b57998f044543ed968cb4bc2dce7b9029515e7bf105fa8223732afb620eb8372

Sharing

Copy URL Twitter E-mail

General

Target

b57998f044543ed968cb4bc2dce7b9029515e7bf105fa8223732afb620eb8372
Size

70KB
MD5

7830ef3ae12d19199efecf2549914410
SHA1

de9bccc916e33d037f4b863dc45f389c933f4655
SHA256

b57998f044543ed968cb4bc2dce7b9029515e7bf105fa8223732afb620eb8372
SHA512

46f0d242bae593127a21b58bde5d7f33614c9c5c47305da7a94b814c137ab60baebbbc0f8cb87eed4799a8f636ad8eaa5cce71e139cac10f9063fa9a77671409
SSDEEP

1536:7jgrbbsjjCKU19K+XwZK5FdY38cD94fMP67oahYVjwm:oXbsjjCKUoK5FdY38k9iMP6kahYVjwm

Score

N/A

Malware Config

Signatures

Files

b57998f044543ed968cb4bc2dce7b9029515e7bf105fa8223732afb620eb8372
.dll windows x86

595181e6c31da7b37f4ac30d5e20f603

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
CreateProcessA
GetLocalTime
GetVersionExA
GetCurrentProcessId
HeapAlloc
GetProcessHeap
GetSystemInfo
TerminateThread
ExitProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GetStartupInfoA
LocalFree
ReadFile
LocalAlloc
GetSystemDirectoryA
HeapFree
lstrlenA
FindFirstFileA
GlobalMemoryStatus
GetComputerNameA
OpenEventA
SetErrorMode
CreateDirectoryA
GetCurrentProcess
DeleteFileA
GetWindowsDirectoryA
SetFileAttributesA
SetFilePointer
CopyFileA
ExpandEnvironmentStringsA
GetModuleFileNameA
CreateThread
CreateFileA
WriteFile
WinExec
GetCurrentThreadId
GetTickCount
CancelIo
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
Sleep
EnterCriticalSection
LeaveCriticalSection
VirtualFree
FreeLibrary
DeleteCriticalSection
LoadLibraryA
GetProcAddress
WaitForMultipleObjects

user32

GetMessageA
PostThreadMessageA
GetInputState
wsprintfA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA

advapi32

DeleteService
RegOpenKeyA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
StartServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSaveKeyA
RegRestoreKeyA
RegDeleteKeyA
SetServiceStatus

msvcrt

wcstombs
_strrev
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
free
calloc
srand
_access
_stricmp
??3@YAXPAX@Z
memcpy
memmove
putchar
ceil
_ftol
puts
strlen
strstr
__CxxFrameHandler
memset
??2@YAPAXI@Z
memcmp
_CxxThrowException
rand
sprintf
strcpy
strncpy
strcspn
strcat
atoi
strrchr
malloc
_beginthreadex

ws2_32

WSAIoctl
setsockopt
connect
htons
gethostbyname
WSACleanup
closesocket
ntohs
recv
select
send
inet_addr
inet_ntoa
sendto
htonl
WSASocketA
getsockname
WSAStartup
socket

urlmon

URLDownloadToFileA

iphlpapi

GetIfTable

Exports

Exports

EndWork
Runing
ServiceMain
Working

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

595181e6c31da7b37f4ac30d5e20f603

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

urlmon

iphlpapi

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 9KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 192B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 9KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 192B

.reloc
Size: 3KB - Virtual size: 2KB