afb8fbaf1446b2975f028391691e7c51a797557e75de22eac980a5f00b77148e

Sharing

Copy URL Twitter E-mail

General

Target

afb8fbaf1446b2975f028391691e7c51a797557e75de22eac980a5f00b77148e
Size

2.8MB
MD5

653e0d42d04161e87dbc651bd71b08d4
SHA1

38ff2ae00f537573a80f92eaec93db95287cb318
SHA256

afb8fbaf1446b2975f028391691e7c51a797557e75de22eac980a5f00b77148e
SHA512

7b7aa4f49af796a9210651ab479b4fd929493230b361b456d894e115bdbb83453edf11cb76a08f77007a78f08be3b6385c237d5fc721f2bd65c1228c342d5942
SSDEEP

49152:OdY3+AIkm3rqJJqAdBK+B/WwP90q0QV0qPq7NPcPDiqgwh7DxxYAXYpez8/N:OaPIkm7qPqAdI+B/WwP90qDq7NPRDef4

Score

N/A

Malware Config

Signatures

Files

afb8fbaf1446b2975f028391691e7c51a797557e75de22eac980a5f00b77148e
.dll windows x86

732d8cd9bb6003476123af6c481acd06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
WaitForSingleObject
Sleep
lstrcpyW
CreateProcessW
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetSystemInfo
GetTickCount
GetVersionExW
GetFileSize
WriteFile
ReadFile
FindClose
FileTimeToSystemTime
GetTempPathW
CreateFileW
SetFileAttributesW
GetFileAttributesExW
FindNextFileW
MoveFileExW
GetLongPathNameW
AreFileApisANSI
GetSystemTime
CreateDirectoryW
RemoveDirectoryW
ReleaseMutex
GetSystemDirectoryW
GetVolumeInformationW
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
GetStdHandle
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
VirtualAlloc
VirtualFree
LocalFree
SetLastError
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
DeviceIoControl
OutputDebugStringA
SetPriorityClass
EncodePointer
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
GetDriveTypeW
SetStdHandle
WriteConsoleW
GetCurrentDirectoryW
SetEndOfFile
OutputDebugStringW
CreateThread
LocalAlloc
GlobalFree
GlobalAlloc
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
GetModuleFileNameW
FindFirstFileW
GetEnvironmentVariableW
GetProcAddress
LoadLibraryW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
CopyFileW
DeleteFileW
GetCurrentProcess
DeleteCriticalSection
SetConsoleMode
ReadConsoleInputA
VirtualProtect
InitializeCriticalSection
FreeLibraryAndExitThread
ExitThread
SystemTimeToFileTime
GlobalMemoryStatus
FlushConsoleInputBuffer
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
VerSetConditionMask
SleepEx
GetFileAttributesExA
FormatMessageA
QueryPerformanceFrequency

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
LoadStringW
wsprintfW

shell32

ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CLSIDFromString
CoCreateInstance
CoInitialize

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW

shlwapi

PathAddBackslashW
PathFileExistsW

wtsapi32

WTSQueryUserToken

advapi32

CryptGetUserKey
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
RegSetValueExW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
ImpersonateLoggedOnUser
RevertToSelf
ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenProcessToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptSetHashParam
CryptGetProvParam
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
DuplicateTokenEx
CreateProcessAsUserW
LookupPrivilegeValueW
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthorityCount
GetSidSubAuthority
FreeSid

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW

userenv

CreateEnvironmentBlock

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext

wldap32

ord60
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord143
ord217
ord46
ord211
ord50
ord41
ord22

ws2_32

recvfrom
sendto
ioctlsocket
gethostname
shutdown
htonl
gethostbyname
select
WSAGetLastError
socket
__WSAFDIsSet
getservbyname
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
accept
listen

Exports

Exports

b6b5991a53401
bbf6f8216a97f
e35929e7a2350

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 803KB - Virtual size: 804KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

732d8cd9bb6003476123af6c481acd06

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

psapi

shlwapi

wtsapi32

advapi32

iphlpapi

urlmon

userenv

version

crypt32

wldap32

ws2_32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 392KB - Virtual size: 392KB

.data Size: 45KB - Virtual size: 88KB

.gfids Size: 512B - Virtual size: 4KB

.rsrc Size: 803KB - Virtual size: 804KB

.reloc Size: 74KB - Virtual size: 76KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 392KB - Virtual size: 392KB

.data
Size: 45KB - Virtual size: 88KB

.gfids
Size: 512B - Virtual size: 4KB

.rsrc
Size: 803KB - Virtual size: 804KB

.reloc
Size: 74KB - Virtual size: 76KB