f91e24e80e1ed819f536b6deabe528a59bca51046c3a597e984e720da9ddb0bb

Sharing

Copy URL

Twitter E-mail

General

Target

f91e24e80e1ed819f536b6deabe528a59bca51046c3a597e984e720da9ddb0bb
Size

132KB
MD5

e87d0cbcd110fafc18daa420bbc10c12
SHA1

7b90c287c62054ccc6fe70fa28c728c8554174f5
SHA256

f91e24e80e1ed819f536b6deabe528a59bca51046c3a597e984e720da9ddb0bb
SHA512

2275d03a7dd63ad26a729ac16f5ebb54eb9f4ede5facca3424d696d66918fc1d824a678b3a0a13de7309d1d2e2509f00c1d083ff5ed8a6ceddabacbe0a907115
SSDEEP

3072:R3XuvjQ907cV5ry/NoQfTdX3wV1YydWSvClE8S:R3w7I5GuQbdQV1Y/mb8

Score

N/A

Malware Config

Signatures

Files

f91e24e80e1ed819f536b6deabe528a59bca51046c3a597e984e720da9ddb0bb
.dll windows x86

f8ff95370cabcb57ede306bed7344adc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
FindClose
FindNextFileW
FindFirstFileW
GetLastError
WideCharToMultiByte
VirtualFreeEx
ReadProcessMemory
CreateRemoteThread
FreeLibrary
LoadLibraryW
GetModuleFileNameW
CopyFileW
GetCurrentThreadId
WriteFile
PeekNamedPipe
CreateProcessW
GetSystemDirectoryW
GetStartupInfoW
CreatePipe
GlobalMemoryStatus
GetCurrentProcess
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
lstrlenA
GetComputerNameW
GetVersionExA
GetOEMCP
GetStringTypeW
GetStringTypeA
CreateFileA
lstrcpyW
SetStdHandle
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDiskFreeSpaceExW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
HeapSize
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
HeapCreate
HeapDestroy
VirtualQuery
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapReAlloc
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
CreateDirectoryW
MoveFileA
CreateProcessA
ReadFile
CreateFileW
GetFileSize
InterlockedExchange
GetTickCount
GetModuleHandleA
OpenProcess
VirtualAllocEx
VirtualFree
CloseHandle
WriteProcessMemory
GetModuleHandleW
GetProcAddress
WaitForSingleObject
GetExitCodeThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetWindowsDirectoryW
lstrlenW
lstrcatW
GetTempPathW
Sleep
GetEnvironmentStrings
CreateThread
GetLocaleInfoA
GetACP
GetCPInfo
SetEndOfFile

user32

GetDlgItem
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
mouse_event
SetCursorPos
wsprintfW
MessageBoxA
GetDesktopWindow
IsWindow
SendMessageW
CreateWindowExW
RegisterClassW
LoadCursorW
GetSystemMetrics
CloseWindowStation
OpenInputDesktop
GetUserObjectInformationW
wsprintfA
keybd_event
LoadIconW
GetAsyncKeyState
GetKeyState
GetForegroundWindow
GetWindowThreadProcessId
CloseDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
SetThreadDesktop
PostMessageW
RegisterWindowMessageW
SendMessageTimeoutW
GetClassNameW
GetCursor
IsRectEmpty
GetDC
ReleaseDC
GetWindowTextA
EnumChildWindows
GetWindowLongW

advapi32

SetServiceStatus
StartServiceCtrlDispatcherW
RegCloseKey
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegisterServiceCtrlHandlerW

ole32

CoInitialize

shell32

ShellExecuteA
ShellExecuteW
SHFileOperationW

oleaut32

SysFreeString
VariantInit
VariantClear

urlmon

URLDownloadToFileW

ws2_32

ntohl
ntohs
inet_addr
gethostbyname
inet_ntoa
socket
connect
htons
htonl
WSAStartup
closesocket
recv
send
getpeername
select

avicap32

capGetDriverDescriptionW
capCreateCaptureWindowW

gdi32

GetStockObject
GetDIBits
RealizePalette
SelectPalette
GetObjectW
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject

psapi

GetModuleFileNameExW
EnumProcessModules

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile

Exports

Exports

DllCreatePinboardInstance
DownCtrlAltDel
GetDllModuleControl
StartServer
StartServerEx
__NewGetCapPictureEx
__NewGetCapPictureModule
__NewVipShellConfig

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VipShell
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8ff95370cabcb57ede306bed7344adc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

urlmon

ws2_32

avicap32

gdi32

psapi

wininet

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 10KB

VipShell Size: 4KB - Virtual size: 1B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 10KB

VipShell
Size: 4KB - Virtual size: 1B

.reloc
Size: 8KB - Virtual size: 7KB