b65ba35ee202189d62d05614fccae6234fcb3c50e48b899cb36f42f25d49925a

Sharing

Copy URL Twitter E-mail

General

Target

b65ba35ee202189d62d05614fccae6234fcb3c50e48b899cb36f42f25d49925a
Size

148KB
MD5

5806ca3f5c2e9e8c6a2a7358f8f013ca
SHA1

7597f0f120852c3de1ca58d79e43177ce0f57e4e
SHA256

b65ba35ee202189d62d05614fccae6234fcb3c50e48b899cb36f42f25d49925a
SHA512

92d721cc36b8eafdbd792c350d10afd070ab0930076f92dda4efe5991dfbeefa835c22fc99c4cc0a08045342751062f737910a60139b47ea7a79a50370b6eacd
SSDEEP

3072:ZFpOkRCOi7v9Hep720C5frFlPgi5kwI+DjhzJUEp3:nIkMLFcvC5EiSwnD5mEp3

Score

N/A

Malware Config

Signatures

Files

b65ba35ee202189d62d05614fccae6234fcb3c50e48b899cb36f42f25d49925a
.dll windows x86

d5ed7fab967534d50020c0c2b79c52d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
InterlockedIncrement
GetProcAddress
GlobalAlloc
ReadProcessMemory
HeapFree
WaitForSingleObject
CreateDirectoryA
GetModuleHandleA
LeaveCriticalSection
GetProcessHeap
CreateMutexW
OpenEventA
CreateProcessA
WriteProcessMemory
GlobalFree
CreateFileA
CloseHandle
CreateEventA
CreateFileMappingA
InterlockedDecrement
TerminateProcess
GetModuleFileNameA
GetCurrentProcess
UnmapViewOfFile
Sleep
OpenFileMappingA
GetCommandLineA
GetComputerNameA
GetLastError
SetLastError
GetTickCount
LoadLibraryA
InterlockedCompareExchange
CopyFileA
GetVolumeInformationA
WriteFile
ExitProcess
EnterCriticalSection
LocalFree
MapViewOfFile

ole32

OleCreate
CoCreateGuid
OleSetContainedObject
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitialize

user32

SendMessageA
CreateWindowExA
GetSystemMetrics
GetMessageA
SetTimer
RegisterWindowMessageA
PostQuitMessage
FindWindowA
DestroyWindow
GetWindowThreadProcessId
GetWindowLongA
ScreenToClient
DefWindowProcA
GetWindow
TranslateMessage
GetCursorPos
DispatchMessageA
PeekMessageA
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
GetParent
GetClassNameA
SetWindowLongA
ClientToScreen

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueExA
SetTokenInformation
RegDeleteValueA
RegSetValueExA
GetUserNameA
OpenProcessToken
DuplicateTokenEx
RegOpenKeyExA
RegDeleteKeyA

shell32

SHGetFolderPathA

Exports

Exports

NativeMainclass

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xitgnly
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5ed7fab967534d50020c0c2b79c52d5

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 964B

xitgnly Size: 4KB - Virtual size: 4B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 964B

xitgnly
Size: 4KB - Virtual size: 4B

.reloc
Size: 8KB - Virtual size: 6KB