f76ac320b91b088cd11afec70b6eb082e7b25ea85c31799a5aa8c21598fffa44

Sharing

Copy URL

Twitter E-mail

General

Target

f76ac320b91b088cd11afec70b6eb082e7b25ea85c31799a5aa8c21598fffa44
Size

106KB
MD5

1a9093e7387023299e61fddeb87a0583
SHA1

30d3a4e43528c39f732bbac3357818d848b883d0
SHA256

f76ac320b91b088cd11afec70b6eb082e7b25ea85c31799a5aa8c21598fffa44
SHA512

774378d02638c9f7bb177d49c876a079bb0b1d1b60ce0b5d65ae2369e897380a2ab60d3f09b4b6f12d45bdf9d4967185d850ff1996e7255cb838d55136065dea
SSDEEP

1536:fN8ptcpzTbgXaEGQVil7Get9WGqT+k50AFnVwA8JPG1hS:aKpTbgXrGIUV3WGtA8JPG7

Score

N/A

Malware Config

Signatures

Files

f76ac320b91b088cd11afec70b6eb082e7b25ea85c31799a5aa8c21598fffa44
.dll windows x86

fac8f9b60d42175d241059cd36482982

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetTickCount
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualAlloc
lstrcmpiA
VirtualFree
CreateFileMappingA
MapViewOfFile
GetFileSize
CreateDirectoryA
SetFileAttributesA
GetCurrentProcess
FindFirstFileA
GetLastError
FindNextFileA
FindClose
GetFileAttributesA
CompareStringW
CreateFileW
FlushFileBuffers
WriteFile
SetFilePointer
CloseHandle
ReadFile
CreateFileA
lstrcpyA
DeleteFileA
GetTempPathA
GetModuleFileNameA
MoveFileA
GetPrivateProfileStringA
GetSystemDirectoryA
Sleep
GetPrivateProfileIntA
SetErrorMode
lstrcpynA
lstrlenA
ExitProcess
UnmapViewOfFile
WideCharToMultiByte
GetStringTypeW
LCMapStringW
MultiByteToWideChar
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
HeapReAlloc
SetEnvironmentVariableA
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
HeapSize
HeapAlloc
HeapFree
ExitThread
GetCurrentThreadId
CreateThread
GetSystemTimeAsFileTime
DecodePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
EncodePointer
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetTimeZoneInformation
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW

user32

wsprintfA

advapi32

RegEnumValueA
CryptGetHashParam
CryptVerifySignatureA
CryptImportKey
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegOpenKeyExW
RegCloseKey
RegOpenKeyA

shell32

SHCreateDirectoryExA

ws2_32

htons
socket
gethostbyname
WSAStartup
connect
send
closesocket
recv

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

shlwapi

SHDeleteKeyA
StrStrIA
PathRemoveFileSpecA
StrStrA

Exports

Exports

ServiceMain
start

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fac8f9b60d42175d241059cd36482982

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wininet

shlwapi

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB