2d06703ff9cf774a1ace71240c28e3eaf8db409b46e83e869faf6c2f8d073784

Sharing

Copy URL Twitter E-mail

General

Target

2d06703ff9cf774a1ace71240c28e3eaf8db409b46e83e869faf6c2f8d073784
Size

111KB
MD5

538e6c0da97348f3bbabfcd5e8b63226
SHA1

c584e65b177d16add6e6c2b7b22eb3691895bf10
SHA256

2d06703ff9cf774a1ace71240c28e3eaf8db409b46e83e869faf6c2f8d073784
SHA512

58c4eb926240114a107a478071d17e70f7ecb7221a3f54b1c0a323ac1728713444d2a0958230d0faaf24a378985a064899c6a742976185206219ce2a33380641
SSDEEP

3072:3EWXC20RaKXlOcSLkKOtwZbdqYbwfsVtJFVr:3IdaElOhkJwZvMqp

Score

N/A

Malware Config

Signatures

Files

2d06703ff9cf774a1ace71240c28e3eaf8db409b46e83e869faf6c2f8d073784
.dll windows x86

7522245e6cc232301158159065ea1e0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
_swab
_stricmp
atoi
malloc
free
strstr
memset
_adjust_fdiv
_vsnprintf
memcpy

ntdll

RtlUnwind

kernel32

CreateEventA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
GetCurrentThreadId
LoadLibraryA
OpenProcess
MapViewOfFile
IsBadStringPtrA
GetCurrentProcessId
CreateMutexA
CreateFileMappingA
UnmapViewOfFile
ReadProcessMemory
GetLastError
WriteProcessMemory
FreeLibrary
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetTickCount
GlobalAlloc
GlobalFree
lstrcmpA
lstrcmpiA
HeapFree
HeapAlloc
GetProcessHeap
ResetEvent
SetEvent
WaitForSingleObject
CloseHandle
CreateProcessA
GetModuleFileNameA
FindClose
FindFirstFileA
lstrlenA
SetCurrentDirectoryA
Sleep
GetVersionExA
GetVersion
OpenEventA
OpenFileMappingA
OpenMutexA
ReleaseMutex

user32

LoadCursorA
GetClassNameA
PostMessageA
MsgWaitForMultipleObjects
CreateWindowExA
ShowWindow
PostThreadMessageA
SetWindowTextA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
RegisterClassA
DefWindowProcA
PostQuitMessage
DestroyWindow
UnregisterClassA
SendMessageA

advapi32

GetSecurityDescriptorDacl
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
OpenSCManagerA
DeleteService
RegOpenKeyA
CreateServiceA
RegCreateKeyA
QueryServiceStatusEx
EnumDependentServicesA
OpenServiceA
ControlService
CloseServiceHandle
SetSecurityInfo
QueryServiceConfigA
RegOpenKeyExA
QueryServiceObjectSecurity
RegCloseKey
BuildExplicitAccessWithNameA
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceObjectSecurity
InitializeAcl
FreeSid
IsValidSid
GetLengthSid
AllocateAndInitializeSid
AddAccessDeniedAce
AddAccessAllowedAce
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA

wsock32

bind
closesocket
socket

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

WSAStringToAddressA
freeaddrinfo
getaddrinfo

Exports

Exports

InstallService
MSIInstallService
MSIUnInstallService
RundllInstallA
RundllUninstallA
ServiceMain
UninstallService

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7522245e6cc232301158159065ea1e0e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

advapi32

wsock32

version

ws2_32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.data Size: 61KB - Virtual size: 62KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 45KB - Virtual size: 44KB

.data
Size: 61KB - Virtual size: 62KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB