ce767f04db6a3cb531ec1905103b55db5b05047a3ab12569196f20c296f9ba1b

Sharing

Copy URL Twitter E-mail

General

Target

ce767f04db6a3cb531ec1905103b55db5b05047a3ab12569196f20c296f9ba1b
Size

79KB
MD5

37b87709e10f4deb5601ee6229d8b9c0
SHA1

07d2ff1ffdb9b07fad27a53935c9333c81a686fc
SHA256

ce767f04db6a3cb531ec1905103b55db5b05047a3ab12569196f20c296f9ba1b
SHA512

484010145b73340f362a511f9e91fb0d44762a41aa836b9eb6f84b2a26610a0df4429eba48da939c8f24ef0fc624051a727cbadb12bbf55ea3b4a8788df59506
SSDEEP

1536:ZBOT5U6r+iX0E6GTpjoD0AvPoxUFJVWVg:LOT5UnnwAvPoxUFJ

Score

N/A

Malware Config

Signatures

Files

ce767f04db6a3cb531ec1905103b55db5b05047a3ab12569196f20c296f9ba1b
.dll windows x86

52029406c4b49606ee93a7c4598db2df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

SetUnhandledExceptionFilter
WaitForSingleObject
FreeConsole
SetEvent
CreateEventA
GetCurrentThreadId
WriteFile
CreateFileA
VirtualAllocEx
GetStringTypeW
GetStringTypeA
SetEndOfFile
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
ReadProcessMemory
lstrlenA
Sleep
DeleteFileA
SetLastError
GetLastError
GetCurrentProcess
WriteProcessMemory
GetTickCount
GetModuleFileNameA
VirtualProtect
lstrcatA
HeapAlloc
HeapFree
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
CloseHandle
LoadLibraryA
GetProcAddress
GetWindowsDirectoryA
FreeLibrary
ReadFile
TerminateProcess
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetCPInfo
SetFilePointer
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
TlsFree
TlsAlloc
RtlUnwind
RaiseException
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
HeapSize

user32

wsprintfA
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
CloseDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
RegOpenKeyA
RegQueryValueExA
RegCloseKey

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetOpenA
InternetConnectA

ws2_32

closesocket
recv
send
setsockopt
connect
bind
gethostbyname
gethostname
inet_addr
htons
socket
WSAStartup
inet_ntoa
WSACleanup

shlwapi

PathFindFileNameA

Exports

Exports

ServiceMain

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52029406c4b49606ee93a7c4598db2df

Headers

File Characteristics

Imports

psapi

kernel32

user32

advapi32

wininet

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 18KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 18KB

.reloc
Size: 8KB - Virtual size: 4KB