e7af03ee10bf2733a95a3fe48c402679b35b0253ee7e02223f8f2e0c2e39291e

Sharing

Copy URL Twitter E-mail

General

Target

e7af03ee10bf2733a95a3fe48c402679b35b0253ee7e02223f8f2e0c2e39291e
Size

88KB
MD5

9e65a1bcbab9fd964590561e694969b0
SHA1

6c67a61d5dd29ba047d81f356b9b178d2b2c0d98
SHA256

e7af03ee10bf2733a95a3fe48c402679b35b0253ee7e02223f8f2e0c2e39291e
SHA512

25f00349c7014cd6700c84610ae91f70d9917a8c554dc64afff0c767814f777042ffd6d98df830eb323044e9466c08976f6caa5a4a408b15401c0568bb29e88c
SSDEEP

1536:RCcOl3QSM2t656+DdnB6TemiD8fP0crs3:slASfAAwfJOP0cr+

Score

N/A

Malware Config

Signatures

Files

e7af03ee10bf2733a95a3fe48c402679b35b0253ee7e02223f8f2e0c2e39291e
.dll windows x86

da2b70b1b221a1a24974ad450d76c4c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
HeapFree
GetProcessHeap
SetEvent
HeapAlloc
CreateEventA
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFileAttributesA
DeviceIoControl
lstrcpyA
CreateFileA
GlobalFree
GlobalAlloc
ExitProcess
GetCurrentProcessId
MoveFileA
GetTempFileNameA
GetTempPathA
GetComputerNameA
lstrlenA
WideCharToMultiByte
OpenThread
GetExitCodeThread
VirtualAllocEx
Thread32Next
TerminateThread
Thread32First
CreateToolhelp32Snapshot
TerminateProcess
WriteFile
ReadFile
CreatePipe
GlobalMemoryStatus
GetSystemDefaultLangID
lstrcmpiA
RtlUnwind
LCMapStringW
LCMapStringA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
GetFileSize
WriteProcessMemory
CreateRemoteThread
ReadProcessMemory
VirtualFreeEx
FreeLibrary
LoadLibraryA
MultiByteToWideChar
CreateMutexA
GetWindowsDirectoryA
lstrcatA
GetSystemDirectoryA
CreateThread
GetModuleFileNameA
ExitThread
CreateProcessA
OpenProcess
WaitForSingleObject
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WinExec
RemoveDirectoryW
GetProcAddress
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
CreateDirectoryW
DeleteFileW
MoveFileW
GetLogicalDriveStringsA
GetDriveTypeA
GetTickCount
Sleep
SetFileAttributesW
GetCurrentThreadId
GetVersionExA
GetCurrentProcess
GetLastError
GetModuleHandleA
GetCurrentThread

user32

GetDC
keybd_event
ExitWindowsEx
CloseDesktop
CloseWindowStation
SetThreadDesktop
OpenDesktopA
GetSystemMetrics
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
wsprintfA
mouse_event
SetCursorPos
GetUserObjectInformationA
OpenInputDesktop
PostMessageA
SetProcessWindowStation

advapi32

RegQueryValueExA
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
GetTokenInformation
LookupAccountSidA
QueryServiceConfigA
EnumServicesStatusA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegCreateKeyExA
LogonUserA
CreateProcessAsUserA
DeleteService
ChangeServiceConfigA
ChangeServiceConfig2A
ControlService
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyA
AdjustTokenPrivileges

msvcrt

_lseeki64
_filelengthi64
_wopen
sprintf
_findclose
strftime
localtime
_i64toa
_wfindnexti64
_wfindfirsti64
swprintf
wcscmp
wcslen
_atoi64
_wfindnext
wcscat
wcscpy
_wfindfirst
_write
atoi
strstr
strncpy
strncmp
free
malloc
sscanf
??2@YAPAXI@Z
__CxxFrameHandler
_vsnprintf
atol
_stricmp
realloc
__dllonexit
_onexit
_initterm
_adjust_fdiv
_read
_close
??3@YAXPAX@Z
_ftol
_eof

gdi32

DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
GetDIBits
GetObjectA
BitBlt
DeleteObject

ws2_32

recvfrom
htonl
setsockopt
shutdown
sendto
inet_addr
gethostbyname
WSAStartup
socket
ioctlsocket
htons
connect
select
send
recv
closesocket
bind

psapi

GetModuleFileNameExA
GetProcessMemoryInfo
GetMappedFileNameA

Exports

Exports

InitSQLConnect
SQLAlloc
SQLClose
SQLExecute
SQLFree
SQLQuery
Uninstall

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da2b70b1b221a1a24974ad450d76c4c3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

gdi32

ws2_32

psapi

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 8KB - Virtual size: 4KB