c5197ada37ef502f10e1a60abd7009ad10b5dd796ef6e9fff3f950a7956551de

Sharing

Copy URL Twitter E-mail

General

Target

c5197ada37ef502f10e1a60abd7009ad10b5dd796ef6e9fff3f950a7956551de
Size

622KB
MD5

bc60100c198d88ae988d9eeae3c8793a
SHA1

5333660bf9343a3647e19409269c991db5f2d8bb
SHA256

c5197ada37ef502f10e1a60abd7009ad10b5dd796ef6e9fff3f950a7956551de
SHA512

308cd24aaf43842ce4d87e6fd3ec4647c144ae63c56db58ffa3c0c2f84a68ed820ffec418b4f27a82466df024fbee25420407018ba112f51f984af5c62526e96
SSDEEP

12288:zqJQ7WrwPVftmVUUCWk5NBUBGdgDCbDDfEfr:+JQxVftwUUCT7BRp6

Score

N/A

Malware Config

Signatures

Files

c5197ada37ef502f10e1a60abd7009ad10b5dd796ef6e9fff3f950a7956551de
.dll windows x86

218d5f32870c42ccdafd59132bb0241c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameA
InterlockedExchange
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
Sleep
SetEvent
CreateFileW
CreateThread
CreateEventA
WriteFile
CreateFileA
LockResource
SizeofResource
LoadResource
FindResourceA
MultiByteToWideChar
GetWindowsDirectoryA
GetCurrentProcess
GetCurrentProcessId
LoadLibraryA
GetSystemDirectoryA
HeapSize
CloseHandle
GlobalFree
WaitForSingleObject
GlobalAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
RtlUnwind
GetModuleFileNameW
HeapReAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
FlushFileBuffers
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetCurrentThreadId
DecodePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType

user32

MessageBoxA
wsprintfA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

ole32

CoInitialize
OleUninitialize

wsock32

select
__WSAFDIsSet
recv
shutdown
inet_addr
ioctlsocket
connect
ntohs
setsockopt
closesocket
htons
bind
listen
getsockname
send
WSAGetLastError
gethostbyname
WSAStartup
WSACleanup
socket

ws2_32

WSCDeinstallProvider
WSAAccept
WSCWriteProviderOrder
WSCInstallProvider
WSCEnumProtocols

rpcrt4

UuidCreate

Exports

Exports

Init
InstLsp
checkuser
isInstLsp
pAddProxy
pDelProxy
pGetProxyInfo
pGetRecvSum
pGetSendSum
pSsdtHookA
pSsdtHookW
pUpProxyInfo
unInstLsp

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

218d5f32870c42ccdafd59132bb0241c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

wsock32

ws2_32

rpcrt4

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 11.5MB

.rsrc Size: 488KB - Virtual size: 487KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 11.5MB

.rsrc
Size: 488KB - Virtual size: 487KB

.reloc
Size: 21KB - Virtual size: 21KB