a7a8e40602ac787a26d0ca7f280d1921ed4608258ca6f78d04b23c45ef50a158

Sharing

Copy URL Twitter E-mail

General

Target

a7a8e40602ac787a26d0ca7f280d1921ed4608258ca6f78d04b23c45ef50a158
Size

423KB
MD5

9e81823191f6665694e6875445213298
SHA1

dadc089318b5d83560cc321d5f3c476973fc08e0
SHA256

a7a8e40602ac787a26d0ca7f280d1921ed4608258ca6f78d04b23c45ef50a158
SHA512

07e29df49cb4cb918d66e9304a5b0b7aa4baa1b756aa71fb79cb725d26b94835cdc5abef5fff8a2e31b59e1ac6e09fc837413e70d938e85c830f9c6c014c0810
SSDEEP

6144:NT51kvEyzqu6usmhsH8Xcv3Enz3SPCCIEhRhz/9VKG0QumVk0J3hh8YaYGGv+ASa:lrJk6uDqpUnDIp/pFVKUbNPaY7GA

Score

N/A

Malware Config

Signatures

Files

a7a8e40602ac787a26d0ca7f280d1921ed4608258ca6f78d04b23c45ef50a158
.dll windows x86

63c180374ce1865596096bb748de9a88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

FreeGPOListW
CreateEnvironmentBlock
GetProfilesDirectoryW
RegisterGPNotification
UnregisterGPNotification
ExpandEnvironmentStringsForUserW

kernel32

VirtualAlloc
VirtualFree
VerifyVersionInfoW
VerLanguageNameW
VerLanguageNameA
CreateNamedPipeW
EndUpdateResourceW
EnumLanguageGroupLocalesA
EnumResourceLanguagesA
ExitProcess
FindVolumeClose
GetACP
GetAtomNameW
GetCPInfo
GetCommandLineA
GetDriveTypeA
GetPrivateProfileIntA
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTimeZoneInformation
GlobalDeleteAtom
GlobalWire
HeapAlloc
IsDBCSLeadByte
OpenMutexA
QueueUserAPC
QueueUserWorkItem
RtlZeroMemory
SetCurrentDirectoryA
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
UnregisterWaitEx

crtdll

_memicmp
strspn
strcoll
ldiv
iswgraph
_mbsspnp
_mbcjistojms
_exit
_finite
_fpreset
_ismbcl1
_loaddll
_locking

ntdll

NtFreeUserPhysicalPages
RtlNtStatusToDosError
RtlValidRelativeSecurityDescriptor
ZwAlertResumeThread
ZwPowerInformation
RtlConvertUiListToApiList
NtSetInformationObject
NtRaiseException

rpcrt4

RpcSsFree
UuidFromStringA
char_from_ndr
short_from_ndr_temp
tree_into_ndr
RpcServerYield
CStdStubBuffer_CountRefs
RpcBindingReset
RpcServerRegisterIf
RpcServerUseAllProtseqsEx
RpcServerUseProtseqEpA

version

GetFileVersionInfoSizeA
VerInstallFileA
VerInstallFileW
VerQueryValueW
GetFileVersionInfoA

Exports

Exports

Ksdfhk
YsyirvzbBhwHLfg
bnrqgptuyvmz
cVgFzZkfnFzzJgjjS
eahiwdQ
ewV
kdv
njyvblrp
qdjzhwc
qdqfodryrp
rxsywzdbmtCuoljLaf
wbok
zxdhhqcsBfpkgz

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 691KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63c180374ce1865596096bb748de9a88

Headers

DLL Characteristics

File Characteristics

Imports

userenv

kernel32

crtdll

ntdll

rpcrt4

version

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 362KB - Virtual size: 691KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 362KB - Virtual size: 691KB

.rsrc
Size: 26KB - Virtual size: 26KB