c625525ff9c590f35e7e93c942a75c879de7f358c6f0d271c83959ace332deb5

Sharing

Copy URL Twitter E-mail

General

Target

c625525ff9c590f35e7e93c942a75c879de7f358c6f0d271c83959ace332deb5
Size

386KB
MD5

29dfb5434f041e8d26872970c868e210
SHA1

fda9caeaa3f3d6ad993c81e9548f5e0a5a34cd2f
SHA256

c625525ff9c590f35e7e93c942a75c879de7f358c6f0d271c83959ace332deb5
SHA512

8bfeb86bd263ac0de542863934c30a4e40bb027e7de6c1df031220edb9ada68456ddfa198ff7879a046fe897c6c7a23c96b09946b5477287829260cc27e4a517
SSDEEP

12288:3oGHpKHAc6qMv9YXWq4sZetr8AirbDDAm9m:35bLqGjqRZetr8AgbU

Score

N/A

Malware Config

Signatures

Files

c625525ff9c590f35e7e93c942a75c879de7f358c6f0d271c83959ace332deb5
.dll windows x86

bb3a8a3556454e032929cc5775b25374

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsReplaceRecordSetW

ntdll

RtlIsNameLegalDOS8Dot3
wcslen
_chkstk
RtlInitUnicodeStringEx
_wcsicmp
memmove
RtlUnicodeStringToAnsiString
RtlUnwind
NtAllocateVirtualMemory
RtlAnsiStringToUnicodeString
NtQueryVirtualMemory
_vsnwprintf

kernel32

lstrcmpiW
InitializeCriticalSectionAndSpinCount
GetDriveTypeW
TlsFree
DeleteFileW
GetLastError
ExpandEnvironmentStringsW
GetACP
GetSystemTimeAsFileTime
GetShortPathNameW
LocalSize
lstrcpyA
ResetEvent
InterlockedCompareExchange
InterlockedIncrement
InterlockedExchange
MultiByteToWideChar
QueryPerformanceCounter
FindNextFileW
LocalReAlloc
GetTempFileNameW
SetLastError
LocalAlloc
LocalFree
lstrlenW
TerminateProcess
FindResourceExW
GetSystemDefaultUILanguage
CreateThread
SizeofResource
TlsSetValue
WideCharToMultiByte
GetFullPathNameW
FreeLibrary
DelayLoadFailureHook
LoadLibraryW
LoadResource
lstrcpynW
UnhandledExceptionFilter
GlobalFree
GetFileAttributesW
GlobalLock
FindFirstFileW
InterlockedDecrement
GlobalReAlloc
SetEvent
LockResource
SetCurrentDirectoryW
TlsAlloc
GetUserDefaultLCID
GetTickCount
GetCurrentThreadId
FreeLibraryAndExitThread
lstrlenA
GetVolumeInformationW
GetVersionExA
GetCurrentProcessId
SetUnhandledExceptionFilter
GetModuleHandleW
CloseHandle
GetLocaleInfoW
GlobalAlloc
EnterCriticalSection
FreeResource
GetProfileStringW
DeleteCriticalSection
DisableThreadLibraryCalls
GetModuleFileNameW
GetCurrentProcess
CreateEventW
TlsGetValue
FindClose
CreateFileW
FindResourceW
FindResourceA
GetCurrentDirectoryW
LoadLibraryA
FormatMessageW
WaitForSingleObject
GlobalUnlock
lstrcpyW
GetProcessVersion
LeaveCriticalSection
MulDiv
GetProcAddress
GetModuleHandleA
SetErrorMode
lstrcmpW

mswsock

GetAcceptExSockaddrs
AcceptEx

userenv

RsopFileAccessCheck

gdi32

GetObjectW
CreateDCW
GetDeviceCaps
SetViewportExtEx
GetTextCharsetInfo
EnumFontFamiliesExW
ExcludeClipRect
GetMapMode
SelectPalette
SetBkColor

rpcrt4

I_RpcExceptionFilter
RpcEpResolveBinding
RpcBindingFree
RpcBindingSetAuthInfoExW
NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb3a8a3556454e032929cc5775b25374

Headers

File Characteristics

Imports

dnsapi

ntdll

kernel32

mswsock

userenv

gdi32

rpcrt4

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 19KB - Virtual size: 872KB

.rdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 335KB - Virtual size: 334KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 19KB - Virtual size: 872KB

.rdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 335KB - Virtual size: 334KB

.reloc
Size: 512B - Virtual size: 20B