0b6a77645402eb031bf07c5584ee9f6e9bf9c84a6a33b81042206eef1ded1781

Sharing

Copy URL

Twitter E-mail

General

Target

0b6a77645402eb031bf07c5584ee9f6e9bf9c84a6a33b81042206eef1ded1781
Size

3.0MB
MD5

8175db528575e89c066a9c65660e1adc
SHA1

519ba273d08ca5f5055a3f1348fb7c7043e8372b
SHA256

0b6a77645402eb031bf07c5584ee9f6e9bf9c84a6a33b81042206eef1ded1781
SHA512

ba7eefaa39601cc937d8d5ff367fde8e5752c8ed2a9e2d2c2100d126fb7dc30e82703e8359dc8b5cd713e9e0b8e79fb4328d69da007fcaf513d499f9fa7c6d1f
SSDEEP

98304:ZKcRL1okyIr+9feJS2yqwq7NfjIQRkhvA:LLZrvHhj/khv

Score

N/A

Malware Config

Signatures

Files

0b6a77645402eb031bf07c5584ee9f6e9bf9c84a6a33b81042206eef1ded1781
.dll windows x86

69310b293acb7647e4afd0abee2f773e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
WaitForSingleObject
Sleep
lstrcpyW
CreateProcessW
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetSystemInfo
GetTickCount
GetVersionExW
GetFileSize
WriteFile
ReadFile
FindClose
FileTimeToSystemTime
GetTempPathW
CreateFileW
SetFileAttributesW
GetFileAttributesExW
FindNextFileW
MoveFileExW
GetLongPathNameW
AreFileApisANSI
CreateDirectoryW
RemoveDirectoryW
ReleaseMutex
GetSystemDirectoryW
GetVolumeInformationW
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
GetStdHandle
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
VirtualAlloc
VirtualFree
LocalFree
SetLastError
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
DeviceIoControl
OutputDebugStringA
SetPriorityClass
EncodePointer
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
GetDriveTypeW
SetStdHandle
WriteConsoleW
GetCurrentDirectoryW
SetEndOfFile
OutputDebugStringW
CreateThread
LocalAlloc
GlobalFree
GlobalAlloc
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
GetModuleFileNameW
FindFirstFileW
GetEnvironmentVariableW
GetProcAddress
LoadLibraryW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
CopyFileW
DeleteFileW
GetCurrentProcess
DeleteCriticalSection
SetConsoleMode
ReadConsoleInputA
VirtualProtect
InitializeCriticalSection
FreeLibraryAndExitThread
ExitThread
SystemTimeToFileTime
GetSystemTime
GlobalMemoryStatus
FlushConsoleInputBuffer
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
VerSetConditionMask
SleepEx
GetFileAttributesExA
FormatMessageA
QueryPerformanceFrequency

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
LoadStringW
wsprintfW

shell32

ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CLSIDFromString
CoCreateInstance
CoInitialize

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW

shlwapi

PathAddBackslashW
PathFileExistsW

wtsapi32

WTSQueryUserToken

advapi32

CryptGetUserKey
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
RegSetValueExW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
ImpersonateLoggedOnUser
RevertToSelf
ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenProcessToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptSetHashParam
CryptGetProvParam
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
DuplicateTokenEx
CreateProcessAsUserW
LookupPrivilegeValueW
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthorityCount
GetSidSubAuthority
FreeSid

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW

userenv

CreateEnvironmentBlock

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext

wldap32

ord60
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord143
ord217
ord46
ord211
ord50
ord41
ord22

ws2_32

recvfrom
sendto
ioctlsocket
gethostname
shutdown
htonl
gethostbyname
select
WSAGetLastError
socket
__WSAFDIsSet
getservbyname
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
accept
listen

Exports

Exports

a23769a50f69b
e12206efd83d7
ff417d7f0583f

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1021KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69310b293acb7647e4afd0abee2f773e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

psapi

shlwapi

wtsapi32

advapi32

iphlpapi

urlmon

userenv

version

crypt32

wldap32

ws2_32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 392KB - Virtual size: 392KB

.data Size: 45KB - Virtual size: 88KB

.gfids Size: 512B - Virtual size: 4KB

.rsrc Size: 1021KB - Virtual size: 1024KB

.reloc Size: 74KB - Virtual size: 76KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 392KB - Virtual size: 392KB

.data
Size: 45KB - Virtual size: 88KB

.gfids
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1021KB - Virtual size: 1024KB

.reloc
Size: 74KB - Virtual size: 76KB