject
CreateJobObjectW
DeleteFileA
ReadFile
GetFileSize
WaitForSingleObject
FlushFileBuffers
SetEndOfFile
WriteFile
CreateFileA
GetTempPathA
TerminateProcess
ResumeThread
AssignProcessToJobObject
SetThreadContext
GetThreadContext
WriteProcessMemory
VirtualAllocEx
CreateProcessA
FreeLibrary
MultiByteToWideChar
CreateThread
CloseHandle
Sleep
VirtualProtect
LoadLibraryA
GetTickCount
VirtualAlloc
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetLastError
BindIoCompletionCallback
VirtualFree

user32

CreateWindowExW
GetMessageW
GetClassNameW
DefWindowProcW
GetSystemMetrics
ExitWindowsEx
SendMessageW
DispatchMessageW
UnregisterClassW
GetClientRect
ChildWindowFromPoint
RegisterClassW
KillTimer
PostQuitMessage
DestroyWindow
SetTimer
PostMessageW
wsprintfW

ole32

CreateBindCtx
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
CoTaskMemAlloc

shell32

ShellExecuteA

secur32

AcquireCredentialsHandleW
EncryptMessage
FreeContextBuffer
DecryptMessage
AcceptSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
DeleteSecurityContext
QueryContextAttributesW

crypt32

CertFreeCertificateContext
CryptVerifyMessageSignature
CertSetCertificateContextProperty
CertCreateCertificateContext
CryptSignAndEncodeCertificate
CryptExportPublicKeyInfo
CertVerifyCertificateChainPolicy
CertGetCertificateChain

wintrust

WinVerifyTrust

mswsock

AcceptEx

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bec8ad16bda6f9a4104f8f28991d8e6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ntdll

ws2_32

version

shlwapi

urlmon

kernel32

user32

ole32

shell32

secur32

crypt32

wintrust

mswsock

oleaut32

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 224B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 224B

.reloc
Size: 6KB - Virtual size: 5KB