9e3f657ea745f382fe2d51ff45dae93ea9cc7e55b6ca989112539f4c0453187f

Sharing

Copy URL Twitter E-mail

General

Target

9e3f657ea745f382fe2d51ff45dae93ea9cc7e55b6ca989112539f4c0453187f
Size

152KB
MD5

5214a05d99dc73ba1b0c81f95c574fc5
SHA1

513d9ca829a07dc82c88cee3f92d29061ceaec93
SHA256

9e3f657ea745f382fe2d51ff45dae93ea9cc7e55b6ca989112539f4c0453187f
SHA512

cd3732f490d2b818c56571215977fee0180ba35a0d3021f11230b2fd82a7b1c0c6283dcf1d954949f626494fc00d37870251985fe959e05ffb93b958a21f604c
SSDEEP

3072:wHwgh22AXgCT4YMgEHzYixV0HsaTssfapQyPk:kG4PeH3o+yPk

Score

N/A

Malware Config

Signatures

Files

9e3f657ea745f382fe2d51ff45dae93ea9cc7e55b6ca989112539f4c0453187f
.dll windows x86

dbeddf1fe0587db4afad39b5b3b079ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
HeapFree
LoadLibraryA
CreateMutexW
GetProcessHeap
InterlockedIncrement
OpenEventA
EnterCriticalSection
CreateFileA
GetVolumeInformationA
GetComputerNameA
GlobalAlloc
WaitForSingleObject
GetModuleFileNameA
WriteFile
CreateEventA
MapViewOfFile
SetLastError
WriteProcessMemory
ExitProcess
CreateFileMappingA
GetCommandLineA
HeapAlloc
CreateDirectoryA
InterlockedCompareExchange
Sleep
GetCurrentProcess
GetLastError
LocalFree
GetModuleHandleA
CreateProcessA
ReadProcessMemory
GetTickCount
UnmapViewOfFile
GetProcAddress
CopyFileA
InterlockedDecrement
OpenFileMappingA
LeaveCriticalSection
CloseHandle
GlobalFree

ole32

CoTaskMemAlloc
CoInitialize
OleSetContainedObject
CoSetProxyBlanket
OleCreate
CoCreateGuid
CoUninitialize
CoCreateInstance

user32

GetParent
ScreenToClient
SetTimer
SendMessageA
KillTimer
GetWindowLongA
RegisterWindowMessageA
SetWindowLongA
GetCursorPos
UnhookWindowsHookEx
GetClassNameA
DestroyWindow
PostQuitMessage
ClientToScreen
GetWindow
GetMessageA
DispatchMessageA
DefWindowProcA
TranslateMessage
GetWindowThreadProcessId
GetSystemMetrics
PeekMessageA
SetWindowsHookExA
CreateWindowExA
FindWindowA

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen

shlwapi

UrlUnescapeW
StrStrIW

advapi32

DuplicateTokenEx
RegQueryValueExA
GetUserNameA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
OpenProcessToken
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
SetTokenInformation

shell32

SHGetFolderPathA

Exports

Exports

appWISched

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ctj
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbeddf1fe0587db4afad39b5b3b079ca

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 968B

ctj Size: 4KB - Virtual size: 12B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 968B

ctj
Size: 4KB - Virtual size: 12B

.reloc
Size: 8KB - Virtual size: 6KB