ca928340435443530eb0cc1cfd8e6963d1048fcda01cb3df12b26f1df4f04926

Sharing

Copy URL Twitter E-mail

General

Target

ca928340435443530eb0cc1cfd8e6963d1048fcda01cb3df12b26f1df4f04926
Size

116KB
MD5

110134d1cb08be76b0262a90216ca5b7
SHA1

e1dcf648215a3d219071ea11a0c377cdbc4c2ebb
SHA256

ca928340435443530eb0cc1cfd8e6963d1048fcda01cb3df12b26f1df4f04926
SHA512

270bd87f02f7493b41505b3c03835e544cb86a87dfea6d2690622fa2e9a8618f73598752806735fdf96123748ed9c4944f83cf2f8128018048124e6b6599c110
SSDEEP

1536:mH7sDiiuwfyld0XHUBdEUCugPclGhxXcWAOgfxXqvQVnpn856G+Ymiwf:sAuDd0X0B7oxXlA/xXqYVnpn/Got

Score

N/A

Malware Config

Signatures

Files

ca928340435443530eb0cc1cfd8e6963d1048fcda01cb3df12b26f1df4f04926
.dll windows x86

9b789602511416990203eb85a30344e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

msvcrt

__CxxFrameHandler
strstr
??2@YAPAXI@Z
strlen
_ftol
ceil
memmove
memcpy
memcmp
??3@YAXPAX@Z
memset
free
malloc
_strnset
_strrev
_strnicmp
_strupr
_strcmpi
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
_beginthreadex
wcstombs
realloc
strncat
sprintf
_errno
strncmp
strchr
_snprintf
atoi
strncpy
strrchr
strcpy
strcat
strcmp
_except_handler3

kernel32

EnterCriticalSection
VirtualAlloc
CloseHandle
lstrcpyA
SetEvent
InterlockedExchange
CancelIo
DeleteFileA
GetLastError
CreateDirectoryA
lstrlenA
GetDriveTypeA
LeaveCriticalSection
LocalFree
FindNextFileA
FindFirstFileA
GetFileSize
ReadFile
SetFilePointer
WriteFile
lstrcatA
Sleep
GetModuleFileNameA
SetLastError
GetSystemDirectoryA
GetVersionExA
ExitProcess
GetCurrentProcess
GetVersion
VirtualFree
CreateThread
CreateRemoteThread
OpenProcess
GetLocalTime
TerminateThread
CreateEventA
MoveFileA
GetFileAttributesA
WaitForSingleObject
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CreateProcessA
TerminateProcess
PeekNamedPipe
OutputDebugStringA
GlobalMemoryStatusEx
GetSystemInfo
OpenEventA
SetErrorMode
SetUnhandledExceptionFilter
FreeConsole
LocalSize
GetCurrentThreadId
LocalAlloc
FreeLibrary
DeleteCriticalSection
LoadLibraryA
GetProcAddress
DeviceIoControl
FindClose
RaiseException

user32

IsWindow
SendMessageA
CloseWindow
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
IsWindowVisible
GetWindowThreadProcessId
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
GetCursorInfo
GetCursorPos
ReleaseDC
GetDesktopWindow
wsprintfA
ExitWindowsEx
MessageBoxA
GetWindowTextA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
EnumWindows
LoadCursorA
DestroyCursor
BlockInput
SystemParametersInfoA
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
GetSystemMetrics
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
SetRect
GetDC

gdi32

SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetDIBits
BitBlt
DeleteDC

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
RegOpenKeyExA
RegCloseKey
RegQueryValueA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegEnumKeyExA
LookupPrivilegeValueA
OpenProcessToken

shell32

SHGetFileInfoA

ws2_32

sendto
setsockopt
WSASocketA
inet_ntoa
gethostname
WSACleanup
getpeername
getsockname
bind
inet_addr
recv
__WSAFDIsSet
ioctlsocket
send
select
WSAStartup
connect
htons
ntohs
closesocket
socket
gethostbyname
recvfrom

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

msvfw32

ICClose
ICSeqCompressFrameEnd
ICCompressorFree
ICSeqCompressFrame
ICSeqCompressFrameStart
ICSendMessage
ICOpen

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

Eternal
Go
Heart
On
wanmei

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b789602511416990203eb85a30344e0

Headers

File Characteristics

Imports

shlwapi

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcp60

wininet

msvfw32

psapi

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 68KB

PAGE1 Size: 4KB - Virtual size: 1KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 72KB - Virtual size: 68KB

PAGE1
Size: 4KB - Virtual size: 1KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 5KB