eb8301e06d4b9925dc8c59cbe0c58b138d74fd5e4571fb6b300c42930c2af2ba

Sharing

Copy URL Twitter E-mail

General

Target

eb8301e06d4b9925dc8c59cbe0c58b138d74fd5e4571fb6b300c42930c2af2ba
Size

260KB
MD5

ae822dda5aaf38606815f333b94f91e1
SHA1

42f17ea7af1f4e50844c0067bceb340cad7c50fe
SHA256

eb8301e06d4b9925dc8c59cbe0c58b138d74fd5e4571fb6b300c42930c2af2ba
SHA512

d8554bc4207592e11fd66bebbc013a4ca716978fb9e53e49f4845a0e8458e7067541314f909c8c04aeae9b80e9a7e00f4556406c46af6d652e92d058a6bc4790
SSDEEP

6144:RbojGXZl1Ep6L5uD8QQD1MCudQcDAWTXLa1Ys:hojajtL5uD8QQD1MCu2Ua1Y

Score

N/A

Malware Config

Signatures

Files

eb8301e06d4b9925dc8c59cbe0c58b138d74fd5e4571fb6b300c42930c2af2ba
.dll windows x86

92c41024898fbf51016cb09ba2c20fe3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
fclose
_wfopen
fputws
calloc
wcsncmp
_vscwprintf
_wcslwr
free
_except_handler4_common
memmove
_CxxThrowException
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
wcsspn
memcpy
memset
realloc
__CxxFrameHandler3
malloc
_wcsnicmp
iswspace
??1type_info@@UAE@XZ
wcstok
wcsstr
wcsrchr
wcspbrk
wcschr
_vsnwprintf
_wcsicmp
iswctype
towlower

ntdll

RtlNtStatusToDosError
NtQueryObject

kernel32

CreateMutexW
LoadLibraryW
InitializeCriticalSection
SetFileAttributesW
EnterCriticalSection
EncodePointer
ReleaseMutex
IsWow64Process
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
QueryDosDeviceW
GetLogicalDriveStringsW
OpenProcess
WaitForSingleObject
GetFileSizeEx
FindFirstFileW
FindNextFileW
FindClose
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
OutputDebugStringW
OutputDebugStringA
GetModuleHandleA
VirtualProtect
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
lstrlenW
lstrcmpiW
CopyFileW
CreateDirectoryW
GetFileInformationByHandle
GetCurrentThreadId
GetFileAttributesW
SearchPathW
SetLastError
LocalAlloc
GetModuleFileNameW
VirtualQuery
LocalFree
GetCurrentDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
FreeLibrary
GetProcAddress
GetLastError
GetProcessId
GetCurrentProcessId
HeapFree
GetProcessHeap
InterlockedDecrement
HeapAlloc
InterlockedIncrement
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
CloseHandle
WaitForSingleObjectEx
OpenEventW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
TerminateProcess
DecodePointer
CreateFileW
DeviceIoControl

shlwapi

PathFindFileNameW
ord154
ord152
PathIsUNCW
PathSkipRootW
ord437
ord158
ord156
ord157
PathGetArgsW
StrDupW
SHRegGetValueW

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString

advapi32

RegCloseKey
RegOpenKeyExW
DecryptFileW
EncryptFileW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyW
RegCreateKeyExW
RegQueryValueExW

iertutil

ord50
ord170
ord58
ord305
ord45

shell32

ShellExecuteExW
SHGetFolderPathW

user32

GetForegroundWindow
GetWindowThreadProcessId
GetPropW
GetClassNameW
AllowSetForegroundWindow
GetGUIThreadInfo

Exports

Exports

AcRedirNotify
AcRedirNotifySetEnabled
AcRedirSetEnabled
IEShims_GetOriginatingThreadId
IEShims_InDllMainContext
IEShims_Initialize
IEShims_SetRedirectRegistryForThread
IEShims_Uninitialize

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92c41024898fbf51016cb09ba2c20fe3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

shlwapi

ole32

oleaut32

advapi32

iertutil

shell32

user32

Exports

Exports

Sections

.text Size: 175KB - Virtual size: 175KB

.data Size: 65KB - Virtual size: 68KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 175KB - Virtual size: 175KB

.data
Size: 65KB - Virtual size: 68KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB