8f4eec861445a24f46ec94abb0f88a50b3cb19e9c4e7bd01f94c3d5c6510ad51

Sharing

Copy URL Twitter E-mail

General

Target

8f4eec861445a24f46ec94abb0f88a50b3cb19e9c4e7bd01f94c3d5c6510ad51
Size

152KB
MD5

0f1b456d08ae2a9cbe10c906e9848fea
SHA1

bfd86a8c31468e15ca1e86fc985ffb16bd546030
SHA256

8f4eec861445a24f46ec94abb0f88a50b3cb19e9c4e7bd01f94c3d5c6510ad51
SHA512

add69b0a373bec26b7b46eab3a0c72d75c717ee1555a2d2c5ad513551893c67d1f9365c5d1f32ca1ed7d865708324d8cdc56a4858762517f3eb361b346307680
SSDEEP

3072:+gayzSPMT07WAYmzzGL+VGZnDKmyDrNq0ZddpGHkTrI0xhY8OZm721HYvjSj:+gEMTxA/zVGxd+ddpGHes0dKt

Score

N/A

Malware Config

Signatures

Files

8f4eec861445a24f46ec94abb0f88a50b3cb19e9c4e7bd01f94c3d5c6510ad51
.dll windows x86

ff41fbea6f68f710bab9472b2ffbf91c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GetModuleHandleA
CreateMutexW
ExitProcess
HeapFree
CreateDirectoryA
LoadLibraryA
LocalFree
CloseHandle
Sleep
SetLastError
GetCurrentProcess
LeaveCriticalSection
GlobalAlloc
OpenEventA
CreateFileA
TerminateProcess
WaitForSingleObject
InterlockedDecrement
GetLastError
GetComputerNameA
EnterCriticalSection
CreateFileMappingA
CopyFileA
OpenFileMappingA
InterlockedIncrement
ReadProcessMemory
WriteFile
CreateProcessA
UnmapViewOfFile
GetProcessHeap
HeapAlloc
GetVolumeInformationA
GetCommandLineA
InterlockedCompareExchange
GetProcAddress
WriteProcessMemory
GetTickCount
CreateEventA
MapViewOfFile
GetModuleFileNameA

ole32

CoTaskMemAlloc
CoSetProxyBlanket
OleCreate
CoInitialize
OleSetContainedObject
CoUninitialize
CoCreateGuid
CoCreateInstance

user32

GetWindowThreadProcessId
ScreenToClient
GetClassNameA
KillTimer
RegisterWindowMessageA
SetWindowLongA
SendMessageA
GetWindow
DispatchMessageA
CreateWindowExA
SetTimer
GetMessageA
DestroyWindow
GetCursorPos
TranslateMessage
SetWindowsHookExA
ClientToScreen
PeekMessageA
PostQuitMessage
DefWindowProcA
FindWindowA
GetWindowLongA
UnhookWindowsHookEx
GetParent
GetSystemMetrics

oleaut32

SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegSetValueExA
RegDeleteValueA
SetTokenInformation
RegCloseKey
RegCreateKeyExA
GetUserNameA
RegDeleteKeyA
OpenProcessToken
RegQueryValueExA
DuplicateTokenEx
RegOpenKeyExA

shell32

SHGetFolderPathA

Exports

Exports

AppleWebsvc

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

atz
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff41fbea6f68f710bab9472b2ffbf91c

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 960B

atz Size: 4KB - Virtual size: 12B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 960B

atz
Size: 4KB - Virtual size: 12B

.reloc
Size: 8KB - Virtual size: 6KB