7d30688f3f5186c9e448437b00562d7973944184c0312901f978d1b7c4d6be16

Sharing

Copy URL Twitter E-mail

General

Target

7d30688f3f5186c9e448437b00562d7973944184c0312901f978d1b7c4d6be16
Size

127KB
MD5

809c2fb344fc83005b725cf72117f170
SHA1

d8085d8e57b3294077322e19f5dd1c3795d018d7
SHA256

7d30688f3f5186c9e448437b00562d7973944184c0312901f978d1b7c4d6be16
SHA512

ca641bd335fd1e2ea83e07373e0488e5a1d8c4a46fc5497e2d5198a7c4ab7773e8d10e203d8eded7192ff62d98e897996f3731dd4a7942c1c8c67bdfa3d2f7aa
SSDEEP

3072:fIUYAKhq4HALaUkltRQx5vPt+tnyVEH6ca8tPQ8M8ZICStkZ+wychgoI2:AyKQKALaNtRQzsMVEH1a8tPQ8M86tn

Score

N/A

Malware Config

Signatures

Files

7d30688f3f5186c9e448437b00562d7973944184c0312901f978d1b7c4d6be16
.dll windows x86

4151e69da68016ca45d9dd9692ab406e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryInformationProcess
NtQueryObject
RtlUnwind
RtlZeroMemory

psapi

EnumProcessModules
GetProcessImageFileNameA
GetModuleFileNameExA

kernel32

DeleteFileA
DeleteTimerQueueTimer
DuplicateHandle
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FormatMessageA
FreeLibrary
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetDateFormatA
GetEnvironmentStringsA
GetEnvironmentVariableA
GetExitCodeProcess
GetExitCodeThread
GetFileTime
GetLastError
GetLocalTime
GetModuleFileNameA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
CloseHandle
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
LoadLibraryA
CopyFileA
LoadResource
LocalFree
LockResource
MultiByteToWideChar
OpenEventA
OpenMutexA
Process32First
Process32Next
ProcessIdToSessionId
QueryDosDeviceA
CreateDirectoryA
ReadFile
ReadProcessMemory
CreateFileA
SetFilePointer
SetFileTime
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
CreateMutexA
CreateProcessA
CreateThread
CreateTimerQueueTimer
CreateToolhelp32Snapshot

user32

GetWindowTextA
GetWindowThreadProcessId
GetClipboardSequenceNumber
GetForegroundWindow
GetMessageA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
PeekMessageA
OpenWindowStationA
CloseWindowStation
SetProcessWindowStation
TranslateMessage
GetUserObjectInformationA
DispatchMessageA
GetKeyboardLayout
RegisterClassExA
PostMessageA
GetRawInputData
RegisterRawInputDevices
PostQuitMessage
CreateWindowExA
DestroyWindow
DefWindowProcA

advapi32

LookupAccountSidA
LookupPrivilegeValueA
ChangeServiceConfigA
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
StartServiceA
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetKeySecurity
RegSetValueExA
InitiateSystemShutdownA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

ws2_32

htons
htonl

crtdll

_fdopen
_iob
_itoa
_makepath
_open_osfhandle
_sleep
_snprintf
_splitpath
_strdup
_stricmp
_strlwr
_strnicmp
atof
atoi
fclose
feof
fopen
fputc
fread
free
_cexit
localeconv
malloc
memcmp
memcpy
memmove
memset
pow
raise
rand
realloc
setbuf
strcat
strchr
strcmp
strncpy
strpbrk
strrchr
strstr
strtol
wcslen
wcsncpy
wctomb

Exports

Exports

CTF
CTFInit
CTFInits
CTFInitw
CTFStart
CTFTo
DS
Extract
LibMain

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 248B - Virtual size: 248B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4151e69da68016ca45d9dd9692ab406e

Headers

File Characteristics

Imports

ntdll

psapi

kernel32

user32

advapi32

ws2_32

crtdll

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

.bss Size: - Virtual size: 5KB

.data Size: 15KB - Virtual size: 15KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 3KB - Virtual size: 3KB

.edata Size: 248B - Virtual size: 248B

.text
Size: 72KB - Virtual size: 72KB

.bss
Size: - Virtual size: 5KB

.data
Size: 15KB - Virtual size: 15KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 3KB - Virtual size: 3KB

.edata
Size: 248B - Virtual size: 248B