d6e34ff54b6deb8fc5ef281e4025980c5dc008929e74df1d1108cc5fd3e7d58b

Sharing

Copy URL Twitter E-mail

General

Target

d6e34ff54b6deb8fc5ef281e4025980c5dc008929e74df1d1108cc5fd3e7d58b
Size

66KB
MD5

f4f8bf10153a0aa8f401ff987767327f
SHA1

5ad86a6aeb11b08e30811b72522080a4a261a70b
SHA256

d6e34ff54b6deb8fc5ef281e4025980c5dc008929e74df1d1108cc5fd3e7d58b
SHA512

20832c0feab47d47321bc0177e4d289cc6eb9d6b40220309ad3c53ef91c815a88e6be7e5e493daf5542755dc33f8afb40809d9efc1bac779af24af0eacfe6a7a
SSDEEP

768:ZPjpGHSg6mIm0vkrF4OwSbf6IBSeD/UP5pPTKvN4vxnz9pp/B1:fGImIm0sBz2MSNPPTKEnz9pBB1

Score

N/A

Malware Config

Signatures

Files

d6e34ff54b6deb8fc5ef281e4025980c5dc008929e74df1d1108cc5fd3e7d58b
.dll windows x86

eb98c5da4a7241b3f57fcc7ebeab9439

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
MultiByteToWideChar
ReleaseMutex
VirtualFreeEx
VirtualAllocEx
FindClose
FindNextFileA
lstrcmpiA
lstrcatA
GetCurrentProcess
Module32First
VirtualProtectEx
CreateMutexA
DeleteFileA
GetModuleFileNameA
CopyFileA
TerminateProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsBadReadPtr
GetTempPathA
GetModuleHandleA
LocalAlloc
CreateFileA
GetFileSize
InitializeCriticalSection
ReadFile
LocalFree
GetLastError
CloseHandle
GetCurrentProcessId
DisableThreadLibraryCalls
WaitForSingleObject
Sleep
LoadLibraryA
GetProcAddress
WinExec
lstrcpyA
lstrlenA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

user32

wsprintfA
GetWindowThreadProcessId
EnumWindows
SetThreadDesktop
SetProcessWindowStation
OpenWindowStationA
IsRectEmpty
ReleaseDC
GetDC
GetWindowTextA
GetForegroundWindow
GetWindowRect
OpenDesktopA

gdi32

GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
GetDIBits
RealizePalette
SelectPalette
GetStockObject

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

ws2_32

getpeername
WSAStartup
closesocket
send
recv
select
connect
ioctlsocket
htons
socket
gethostbyname

msvcrt

memcmp
strcpy
atoi
strcat
??2@YAPAXI@Z
_beginthreadex
strlen
sprintf
_mbsnbcpy
_mbsnbcmp
atol
_mbscmp
free
malloc
strstr
strrchr
strcmp
__CxxFrameHandler
memcpy
memset
sscanf
_onexit
__dllonexit
strncpy
_purecall
_splitpath
wcscmp
strchr
isprint

shlwapi

StrStrIA

imagehlp

MakeSureDirectoryPathExists

wininet

HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetAttemptConnect

gdiplus

GdipAlloc
GdipDisposeImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdipSaveImageToFile
GdiplusStartup
GdipFree
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCloneImage

Exports

Exports

Inse
_Inse@16

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb98c5da4a7241b3f57fcc7ebeab9439

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp60

ws2_32

msvcrt

shlwapi

imagehlp

wininet

gdiplus

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.bss Size: - Virtual size: 4.0MB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 17KB - Virtual size: 16KB

shard Size: 10KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 19KB - Virtual size: 18KB

.bss
Size: - Virtual size: 4.0MB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 17KB - Virtual size: 16KB

shard
Size: 10KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 13KB - Virtual size: 13KB