18e7cd66423f5a90c79c5aa763fcd8ac480c6c7a56c4d4e6ec4b45f14ef605e6

Sharing

Copy URL Twitter E-mail

General

Target

18e7cd66423f5a90c79c5aa763fcd8ac480c6c7a56c4d4e6ec4b45f14ef605e6
Size

1.3MB
MD5

e31fc8ad394e4e58a885b195706dff9f
SHA1

c0a9f18961f3f9b3307f89c49d21972f983226f2
SHA256

18e7cd66423f5a90c79c5aa763fcd8ac480c6c7a56c4d4e6ec4b45f14ef605e6
SHA512

9abf3117ce054da2caab400d0161f408b394038290ecf74f7c5c63bd0716f5740ed127ed9a347988a9110ab2d0d259744b634071f3b9c2ea48c88e5b48d11f32
SSDEEP

24576:XVjH6YH+KlwbTTVUWrvYUfAjg3BI+BQyClev:FOYH+KlwDDMUfI+uvev

Score

N/A

Malware Config

Signatures

Files

18e7cd66423f5a90c79c5aa763fcd8ac480c6c7a56c4d4e6ec4b45f14ef605e6
.dll windows x86

8c615e1c408b1de82a16b0b5442842c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsWow64Process
GlobalAlloc
GlobalFree
FreeResource
WideCharToMultiByte
CreateFileW
GetFileSize
ReadFile
MulDiv
GetTickCount
LoadLibraryW
WriteFile
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetConsoleCP
SetStdHandle
ReadConsoleW
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetFileAttributesExW
GetCurrentProcessId
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
ReadProcessMemory
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
FindClose
TerminateProcess
GetCurrentProcess
FindNextFileW
FindFirstFileW
SetLastError
GetVersion
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
FreeLibrary
CreateProcessW
GetProcAddress
FindResourceW
LoadResource
FindResourceExW
GetNativeSystemInfo
CloseHandle
LockResource
OutputDebugStringW
Sleep
MultiByteToWideChar
HeapFree
LeaveCriticalSection
GetModuleFileNameW
InterlockedDecrement
EnterCriticalSection
SizeofResource
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
QueryPerformanceCounter
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
RtlUnwind

user32

BringWindowToTop
MoveWindow
GetForegroundWindow
AttachThreadInput
MapWindowPoints
GetMonitorInfoW
IsWindow
ShowWindow
UnregisterClassW
SendMessageW
SetActiveWindow
MonitorFromWindow
MessageBoxW
SetWindowPos
LoadIconW
GetWindowRect
GetWindow
CallWindowProcW
DefWindowProcW
GetWindowThreadProcessId
GetWindowLongW
wsprintfW
TranslateMessage
CharNextW
PeekMessageW
DispatchMessageW
PostMessageW
GetMessageW
GetClassInfoExW
LoadCursorW
SetTimer
RegisterClassExW
CreateWindowExW
SetWindowLongW
GetClientRect
GetDlgItem
PostQuitMessage
GetParent
SetForegroundWindow
GetWindowTextLengthW
SetWindowTextW
UpdateLayeredWindow
UpdateWindow
KillTimer
DestroyWindow
ReleaseDC
GetDC
DrawTextW
FillRect
IntersectRect
GetDoubleClickTime
ScreenToClient
SetCursor
SetLayeredWindowAttributes
OffsetRect
IsZoomed
GetWindowTextW
EnableWindow
SetWindowRgn
ClientToScreen
MonitorFromRect
ReleaseCapture
SetCapture
SetFocus
GetCursorPos
TrackMouseEvent
PtInRect
InvalidateRect
EqualRect
IsIconic
EndPaint
BeginPaint
SystemParametersInfoW
DrawIconEx
CopyRect
GetIconInfo
IsRectEmpty
SetRectEmpty
LoadImageW
IsWindowVisible
EnumWindows

gdi32

GetCurrentObject
GetTextColor
Rectangle
CreatePen
RestoreDC
ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
SetBkColor
CreateFontIndirectW
GetStockObject
SetTextColor
SetBkMode
CreateSolidBrush
CreateRectRgn
CombineRgn
CreateRoundRectRgn
SetBitmapBits
GetBitmapBits
StretchBlt
SetStretchBltMode
DeleteDC
BitBlt
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
CreateDIBSection
DeleteObject
SetTextCharacterExtra

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoInitialize

oleaut32

VarBstrCmp
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysFreeString
VarUI4FromStr
SysStringLen

shlwapi

PathIsDirectoryW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathCombineW

comctl32

ord17
InitCommonControlsEx

msimg32

AlphaBlend

psapi

GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW

gdiplus

GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetInterpolationMode
GdiplusStartup
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI

Exports

Exports

ISTGetInstallPath
ISTGetInstallPathEx
ISTInstallInit
ISTProcessExisted
ISTSetCustomData
ISTSetFileName
ISTSetInstallDir
ISTSetProcessCheck
ISTSetProgress
ISTSetStatus
ISTShowMessage
ISTShowShell
ISTWaitCompleted
ISTWaitUserAction

Sections

.text
Size: 605KB - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c615e1c408b1de82a16b0b5442842c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

psapi

gdiplus

Exports

Exports

Sections

.text Size: 605KB - Virtual size: 604KB

.rdata Size: 184KB - Virtual size: 183KB

.data Size: 14KB - Virtual size: 20KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 474KB - Virtual size: 473KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 605KB - Virtual size: 604KB

.rdata
Size: 184KB - Virtual size: 183KB

.data
Size: 14KB - Virtual size: 20KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 474KB - Virtual size: 473KB

.reloc
Size: 32KB - Virtual size: 31KB