e992d81245ea5c498ec5c4db71866e93e06da94975e53e849f4deeb175e3ae58

Sharing

Copy URL Twitter E-mail

General

Target

e992d81245ea5c498ec5c4db71866e93e06da94975e53e849f4deeb175e3ae58
Size

76KB
MD5

58c4d0896d560dfbde7e7d505aeab5e4
SHA1

5d9736d34d6d804b7e87135c9faaa38c764d36d7
SHA256

e992d81245ea5c498ec5c4db71866e93e06da94975e53e849f4deeb175e3ae58
SHA512

30d78139b372bc7f28a077465a83744ceffca7fcc744146fb0558c14782c5ee6e05c0fc4709f9a15bd003f7b18f8c1c3b60c3ca254459939a1555b58d958f52b
SSDEEP

1536:kEDuON9p7H+DDuemZ8F6M8/QP+s5IOeFnToIf1OxczY6DuOD6:k+5eDOv/QmsTetTBfEuzY6DuOD

Score

N/A

Malware Config

Signatures

Files

e992d81245ea5c498ec5c4db71866e93e06da94975e53e849f4deeb175e3ae58
.dll windows x86

66e94aae561a702d611ebb9ecd11b7af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostMessageA
OpenDesktopA
GetThreadDesktop
OpenWindowStationA
OpenInputDesktop
wsprintfA
CloseWindow
CreateWindowExA
IsWindow
GetUserObjectInformationA
GetDesktopWindow
GetDC
ExitWindowsEx
GetWindowTextA
GetProcessWindowStation
GetKeyNameTextA
CallNextHookEx
GetActiveWindow
UnhookWindowsHookEx
SendMessageA
SetWindowsHookExA
keybd_event
MapVirtualKeyA
SystemParametersInfoA
WindowFromPoint
SetThreadDesktop
CloseDesktop
IsWindowVisible
CloseWindowStation
SetProcessWindowStation
GetWindowThreadProcessId
EnumWindows
GetCursorPos
ReleaseDC
SetCursorPos
SetCapture
GetSystemMetrics
SetRect
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
mouse_event

kernel32

Sleep
CloseHandle
OpenEventA
SetErrorMode
CreateMutexA
GetTickCount
lstrcpyA
SetUnhandledExceptionFilter
FreeConsole
lstrcpynA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
DeleteFileA
CreateProcessA
lstrcatA
ReleaseMutex
WaitForSingleObject
lstrlenA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
FreeLibrary
GetProcAddress
GetDiskFreeSpaceExA
WriteFile
MoveFileA
CreateThread
LoadLibraryA
MoveFileExA
GetSystemDirectoryA
GlobalMemoryStatus
GetComputerNameA
GetVersionExA
GetLocalTime
GetFileAttributesA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
HeapFree
GetProcessHeap
HeapAlloc
SetEvent
InterlockedExchange
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetLastError
SetLastError
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
ResetEvent
CancelIo
OpenProcess
Process32Next
LocalSize
Process32First
CreateToolhelp32Snapshot
TerminateThread
GetDiskFreeSpaceA
lstrcmpiA
GetCurrentThreadId
GetTempPathA
GetCurrentProcess
CreateEventA
GetDriveTypeA
GetSystemInfo

msvcrt

strstr
printf
strrchr
strcmp
_ftol
strcpy
??2@YAPAXI@Z
_except_handler3
_CxxThrowException
sprintf
strcat
memcpy
ceil
atoi
strtok
fclose
fread
fopen
__dllonexit
_onexit
??1type_info@@UAE@XZ
free
_initterm
memmove
_adjust_fdiv
wcstombs
??3@YAXPAX@Z
strncpy
memcmp
_beginthreadex
malloc
_EH_prolog
strlen
memset
__CxxFrameHandler

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

shell32

SHGetFileInfoA

shlwapi

SHDeleteKeyA

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

gdi32

GetPaletteEntries
CreateHalftonePalette
SelectObject
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
send
gethostname
socket
select
recv
gethostbyname
htons
inet_addr
setsockopt
connect
closesocket
getsockname

psapi

GetModuleFileNameExA
EnumProcessModules

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

urlmon

URLDownloadToFileA

advapi32

InitializeSecurityDescriptor
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
QueryServiceStatus
DeleteService
SetServiceStatus
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
SetSecurityDescriptorDacl
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
RegisterServiceCtrlHandlerA
FreeSid
RegOpenKeyExA
RegQueryValueA
RegCloseKey

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Exports

Exports

ServiceMain

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66e94aae561a702d611ebb9ecd11b7af

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

msvcp60

shell32

shlwapi

imm32

gdi32

ws2_32

psapi

avicap32

urlmon

advapi32

wtsapi32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB