bdd9da68a452415d797ce15cafb336392455473d37430018a94f0bc6972e8351

Sharing

Copy URL

Twitter E-mail

General

Target

bdd9da68a452415d797ce15cafb336392455473d37430018a94f0bc6972e8351
Size

136KB
MD5

f7eabf9b3045060a75471226dbd4e840
SHA1

d71b906d0c1a549a790e3eef982cb9fa2e5683d5
SHA256

bdd9da68a452415d797ce15cafb336392455473d37430018a94f0bc6972e8351
SHA512

2489a917a818c7be38c393ecdcfd3da043cbb71e80e0c0e20aa392953e9b9dfe93df37814f313f4922107ed5ddf2abeec7a3fd609007a069ea9acbaa0c944bb1
SSDEEP

3072:gVwFgtzG0FBZ/TpN6zxO8lAImGWS1PWBdV:gVMUBNTD56mGZP

Score

N/A

Malware Config

Signatures

Files

bdd9da68a452415d797ce15cafb336392455473d37430018a94f0bc6972e8351
.dll windows x86

e45ddcf87ea2a6f0c434b9c0c3629f18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

BuildTrusteeWithNameA
CreateProcessAsUserA
CryptDecrypt
GetSecurityDescriptorGroup
LookupSecurityDescriptorPartsA
LsaLookupPrivilegeValue
MapGenericMask
OpenProcessToken
RegCloseKey
RegOpenCurrentUser
RegOpenKeyExW
RegOverridePredefKey
RegQueryValueExW
SystemFunction029
TraceEvent
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW

gdi32

DeleteMetaFile
GdiStartPageEMF
GetBitmapDimensionEx
GetRgnBox
GetStockObject
GetTextCharacterExtra
LineTo
WidenPath

kernel32

LoadResource
FindResourceA
BuildCommDCBA
CloseHandle
CreateDirectoryW
DeleteFileW
DeleteTimerQueueTimer
DeleteVolumeMountPointW
DisableThreadLibraryCalls
FreeLibrary
GetFileAttributesW
GetLastError
GetProcAddress
GetProcessTimes
GetProfileSectionA
GetShortPathNameW
GetSystemTimeAsFileTime
GlobalSize
Heap32ListNext
LocalAlloc
LocalFree
LockResource
Module32First
MoveFileExW
MoveFileW
RemoveDirectoryW
TlsAlloc
TlsSetValue
UnmapViewOfFile
WaitCommEvent
WriteFile
WritePrivateProfileSectionW
WriteProfileSectionW
_lcreat
_lopen
Beep
CompareStringW
CreateFileW
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageW
GetCurrentProcess
HeapDestroy
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenA
lstrlenW
VirtualAlloc
GetCommandLineW
CompareStringA
GetLocaleInfoW
GetSystemInfo
GetTimeZoneInformation
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
HeapSize
LoadLibraryA
VirtualQuery
InterlockedExchange
RtlUnwind
IsBadWritePtr
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
FatalAppExitA
VirtualFree
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
HeapFree
TlsGetValue
TlsFree
GetCurrentThread
GetCurrentThreadId
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
SetLastError
SetEnvironmentVariableA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
StgOpenStorageOnILockBytes
STGMEDIUM_UserSize
OleSetContainedObject
CoSetCancelObject
CLSIDFromProgIDEx
OleRun

oleaut32

CreateDispTypeInfo
LoadTypeLibEx
OleLoadPictureEx
VarBstrFromDate
VarBstrFromDisp
VarCyFix
VarDateFromR8
VarFormatDateTime
VarUI4FromI1
VarR8FromDec

rpcrt4

RpcProtseqVectorFreeW
RpcMgmtEpEltInqNextW
NdrStubGetBuffer
NdrPointerMarshall
NdrNonConformantStringMarshall
NdrMesProcEncodeDecode2
NdrFullPointerQueryRefId
MesInqProcEncodingId
I_RpcTransConnectionAllocatePacket
I_RpcConnectionSetSockBuffSize
I_RpcBindingInqSecurityContext
RpcSsSetThreadHandle

user32

CreateCursor
GetWindowTextLengthA
InsertMenuItemW
LookupIconIdFromDirectoryEx
MessageBoxIndirectA
MessageBoxW
SendMessageTimeoutW
CharNextW
LoadStringW
wsprintfW

Exports

Exports

dkklxop

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e45ddcf87ea2a6f0c434b9c0c3629f18

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

rpcrt4

user32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 28KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB