81790b54d7f1ed2d71ae7e808712abaddcf1cbdfcf357208c64e5ce3ed48f69d

Sharing

Copy URL Twitter E-mail

General

Target

81790b54d7f1ed2d71ae7e808712abaddcf1cbdfcf357208c64e5ce3ed48f69d
Size

438KB
MD5

b1267894fd7ed8c5d15be338ab5ac7f0
SHA1

25c983308ce28af8d340a7ff3fec2c9f33d6e271
SHA256

81790b54d7f1ed2d71ae7e808712abaddcf1cbdfcf357208c64e5ce3ed48f69d
SHA512

c89ea4390d5431f9b36adad255ed9e020a68f875dc55cca9c165ba1683c203180d209d89dcc6c6cb8b4ca24cb64c3f22d1f9b4f953ac6a538b7a764200fbb33a
SSDEEP

12288:d5/0RUcjnzN9a4ZeDsMChLqXi+F/+Ic9I:d5/06+2XDhxmI+

Score

N/A

Malware Config

Signatures

Files

81790b54d7f1ed2d71ae7e808712abaddcf1cbdfcf357208c64e5ce3ed48f69d
.dll windows x86

f06cafdf1dfba5441e2521dc472d5e6f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AddAuditAccessAceEx
AllocateAndInitializeSid
ControlService
CryptGetUserKey
DestroyPrivateObjectSecurity
EqualSid
GetSidIdentifierAuthority
GetSidLengthRequired
GetTokenInformation
LookupPrivilegeValueA
LsaCreateTrustedDomain
LsaGetSystemAccessAccount
NotifyBootConfigStatus
OpenProcessToken
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
SetThreadToken
SystemFunction001
SystemFunction030

shell32

FreeIconList
SHGetFolderPathW

user32

BlockInput
CheckRadioButton
DispatchMessageA
DrawIcon
EnableWindow
EnumThreadWindows
EnumWindows
ExcludeUpdateRgn
ExitWindowsEx
FillRect
FrameRect
GetWindowRect
IsWindow
LoadIconA
MessageBoxA
PeekMessageA
PostMessageA
PtInRect
ScrollWindowEx
SendMessageA
SetForegroundWindow
SetThreadDesktop
ShowScrollBar
TranslateMessage
AdjustWindowRect

msvcrt

_except_handler3
__CxxFrameHandler
_exit
__dllonexit
__getmainargs
__p___wargv
__p__amblksiz
__p__commode
__p__fmode
__set_app_type
_adjust_fdiv
_c_exit
strstr
strncpy
strcspn
sqrt
sprintf
getchar
exp
exit
_strupr
_strnicmp
_setmbcp
_scalb
_onexit
_initterm
_CIexp
_controlfp
_XcptFilter
_cexit
__setusermatherr

kernel32

lstrlenA
WaitForSingleObject
VirtualAlloc
VerSetConditionMask
UnhandledExceptionFilter
TerminateProcess
Sleep
SetUnhandledExceptionFilter
SetTapePosition
SetLastError
ReadFile
QueryPerformanceCounter
LocalFileTimeToFileTime
LoadModule
LoadLibraryA
Heap32First
GetWindowsDirectoryA
GetVersionExA
GetTickCount
GetSystemDirectoryA
GetStartupInfoA
GetProcessPriorityBoost
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFullPathNameA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
GetCommState
GetCommConfig
FreeLibrary
FindNextFileA
FindFirstFileA
FindClose
CreateProcessA
CopyFileA
ContinueDebugEvent
CloseHandle

Exports

Exports

EvalCode
Get
HashNotImplemented
IncrementalDecoder
New
Number_Float
_setsig

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f06cafdf1dfba5441e2521dc472d5e6f

Headers

File Characteristics

Imports

advapi32

shell32

user32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 205KB - Virtual size: 205KB

.data Size: 108KB - Virtual size: 108KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 205KB - Virtual size: 205KB

.data
Size: 108KB - Virtual size: 108KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB