0283b68d7c903fe4efaa0e56fbec9cdd38e1eb48624f0052bdf769823190927a

Sharing

Copy URL Twitter E-mail

General

Target

0283b68d7c903fe4efaa0e56fbec9cdd38e1eb48624f0052bdf769823190927a
Size

5.4MB
MD5

974d05327911e50be40faa6f0c5e29ea
SHA1

3341e3298a191521e22dd21bdc4f0f7de7541357
SHA256

0283b68d7c903fe4efaa0e56fbec9cdd38e1eb48624f0052bdf769823190927a
SHA512

f0f9e798443e1da48a33c81008d8f767fafdae79ef87a144badac540ff4450607b39a938f3896ff2c24ceeb8aa35e34e452b850872b8f40ecef4128245af1971
SSDEEP

98304:i+rVTPuplym2Bqm25cOSPan/xbeM0Qm27nJ:iCT+lytn25cZWd0Qm27J

Score

N/A

Malware Config

Signatures

Files

0283b68d7c903fe4efaa0e56fbec9cdd38e1eb48624f0052bdf769823190927a
.dll windows x64

f6b80ba96a34629a489ac72702ac5d29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameA
GetModuleHandleExW
TerminateThread
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
CreateFiber
IsThreadAFiber
CreateThread
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleW
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GetACP
IsValidCodePage
DeleteFiber
SwitchToFiber
ConvertThreadToFiber
RtlUnwind
GetOEMCP
WriteConsoleW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetLastError
MultiByteToWideChar
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlVirtualUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WideCharToMultiByte
ConvertFiberToThread
CloseHandle
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcess
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
QueryPerformanceFrequency
WaitForSingleObjectEx
SwitchToThread
InitOnceComplete
InitOnceBeginInitialize
GetCPInfoExW
LocalFree
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
LCMapStringEx
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetStringTypeW
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
LoadLibraryExW
ExitProcess
SetStdHandle
SetConsoleCtrlHandler
ReadFile
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
GetFileSizeEx
FlushFileBuffers
GetTimeZoneInformation
GetModuleHandleA

user32

GetAsyncKeyState
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetWindow
IsWindow
GetWindowThreadProcessId
GetClassNameA
GetClientRect
EnumWindows
SetWindowLongPtrW
GetWindowLongW
SetWindowLongW
SetForegroundWindow
CallWindowProcW
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
UnregisterClassW
ReleaseCapture
ScreenToClient
SetCursorPos
GetCursorPos
GetKeyState
mouse_event

ws2_32

freeaddrinfo
recv
select
send
getpeername
ntohs
ioctlsocket
getsockopt
__WSAFDIsSet
WSAGetLastError
getnameinfo
shutdown
closesocket
setsockopt
connect
socket
WSASocketW
inet_pton
WSAStartup
WSACleanup
WSASetLastError
getaddrinfo

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmAssociateContextEx
ImmGetContext

advapi32

CryptSetHashParam
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptExportKey

d3dcompiler_47

D3DCompile

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6b80ba96a34629a489ac72702ac5d29

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

crypt32

bcrypt

imm32

advapi32

d3dcompiler_47

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 1.3MB - Virtual size: 1.4MB

.pdata Size: 114KB - Virtual size: 113KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 1.3MB - Virtual size: 1.4MB

.pdata
Size: 114KB - Virtual size: 113KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 28KB - Virtual size: 28KB