b0c382aebab872ad601900dd6a2c283dc0ef2ebd8309d4c337921afeefebfbcb

Sharing

Copy URL Twitter E-mail

General

Target

b0c382aebab872ad601900dd6a2c283dc0ef2ebd8309d4c337921afeefebfbcb
Size

72KB
MD5

d0cee9550cee0f1a6b885189e6fc270c
SHA1

c2c636ae3f2ea855d1c43cf6d949252852af955d
SHA256

b0c382aebab872ad601900dd6a2c283dc0ef2ebd8309d4c337921afeefebfbcb
SHA512

807458f7e553c4c681cf2d6cac0aeacd8f6cef450edf021f3dd1ca38bc21bb4cb62f5cb95ed4e99ef12bc2622a46074dc1a642e1496cf2fb1b8e71201dd56964
SSDEEP

1536:FfFyiNZe2Ii92xWy0M2I4HfFba7biyP8IJBE3hO1fYD5e:7yiN3dP5M2I4HfFba7biyP8CO3hO1fYA

Score

N/A

Malware Config

Signatures

Files

b0c382aebab872ad601900dd6a2c283dc0ef2ebd8309d4c337921afeefebfbcb
.dll windows x86

3d971ad935f800bc355891f9add9ebdf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
WSASocketA
WSAIoctl
inet_ntoa
WSAStartup
WSACleanup
recv
send
htons
gethostbyname
WSAGetLastError
inet_addr
socket
connect
closesocket

advapi32

CreateProcessAsUserA
AllocateAndInitializeSid
FreeSid
GetUserNameA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
IsValidSid
AddAccessAllowedAce
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueA
InitializeAcl
GetLengthSid

gdi32

DeleteObject
SelectObject
SetTextColor
SetBkMode
ExtTextOutA
SetBkColor
CreateFontIndirectA

kernel32

GetFileInformationByHandle
SystemTimeToFileTime
GetLocalTime
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
LocalAlloc
RaiseException
WideCharToMultiByte
GetModuleFileNameA
CloseHandle
SetEndOfFile
SetFilePointer
WriteFile
GetFileSize
Sleep
GetLastError
CreateFileA
GetComputerNameA
GetSystemDirectoryA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
OpenFileMappingA
FlushViewOfFile
ResetEvent
SetEvent
GlobalUnlock
GlobalLock
CreateThread
GetTickCount
GetTempPathA
GetFileAttributesA
WaitForSingleObject
ExitProcess
GetCurrentProcessId
OpenEventA
CreateEventA
HeapFree
GetProcessHeap
HeapAlloc
CreateToolhelp32Snapshot
Process32Next
VirtualFreeEx
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
Process32First
OpenProcess
ResumeThread
CreateProcessA
ExpandEnvironmentStringsA
LoadLibraryA
FreeLibrary
ReadFile
GetVersionExA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GlobalMemoryStatus
GetSystemInfo
FileTimeToSystemTime

user32

GetDesktopWindow
GetSystemMetrics
SetWindowsHookExA
GetClassNameA
FindWindowA
EnumChildWindows
CallWindowProcA
UnhookWindowsHookEx
CreateWindowExA
SetClipboardViewer
GetMessageA
TranslateMessage
DispatchMessageA
IsWindow
PostMessageA
DestroyWindow
LoadIconA
LoadCursorA
RegisterClassA
SendMessageA
OpenClipboard
GetClipboardData
CloseClipboard
DefWindowProcA
GetClientRect
BeginPaint
DrawTextA
ReleaseDC
EndPaint
SystemParametersInfoA
SetWindowLongA
SetWindowPos
ShowWindow
UpdateWindow
GetKeyState
GetKeyNameTextA
ToAscii
CallNextHookEx
GetForegroundWindow
GetParent
GetWindowTextA
MapVirtualKeyA
GetWindowLongA
GetKeyboardState

msvcr90

_mbscmp
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
strcpy_s
wcstombs
strftime
fseek
ftell
malloc
realloc
free
atoi
isalpha
_mbsstr
_mbsicmp
srand
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
strlen
_mbsrchr
strcpy
__CxxFrameHandler3
fwrite
fread
fclose
fopen
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_difftime64
_localtime64
_time64
_mbsnbcpy
_mbsrev
rand
_mbsnbcmp
strcat
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
sprintf
strstr
_except_handler4_common

msvcp90

?_Xran@_String_base@std@@SAXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

?g_dwOperation@@3KA
?g_dwTargetPID@@3KA
FlushBuffer
Init
SM
WLEvtLock
WLEvtLogoff
WLEvtLogon
WLEvtShutdown
WLEvtStartScreenSaver
WLEvtStartup
WLEvtStopScreenSaver
WLEvtUnlock

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d971ad935f800bc355891f9add9ebdf

Headers

File Characteristics

Imports

ws2_32

advapi32

gdi32

kernel32

user32

msvcr90

msvcp90

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

Shared Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

Shared
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 4KB - Virtual size: 3KB