3be14a94644088ab4b6dcaf9ad29b0dbbf3c4bf786023078ae42e184619fc7ec

Sharing

Copy URL Twitter E-mail

General

Target

3be14a94644088ab4b6dcaf9ad29b0dbbf3c4bf786023078ae42e184619fc7ec
Size

41KB
MD5

ff32465752550aa8402cf57218cb5fd9
SHA1

f3e9ba9c802913b6b4e73e2328671548b22178d2
SHA256

3be14a94644088ab4b6dcaf9ad29b0dbbf3c4bf786023078ae42e184619fc7ec
SHA512

cbc55ae4d944cc5a7587cd074b66eb2c9db0a0ba126ad04573e91eaf46d76682c21d3733049d41299f7e396375859e9d036b2044ecaa650af268ebbc7d3fbe38
SSDEEP

768:YPNMsMl2iz3EdxQGFSxGktk6TDALQc4T/vZ/huTO2Xld0mMI32IZ0:YPNMsMkiz3EdxVFwGIk6T0arv5hYO2Vm

Score

N/A

Malware Config

Signatures

Files

3be14a94644088ab4b6dcaf9ad29b0dbbf3c4bf786023078ae42e184619fc7ec
.dll windows x86

d72f5c198242740a6a6db96edd8d720c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
LocalFree
GetLastError
GetVersionExA
GetProcAddress
LoadLibraryA
HeapFree
HeapAlloc
GetProcessHeap
SearchPathA
GetTempPathA
GetTickCount
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualFreeEx
WaitForSingleObject
WriteProcessMemory
VirtualAllocEx
CreateRemoteThread
DuplicateHandle
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
VirtualProtectEx
GetCurrentProcessId
CreateMutexA
CreateThread
ReleaseMutex
GetModuleFileNameA
lstrcmpiA
CloseHandle
lstrlenA
GetSystemDirectoryA
DeleteFileA
GetFileAttributesA
CreateFileA
WriteFile
ReadFile
IsBadReadPtr
TerminateProcess
Sleep
GetModuleHandleA
lstrcpyA
FreeLibrary
GlobalAlloc
GlobalReAlloc
GlobalFree

user32

GetWindowTextA
ReleaseDC
GetDC
wsprintfA
GetForegroundWindow

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetStockObject
GetObjectA
SelectPalette
RealizePalette
GetDIBits
CreateDCA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
SetSecurityInfo
SetEntriesInAclA
GetTokenInformation
OpenProcessToken

msvcrt

_stricmp
??2@YAPAXI@Z
??3@YAXPAX@Z
fclose
fwrite
fopen
free
memset
memcpy
_strupr
strtok
wcscpy
strlen
strstr
strcpy
strrchr
fread
rewind
ftell
fseek
sprintf
printf
malloc
_strlwr

ws2_32

WSACleanup
WSAStartup
recv
send
socket
htons
gethostbyname
connect
closesocket

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z

wininet

HttpSendRequestA
InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle

Exports

Exports

Install

Sections

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d72f5c198242740a6a6db96edd8d720c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

ws2_32

msvcp60

wininet

Exports

Exports

Sections

.bss Size: - Virtual size: 6KB

.data Size: 37KB - Virtual size: 37KB

.reloc Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 6KB

.data
Size: 37KB - Virtual size: 37KB

.reloc
Size: 2KB - Virtual size: 2KB