a57dee14bcea0f5735b8df7ff4846af4009a3651d301465b682ca08227330d9a

Sharing

Copy URL Twitter E-mail

General

Target

a57dee14bcea0f5735b8df7ff4846af4009a3651d301465b682ca08227330d9a
Size

144KB
MD5

0e88d9f5a5b4959a92c71e917fc9fda6
SHA1

bc2d87d1275972fd4df5bfb6a2971fea440dd771
SHA256

a57dee14bcea0f5735b8df7ff4846af4009a3651d301465b682ca08227330d9a
SHA512

f826a37e6edaae2e97b4b99897ef2508f18db720d59ab632c2b8bef9c1514de87524971bb783e63349ce6e7aec7b2713c0cd26085d582131b0fa81f8b8a2cff7
SSDEEP

3072:r4AAVqIwdSaBdilMkig2mDee7uFmoycCS6AJaNzH7gFM:oqPh6B2Xe7ImoxbSzHsF

Score

N/A

Malware Config

Signatures

Files

a57dee14bcea0f5735b8df7ff4846af4009a3651d301465b682ca08227330d9a
.dll windows x86

09fbcea20499236682e7f83f68c95b46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetTickCount
LoadLibraryA
GetVolumeInformationA
ExitProcess
UnmapViewOfFile
LeaveCriticalSection
InterlockedCompareExchange
OpenEventA
HeapAlloc
GlobalFree
WriteProcessMemory
MapViewOfFile
CreateProcessA
GetProcAddress
CreateDirectoryA
GetLastError
CreateFileA
GetCurrentProcess
LocalFree
WriteFile
HeapFree
Sleep
CreateFileMappingA
InterlockedIncrement
GetModuleHandleA
CreateMutexW
ReadProcessMemory
GetCommandLineA
CopyFileA
OpenFileMappingA
InterlockedDecrement
GetProcessHeap
CreateEventA
EnterCriticalSection
CloseHandle
GlobalAlloc
GetModuleFileNameA
GetComputerNameA
SetLastError
TerminateProcess

ole32

CoCreateInstance
CoInitialize
CoSetProxyBlanket
OleCreate
CoTaskMemAlloc
CoCreateGuid
OleSetContainedObject
CoUninitialize

user32

SetWindowsHookExA
GetWindowThreadProcessId
DefWindowProcA
TranslateMessage
GetCursorPos
GetSystemMetrics
RegisterWindowMessageA
CreateWindowExA
GetWindowLongA
ScreenToClient
KillTimer
GetWindow
PeekMessageA
SendMessageA
SetWindowLongA
GetParent
SetTimer
GetMessageA
GetClassNameA
FindWindowA
DispatchMessageA
PostQuitMessage
DestroyWindow
UnhookWindowsHookEx
ClientToScreen

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegOpenKeyExA
DuplicateTokenEx
RegDeleteValueA
RegCloseKey
GetUserNameA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
SetTokenInformation
RegCreateKeyExA

shell32

SHGetFolderPathA

Exports

Exports

winWIppm

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09fbcea20499236682e7f83f68c95b46

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 956B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 956B

.reloc
Size: 8KB - Virtual size: 6KB