92afe2d11d46a96f1b5ef32abacb47f1d420cc625405633ec6b257ae77cc62f6

General

Target

92afe2d11d46a96f1b5ef32abacb47f1d420cc625405633ec6b257ae77cc62f6
Size

292KB
MD5

534515b792dde019f6b87fabf9f02f45
SHA1

0d9552d4a1c45cef5340b99990eff763bf060b2d
SHA256

92afe2d11d46a96f1b5ef32abacb47f1d420cc625405633ec6b257ae77cc62f6
SHA512

5759d858d840427dc708f23b53621e32409aff03b871affd3c1e828270b2641c87fca3e741b3f45a21c5fc5266b213af02beb634f5ac69765fbc858aeb778877
SSDEEP

6144:fFahDIwmCI7LS1Pe1LzCsCkN/m8M3JS/HAuRsJGqZvbn/RUvHBuU:fFah8SZe5ztxNO9JsAuRsJGqFb/qH

Score

N/A

Malware Config

Signatures

Files

92afe2d11d46a96f1b5ef32abacb47f1d420cc625405633ec6b257ae77cc62f6
.dll windows x86

b41b146b582e109775b4a6b488373d3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAdjustPrivilege
strncpy
_snprintf
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
RtlImageNtHeader
sprintf
memcpy
memset

shlwapi

PathFindFileNameA
SHSetValueA
SHDeleteValueA
SHDeleteKeyA
PathRemoveFileSpecA
SHGetValueA

wininet

InternetConnectA
InternetOpenA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
InternetCrackUrlA
InternetCloseHandle
HttpSendRequestA

kernel32

OpenProcess
Sleep
lstrcmpiA
MultiByteToWideChar
WriteFile
Process32First
VirtualQuery
GetVersionExA
MoveFileExA
SetFilePointer
CreateToolhelp32Snapshot
Process32Next
VirtualProtect
GetExitCodeThread
LoadLibraryA
EnterCriticalSection
GetLastError
ExitThread
LeaveCriticalSection
TerminateThread
WideCharToMultiByte
WaitForSingleObject
GetFileTime
VirtualFree
VirtualAlloc
GetCurrentProcessId
CloseHandle
ExitProcess
OpenFileMappingA
CreateThread
MapViewOfFile
lstrcpyA
UnmapViewOfFile
SetEvent
OpenEventA
GetModuleFileNameA
GetTempPathA
GetSystemTime
DeleteFileA
FindNextFileA
TerminateProcess
FileTimeToSystemTime
FindFirstFileA
RemoveDirectoryA
FindClose
CreateFileA

user32

SystemParametersInfoA

shell32

SHGetFolderPathA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b41b146b582e109775b4a6b488373d3e

Headers

File Characteristics

Imports

ntdll

shlwapi

wininet

kernel32

user32

shell32

ole32

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 272KB - Virtual size: 269KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 272KB - Virtual size: 269KB

.reloc
Size: 4KB - Virtual size: 1KB