db14093b92f5c0a6c2273b67f308665fb6915433cc7ebeaf3ee9a34f25cd5176

Sharing

Copy URL Twitter E-mail

General

Target

db14093b92f5c0a6c2273b67f308665fb6915433cc7ebeaf3ee9a34f25cd5176
Size

23KB
MD5

9525961ffcfaffa41786eee389ad708c
SHA1

cc5f3cf9155f7c74486102898c7cc8652836935e
SHA256

db14093b92f5c0a6c2273b67f308665fb6915433cc7ebeaf3ee9a34f25cd5176
SHA512

46facaa075233bf6a55416d8c558adaa58a33cf1d3512aedf59d4b6ac256739f33f23b058827e36916560b0609551900d8ea0c3b329c743d172594c571582449
SSDEEP

384:VLniC5ko5dEAI6cfn8MUKXmTMHxZKM2e8IlPAAnykI2/uY6gcUIuPuLUBVoWvwWk:NT55RI6c/83TUOJkI2mYXIuPuQzZE

Score

N/A

Malware Config

Signatures

Files

db14093b92f5c0a6c2273b67f308665fb6915433cc7ebeaf3ee9a34f25cd5176
.dll windows x86

c2b58174b8f7f6bd88d466084320f735

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetModuleHandleA
ExitThread
DeleteFileA
GlobalFree
GetTempPathA
CreateDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
DeviceIoControl
Process32Next
ExpandEnvironmentStringsA
CreateToolhelp32Snapshot
GetSystemDirectoryA
GetCurrentProcessId
CreateEventA
lstrcmpiW
DuplicateHandle
OpenProcess
LoadLibraryExA
GlobalMemoryStatusEx
GetVersionExA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
CreateNamedPipeA
Sleep
ConnectNamedPipe
GetLastError
ReadFile
LoadLibraryA
GetProcAddress
InterlockedExchange
GetModuleFileNameA
CreateFileA
GetFileSize
CloseHandle
GetTickCount
MoveFileA
MoveFileExA
CopyFileA
SetFilePointer
GlobalAlloc
WriteFile
CreateThread
Process32First
lstrcmpiA

user32

wsprintfW
wsprintfA

advapi32

CreateProcessAsUserA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegisterServiceCtrlHandlerW
SetServiceStatus
CreateServiceA
RegCreateKeyExA
RegSetValueExA
StartServiceA
QueryServiceStatus
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle
SetTokenInformation
DuplicateTokenEx
OpenProcessToken

ws2_32

closesocket
gethostbyname
inet_addr
WSAStartup
setsockopt
getsockopt
connect
htons
socket
send
gethostname
recv

Exports

Exports

ServiceMain
wcslen

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

...
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2b58174b8f7f6bd88d466084320f735

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1KB

... Size: 512B - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1KB

...
Size: 512B - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB