d47a05816299f793bd40a7231e2838bb1d33c9ae9399dc7e2b3236c67c6bf4f6

Sharing

Copy URL

Twitter E-mail

General

Target

d47a05816299f793bd40a7231e2838bb1d33c9ae9399dc7e2b3236c67c6bf4f6
Size

148KB
MD5

dfe6080ba10f2fc6301f3e3b79931b5c
SHA1

e42962065779c54b091301a9c4bbb463fc661b27
SHA256

d47a05816299f793bd40a7231e2838bb1d33c9ae9399dc7e2b3236c67c6bf4f6
SHA512

0550797b02c7551e551492fc1e5b2a082c5c8189e579c0b1d8ba8a600f17cca0375351a4975d07dc0936a8107f3d4ae67601152448a74bac61649328b606715e
SSDEEP

3072:ZYTeSRp6UGcVBuhFf8mD7sOicc9Yd8GBPgsKgWDc:ZwpGcVBc59MOv4YLnWDc

Score

N/A

Malware Config

Signatures

Files

d47a05816299f793bd40a7231e2838bb1d33c9ae9399dc7e2b3236c67c6bf4f6
.dll windows x86

9f23ae43ad771cbf48fb30612616069c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateIoCompletionPort
ResetEvent
Sleep
WaitForSingleObject
GetFileAttributesA
GetSystemDirectoryA
WinExec
TerminateThread
GetLocalTime
GetCurrentThreadId
CreateProcessA
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetLastError
DeviceIoControl
GlobalFree
LoadLibraryExA
GlobalAlloc
GetModuleHandleA
lstrcpynA
GetModuleFileNameA
ExitProcess
GetExitCodeThread
GetTickCount
SetErrorMode
FreeConsole
SetUnhandledExceptionFilter
LocalSize
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
CreateThread
LCMapStringA
SetConsoleCtrlHandler
GetOEMCP
GetACP
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
GetCurrentThread
TlsGetValue
SetLastError
TlsFree
TlsAlloc
GetQueuedCompletionStatus
SetEvent
CreateEventA
MoveFileA
WriteFile
SetFilePointer
InitializeCriticalSection
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
DeleteFileA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
GetVersionExA
OpenProcess
CloseHandle
lstrcpyA
CreateToolhelp32Snapshot
TlsSetValue
IsBadWritePtr
FatalAppExitA
HeapCreate
HeapDestroy
RaiseException
HeapFree
GetVersion
GetCommandLineA
Process32First
Process32Next
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
HeapAlloc
RtlUnwind
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
LCMapStringW
SetEnvironmentVariableA

user32

keybd_event
mouse_event
CloseDesktop
CloseWindowStation
PostMessageA
SetThreadDesktop
OpenDesktopA
GetActiveWindow
SetCursorPos
wsprintfA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
ReleaseDC
GetDC
GetSystemMetrics
GetDesktopWindow
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
GetFocus
GetWindowTextA
GetKeyNameTextA
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
CreateWindowExA
SendMessageA
IsWindow
CloseWindow
OpenInputDesktop
GetUserObjectInformationA

gdi32

CreateHalftonePalette
GetPaletteEntries
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
DeleteObject

advapi32

OpenEventLogA
GetTokenInformation
OpenProcessToken
IsValidSid
LookupAccountNameA
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
SetServiceStatus
RegisterServiceCtrlHandlerExA
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegQueryValueExA
LsaFreeMemory
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LookupAccountSidA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

shlwapi

PathFileExistsA
StrRChrA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

dbghelp

MakeSureDirectoryPathExists

ws2_32

closesocket
WSAGetLastError
connect
WSARecv
gethostbyname
ntohs
getpeername
WSAStartup
gethostname
getsockname
htons
socket
send
inet_ntoa

imm32

ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

urlmon

URLDownloadToFileA

avicap32

capCreateCaptureWindowA

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

ServiceMain

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f23ae43ad771cbf48fb30612616069c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

wtsapi32

dbghelp

ws2_32

imm32

wininet

urlmon

avicap32

psapi

Exports

Exports

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 16KB - Virtual size: 21KB

.shared Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 16KB - Virtual size: 21KB

.shared
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB