4a839870e06b845479c87c6163f5785ed2ed06560599b81c3d6e84a8b6e2a344

Sharing

Copy URL Twitter E-mail

General

Target

4a839870e06b845479c87c6163f5785ed2ed06560599b81c3d6e84a8b6e2a344
Size

152KB
MD5

5ce7c1bc0a69dfb8cd1af7fea0f8da30
SHA1

fc1362f53987cdfa116f810027fa147d73945451
SHA256

4a839870e06b845479c87c6163f5785ed2ed06560599b81c3d6e84a8b6e2a344
SHA512

a5d9ce368cd99bd18f39ed6ea0ec032f7faa856f6a3ef51e995ffd44e9eb5487554434f124fb64d06a5639b8b3d768456bfdf3ec95d7476e2ec91d71e4985112
SSDEEP

3072:tZ1JF5pcEHSiLfCGbxkEGE950PsHVTxMkz3/4AI7mufNk3Hwex+Xirb6aIaBxrBG:tzJF5pcASiLTIE93HVtTb/457miNk3w5

Score

N/A

Malware Config

Signatures

Files

4a839870e06b845479c87c6163f5785ed2ed06560599b81c3d6e84a8b6e2a344
.dll windows x86

1c8f33aca7a5a0ab43b45268707d46f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CreateFileA
GetModuleHandleA
SetLastError
ReadProcessMemory
GetProcAddress
ExitProcess
InterlockedDecrement
LocalFree
CloseHandle
CreateMutexW
GlobalFree
Sleep
GetVolumeInformationA
OpenEventA
GetCurrentProcess
MapViewOfFile
GetCommandLineA
GetComputerNameA
InterlockedIncrement
CreateEventA
GetProcessHeap
OpenFileMappingA
WriteFile
WriteProcessMemory
CopyFileA
HeapAlloc
GetLastError
CreateFileMappingA
CreateDirectoryA
InterlockedCompareExchange
HeapFree
LoadLibraryA
UnmapViewOfFile
TerminateProcess
CreateProcessA
GetTickCount

ole32

OleSetContainedObject
OleCreate
CoInitialize
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance
CoTaskMemAlloc
CoUninitialize

user32

GetClassNameA
GetCursorPos
ClientToScreen
PeekMessageA
GetMessageA
DispatchMessageA
GetParent
SetWindowLongA
PostQuitMessage
CreateWindowExA
GetWindowLongA
TranslateMessage
SetTimer
FindWindowA
ScreenToClient
UnhookWindowsHookEx
SendMessageA
DestroyWindow
DefWindowProcA
GetSystemMetrics
SetWindowsHookExA
GetWindow
KillTimer
RegisterWindowMessageA
GetWindowThreadProcessId

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegSetValueExA
DuplicateTokenEx
RegDeleteKeyA
OpenProcessToken
SetTokenInformation
RegCreateKeyExA
GetUserNameA
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFolderPathA

Exports

Exports

unicrtSvcs

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c8f33aca7a5a0ab43b45268707d46f7

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 980B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 980B

.reloc
Size: 8KB - Virtual size: 6KB