aa3011b9dcf7d069203884120d498f964c4b38a33688b551f96a0bcfb51af434

Sharing

Copy URL Twitter E-mail

General

Target

aa3011b9dcf7d069203884120d498f964c4b38a33688b551f96a0bcfb51af434
Size

112KB
MD5

5e0f6a458c67f496e0f8d77617f860a0
SHA1

86709cc25a90759622ec52c6a230d00f70962626
SHA256

aa3011b9dcf7d069203884120d498f964c4b38a33688b551f96a0bcfb51af434
SHA512

44018d76e646fd49a044603f2780a815732bfb082a9427fa12e20ce994b38afb2b55afa70a24ce6e6d1f598ff45bbbddd2bd5ba71e9efaccf3d2a4cbf1927c60
SSDEEP

1536:R84sT+CnUM7+IBsSxhKqa5lshsovp8vc5JJNeN1L0QcKPLeTZleSMf4KbW:lMUM7JBsSxhKqkTo0c7+bbTjedlo4Ky

Score

N/A

Malware Config

Signatures

Files

aa3011b9dcf7d069203884120d498f964c4b38a33688b551f96a0bcfb51af434
.dll windows x86

b415292346fca1e1446866a1a145e462

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateFileA
InterlockedCompareExchange
QueryPerformanceCounter
UnhandledExceptionFilter
GetModuleHandleA
GetLastError
DeleteCriticalSection
VirtualAlloc
HeapCreate
HeapDestroy
ExitProcess
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
FileTimeToLocalFileTime
GetCurrentDirectoryA
RtlUnwind
GetTimeZoneInformation
GetCommandLineA
HeapAlloc
GetModuleHandleW
MoveFileExW
CopyFileW
DeleteFileW
CreateEventW
GetOverlappedResult
FindFirstFileW
FindNextFileW
GetVolumeInformationW
GetFileAttributesW
LocalFree
CreateEventA
GetFullPathNameA
WideCharToMultiByte
DeleteFileA
GetVersion
FlushFileBuffers
WriteFile
SetLastError
GetDiskFreeSpaceA
GetFileSize
CreateFileMappingA
MapViewOfFile
lstrlenA
LocalAlloc
GetTempPathA
GetFileAttributesA
GetFileInformationByHandle
Sleep
CreateDirectoryA
TlsAlloc
RaiseException
TlsGetValue
TlsSetValue
VirtualQuery
IsBadReadPtr
DuplicateHandle
GetExitCodeProcess
FileTimeToSystemTime
WaitForSingleObject
OpenProcess
CloseHandle
GetCurrentThread
FreeLibrary
GetSystemInfo
SetConsoleCtrlHandler
GetModuleFileNameA
FindNextFileA
OutputDebugStringA
TlsFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
SetHandleCount
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
GetLocaleInfoA
VirtualProtect
SetStdHandle
CompareStringA
SetEnvironmentVariableA
lstrcpynA
GetThreadLocale
VirtualFree
InterlockedDecrement
GetFileType
InterlockedIncrement
GetStartupInfoA
FindFirstFileA
FindClose
GetVersionExA
GetStringTypeExA
EnumCalendarInfoA
DisableThreadLibraryCalls
IsDebuggerPresent
Beep
GetFileAttributesExW
GlobalAddAtomA
GlobalAlloc
GlobalFree
GlobalGetAtomNameA
GlobalLock
GlobalReAlloc
GlobalSize
MulDiv
HeapFree
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
IsValidCodePage
HeapSize
MultiByteToWideChar
SetFilePointer
LCMapStringA

user32

GetCursor
GetClipboardOwner
GetClipboardFormatNameA
GetClipboardData
GetClientRect
GetCapture
GetAncestor
GetActiveWindow
FlashWindow
FillRect
EnumWindows
EnumClipboardFormats
EndPaint
EnableMenuItem
EmptyClipboard
DestroyWindow
DestroyIcon
DestroyCursor
CreateWindowExW
CreateIconIndirect
CreateCursor
CountClipboardFormats
CloseClipboard
ClientToScreen
BringWindowToTop
BeginPaint
AdjustWindowRectEx
CharToOemA
CharNextA
GetKeyboardType
CloseWindowStation
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
GetCursorPos
ExitWindowsEx
CloseDesktop
SetUserObjectSecurity
SetTimer
GetDesktopWindow
GetSystemMenu
GetSystemMetrics
GetThreadDesktop
GetUpdateRgn
GetUserObjectInformationA
GetWindow
GetWindowLongA
GetWindowRect
GetWindowRgn
InvalidateRect
InvalidateRgn
IsIconic
IsWindowVisible
KillTimer
LoadImageA
MapVirtualKeyA
MonitorFromWindow
PtInRect
RegisterClassExW
RegisterClipboardFormatA
ReleaseCapture
ReleaseDC
SetCapture
SetClipboardData
SetFocus
SetParent
SetRect
SetRectEmpty
GetDC
GetFocus
GetForegroundWindow
GetKeyNameTextA
GetKeyState
OpenInputDesktop
GetParent
SetWindowLongA
SetWindowTextW
ShowWindow
ToAsciiEx
ToUnicodeEx
WindowFromPoint

advapi32

DuplicateToken
GetFileSecurityA
MapGenericMask
AccessCheck
InitiateSystemShutdownA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateProcessAsUserA
DeleteAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
CopySid
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ImpersonateSelf
OpenThreadToken
RevertToSelf

shell32

DragFinish
DragQueryFileA
DragQueryFileW
DragQueryPoint
ExtractIconExA
DragAcceptFiles

ole32

CoUninitialize
CoQueryProxyBlanket
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString

version

GetFileVersionInfoA
VerQueryValueA

msvcrt

sscanf
sprintf
setlocale
exit
atoi
wcstombs
isleadbyte
strstr
tolower
strtok
strncmp
strcpy
localeconv
isdigit
calloc
isspace
strlen
realloc
memset
memchr
malloc
gmtime
fwrite
free
fread
ferror
abort
wcscmp
_getch
puts
strchr

imm32

ImmGetContext
ImmIsIME
ImmGetCompositionStringW

ws2_32

WSACleanup
WSASetLastError
WSAGetLastError
WSAEnumNetworkEvents
WSAStartup

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b415292346fca1e1446866a1a145e462

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

msvcrt

imm32

ws2_32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 16KB - Virtual size: 49KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 16KB - Virtual size: 49KB

.rsrc
Size: 12KB - Virtual size: 10KB