86168a7aaa71ca401626ef51eb6c7c03c5dd74384c2d5f22362a98d2950943cd

Sharing

Copy URL

Twitter E-mail

General

Target

86168a7aaa71ca401626ef51eb6c7c03c5dd74384c2d5f22362a98d2950943cd
Size

516KB
MD5

2e46ee82b9efbd623908673895751950
SHA1

7ea2dc5209eaa61f38a9bc45b1b40eb0e881d2ff
SHA256

86168a7aaa71ca401626ef51eb6c7c03c5dd74384c2d5f22362a98d2950943cd
SHA512

914037f51d419ac01300174d2b3c3ba4a6c18e1f1a471604c3abc54980c2b9e48c2cead085cf99c474ac1cbe076e9c1112ddb0013c057074892995a2c87170e5
SSDEEP

6144:LqM8vZdGwVKfxmQcP4nUWk4cS7drjJfgy/s2tbW+o:mMLMQcP4UWk4cS7hjiy/sV+o

Score

N/A

Malware Config

Signatures

Files

86168a7aaa71ca401626ef51eb6c7c03c5dd74384c2d5f22362a98d2950943cd
.dll windows x86

d2e88a7de2fd6e016805e844c5a25959

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
OutputDebugStringA
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
GlobalUnlock
GlobalLock
GlobalSize
GlobalFree
GlobalAlloc
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
CompareStringW
CompareStringA
FlushFileBuffers
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
UnmapViewOfFile
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
IsBadCodePtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
SetHandleCount
UnhandledExceptionFilter
HeapCreate
HeapDestroy
GetEnvironmentVariableA
HeapReAlloc
SetConsoleCtrlHandler
GetModuleHandleA
GetCurrentThread
TlsFree
TlsAlloc
FatalAppExitA
ExitProcess
GetVersion
GetCommandLineA
ExitThread
TlsGetValue
TlsSetValue
HeapValidate
IsBadReadPtr
IsBadWritePtr
RaiseException
GetStdHandle
DebugBreak
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetProcessHeap
HeapAlloc
HeapFree
CreateFileMappingA
MapViewOfFile
GetLocalTime
GetTickCount
MoveFileExA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
GetSystemDirectoryA
SetLastError
GetModuleFileNameA
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
CreateEventA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
CancelIo
Sleep
lstrcpyA
ResetEvent
LocalAlloc
LocalSize
LocalReAlloc
WideCharToMultiByte
InterlockedExchange
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
EnumSystemLocalesA
SetEnvironmentVariableA

user32

IsWindow
ReleaseDC
GetDC
wsprintfA
CharNextA
GetWindowTextA
GetActiveWindow
GetKeyNameTextA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
LoadCursorA
DestroyCursor
BlockInput
SendMessageA
SystemParametersInfoA
GetSystemMetrics
CloseClipboard
GetClipboardData
OpenClipboard
DispatchMessageA
TranslateMessage
GetMessageA
keybd_event
MapVirtualKeyA
mouse_event
SetCapture
WindowFromPoint
SetCursorPos
SetClipboardData
EmptyClipboard
SetRect
GetDesktopWindow
GetCursorPos
GetCursorInfo
CreateWindowExA
ExitWindowsEx
EnumWindows
IsWindowVisible
PostMessageA
ShowWindow
CloseDesktop
GetClientRect
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop

gdi32

CreateDIBSection
DeleteObject
BitBlt
GetDIBits
CreateCompatibleDC
DeleteDC
SelectObject
CreateCompatibleBitmap

advapi32

QueryServiceStatus
IsValidSid
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
GetTokenInformation
LookupAccountSidA
StartServiceA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
EnumServicesStatusA
QueryServiceConfigA
RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegSetKeySecurity
RegDeleteKeyA
RegisterServiceCtrlHandlerA
SetServiceStatus
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyA
RegQueryValueExA
SetEntriesInAclA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegCreateKeyA
RegSetValueExA
OpenSCManagerA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

shlwapi

PathStripPathA
SHDeleteKeyA

winmm

waveOutReset
waveInClose
waveOutUnprepareHeader
waveInReset
waveInStop
waveOutClose
waveInGetNumDevs
waveInOpen
waveInUnprepareHeader
waveInPrepareHeader
waveOutWrite
waveInStart
waveInAddBuffer
waveOutOpen
waveOutPrepareHeader
waveOutGetNumDevs

ws2_32

select
closesocket
recv
ntohs
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup
send
gethostname
getsockname

imm32

ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext

msvfw32

ICSeqCompressFrameStart
ICSeqCompressFrame
ICInfo
ICOpen
ICGetInfo
ICSendMessage
ICSeqCompressFrameEnd
ICCompressorFree
ICClose

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Exports

Exports

FirstRun
MainRun
ServiceMain
TestRun

Sections

.text
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2e88a7de2fd6e016805e844c5a25959

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

shlwapi

winmm

ws2_32

imm32

msvfw32

avicap32

psapi

wtsapi32

Exports

Exports

Sections

.text Size: 416KB - Virtual size: 414KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 28KB - Virtual size: 36KB

.idata Size: 12KB - Virtual size: 11KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 416KB - Virtual size: 414KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 28KB - Virtual size: 36KB

.idata
Size: 12KB - Virtual size: 11KB

.reloc
Size: 16KB - Virtual size: 12KB