0babc3000c3cbbe42f91ed498fe8fc1e1b4fe85acd7e2f812cea45276a9473fe

Sharing

Copy URL Twitter E-mail

General

Target

0babc3000c3cbbe42f91ed498fe8fc1e1b4fe85acd7e2f812cea45276a9473fe
Size

424KB
MD5

c05eff83cf1cc6ed99f01c6a73b85fe0
SHA1

a5bb67e663f6583dc5122cd8413b1c3852ca8436
SHA256

0babc3000c3cbbe42f91ed498fe8fc1e1b4fe85acd7e2f812cea45276a9473fe
SHA512

e8ff317f776c69f78bbc0dad3e215fcef2c1de1a05bb8725cf3db952a681769a7e1b8e544bb1239e8872f7800ca1df5a91996e84592ac5c9621d57bb687724aa
SSDEEP

6144:wQCpJTtnVEeRX3294QHLHNcykjiyKE6OLld5:NCLEM32eQHLHNcdjdK5eld5

Score

N/A

Malware Config

Signatures

Files

0babc3000c3cbbe42f91ed498fe8fc1e1b4fe85acd7e2f812cea45276a9473fe
.dll windows x86

71afac5a1922666bc212c2057476a3ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
lstrcmpA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateSemaphoreA
GetModuleFileNameA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
CompareStringW
CompareStringA
FlushFileBuffers
GetLocaleInfoW
SetStdHandle
LCMapStringW
LCMapStringA
GetOEMCP
HeapAlloc
MoveFileA
GetStringTypeA
SetConsoleCtrlHandler
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
UnhandledExceptionFilter
GetCurrentProcess
HeapCreate
HeapDestroy
GetEnvironmentVariableA
HeapReAlloc
SetUnhandledExceptionFilter
FatalAppExitA
ExitProcess
GetModuleHandleA
GetStdHandle
DebugBreak
GetCurrentThread
SetLastError
TlsFree
TlsAlloc
OpenEventA
HeapFree
DeviceIoControl
WinExec
GetSystemDirectoryA
MoveFileExA
ReleaseSemaphore
GetACP
TerminateThread
WriteFile
SetFilePointer
ReadFile
CreateFileA
Sleep
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrcatA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetCurrentThreadId
OutputDebugStringA
lstrcpyA
GetTickCount
GetVersionExA
CancelIo
SetEvent
ResetEvent
CloseHandle
CreateEventA
lstrlenA
VirtualAlloc
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
GetVersion
GetCommandLineA
InterlockedExchange
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetSystemTime
GetTimeZoneInformation
ExitThread
TlsGetValue
TlsSetValue
CreateThread
HeapValidate
IsBadReadPtr
IsBadWritePtr
RaiseException
RtlUnwind
SetEnvironmentVariableA

user32

CharNextA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
LoadCursorA
DestroyCursor
BlockInput
SendMessageA
SystemParametersInfoA
keybd_event
MapVirtualKeyA
mouse_event
wvsprintfA
WindowFromPoint
SetCursorPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorPos
wsprintfA
SetCapture
PostMessageA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
GetUserObjectSecurity
SetUserObjectSecurity
CharLowerA
OpenDesktopA
CloseWindowStation
CloseDesktop
GetCursorInfo

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
LookupAccountSidA
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AddAce
GetTokenInformation
CopySid
LogonUserA
ImpersonateLoggedOnUser
CreateProcessAsUserA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
RegSetKeySecurity
FreeSid
RegisterServiceCtrlHandlerA
SetServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameA
IsValidSid
DeleteService
OpenServiceA
ControlService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegQueryValueA
RegOpenKeyA
RegCloseKey

shell32

SHGetFileInfoA

avicap32

capGetDriverDescriptionA

ws2_32

setsockopt
connect
htons
WSAIoctl
socket
getsockname
ntohs
WSACleanup
WSAStartup
gethostname
send
select
__WSAFDIsSet
recv
gethostbyname
closesocket

userenv

DestroyEnvironmentBlock
GetUserProfileDirectoryW
CreateEnvironmentBlock

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Exports

Exports

ServiceMain

Sections

.text
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71afac5a1922666bc212c2057476a3ec

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

avicap32

ws2_32

userenv

wininet

wtsapi32

Exports

Exports

Sections

.text Size: 362KB - Virtual size: 362KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 21KB - Virtual size: 30KB

.idata Size: 8KB - Virtual size: 8KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 362KB - Virtual size: 362KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 21KB - Virtual size: 30KB

.idata
Size: 8KB - Virtual size: 8KB

.reloc
Size: 11KB - Virtual size: 11KB