aaaad349660974f3b6b7f2cfa7b5ee823f32d1986a88d0fb75e10f5e08e131a1

Sharing

Copy URL Twitter E-mail

General

Target

aaaad349660974f3b6b7f2cfa7b5ee823f32d1986a88d0fb75e10f5e08e131a1
Size

97KB
MD5

ba0f428b0e43e063223bdf9a4ca162cb
SHA1

6c226d2f569f8fa6e8f0876351e33b9f324b5845
SHA256

aaaad349660974f3b6b7f2cfa7b5ee823f32d1986a88d0fb75e10f5e08e131a1
SHA512

b641be2c208773c363e4a9777fabece4ea3787b8ddd8b40913f7e55e3471039eea5ca116362587c04afe49f02680b1dd9d494c9620e09f60f94a4f731e4559b6
SSDEEP

1536:tR82P+j5fhdadwwv0zLWnzhgZwwyS+cEwlHU5wvsqBZ:fP+jbdNE8Wtnw6cEwNU5w0qz

Score

N/A

Malware Config

Signatures

Files

aaaad349660974f3b6b7f2cfa7b5ee823f32d1986a88d0fb75e10f5e08e131a1
.dll windows x86

5b6c5db31ae1c38ca979522cc3ebe413

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
WSAStartup
WSASetLastError
closesocket
ioctlsocket
connect
select
WSAGetLastError
htons
recv
socket
gethostbyname
WSASetEvent
ntohs

shlwapi

StrCatW
wnsprintfA
StrNCatA
PathAddBackslashW
StrStrIW
StrStrA
StrCmpNIA
StrCpyW
StrCmpNA
StrChrA
StrStrIA

wininet

InternetCanonicalizeUrlA
InternetTimeFromSystemTimeA
InternetCrackUrlA
InternetReadFile
InternetSetOptionW
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

kernel32

HeapReAlloc
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapFree
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
lstrlenA
lstrcpynA
GetTickCount
VirtualFree
LeaveCriticalSection
IsBadWritePtr
VirtualAlloc
EnterCriticalSection
Sleep
GetLocalTime
CloseHandle
CreateThread
lstrcatA
DeleteFileW
GetSystemTime
lstrcpyA
FindFirstFileW
GetCommandLineA
InitializeCriticalSection
GetModuleFileNameW
FindClose
RemoveDirectoryW
FindNextFileW
CreateMutexW
GetLastError
lstrcmpA
InterlockedExchange
GetCurrentThread
LoadLibraryW
GetProcAddress
GetTempFileNameW
GetFileSize
WriteFile
ReadFile
CreateFileW
GetTempPathW
ExitProcess
SystemTimeToFileTime
OpenProcess
TerminateProcess
OpenMutexW
SetLastError
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetCurrentProcessId
VirtualQuery
VirtualProtect
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
GetCurrentProcess
TlsGetValue
GetModuleHandleW
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

advapi32

LookupPrivilegeValueW
OpenThreadToken
OpenProcessToken
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathW

urlmon

ObtainUserAgentString

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b6c5db31ae1c38ca979522cc3ebe413

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

wininet

kernel32

advapi32

shell32

urlmon

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 7KB - Virtual size: 106KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 7KB - Virtual size: 106KB

.reloc
Size: 9KB - Virtual size: 8KB