58d74cb162b4d75b8857642c6ee0ff4107de8670f7b50b3c2e98c715c1555de5

Sharing

Copy URL Twitter E-mail

General

Target

58d74cb162b4d75b8857642c6ee0ff4107de8670f7b50b3c2e98c715c1555de5
Size

7.0MB
MD5

019b934741b58cd101d6a0c6522c1a9a
SHA1

4d6c8130d34014648c79745a3e9097c6221cad9d
SHA256

58d74cb162b4d75b8857642c6ee0ff4107de8670f7b50b3c2e98c715c1555de5
SHA512

db829ddbb42ec8f6805764d33304463f050d9a9a265b5515d43ddbea9f207b1f30175696d362615335e9c9b65a1f24d7f61ee990888b7ded5738ab4b842e4c0c
SSDEEP

98304:O2RoXGl/bBEApkmeHSEjn5ZjMIcxjzqMVRvTTzjuCXt3NuM3v3rv:O2R0Gl5kmIJ0Xx/LVjuMP

Score

N/A

Malware Config

Signatures

Files

58d74cb162b4d75b8857642c6ee0ff4107de8670f7b50b3c2e98c715c1555de5
.dll windows x86

05372ee01ea7415a41c46374bd899d59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertCloseStore
CertAddEncodedCertificateToStore
CryptUnprotectData
CertOpenStore

gdiplus

GdipCreateBitmapFromHBITMAP
GdipFree
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipDeleteGraphics
GdipAlloc
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipDisposeImage
GdipCloneImage

shlwapi

ord12

wininet

InternetSetOptionW

kernel32

ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetStdHandle
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetLastError
GetNativeSystemInfo
VirtualAlloc
VirtualFree
GetModuleHandleA
IsBadReadPtr
SetEnvironmentVariableW
GetEnvironmentVariableW
CreatePipe
PeekNamedPipe
GetCurrentProcess
ExitProcess
TerminateProcess
GetExitCodeProcess
CreateRemoteThread
CreateProcessW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
OpenProcess
GetWindowsDirectoryW
GetProductInfo
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process
GetModuleFileNameW
K32GetModuleFileNameExW
QueryPerformanceFrequency
GetExitCodeThread
LCMapStringW
CompareStringW
GetTimeZoneInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
RaiseException
InterlockedFlushSList
InterlockedPushEntrySList
LCMapStringEx
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
SwitchToThread
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
VirtualProtect
GetLocaleInfoEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetModuleHandleW
SetStdHandle
WriteConsoleW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
FreeEnvironmentStringsW
GetFileInformationByHandleEx
CopyFileW
SetFilePointerEx
SetFileInformationByHandle
GetFinalPathNameByHandleW
GetFileInformationByHandle
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
InitializeCriticalSectionEx

user32

CloseDesktop
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageA
SendMessageW
OpenDesktopW
PrintWindow
MoveWindow
SetThreadDesktop
IsWindowVisible
GetDlgItem
GetKeyState
IsWindowEnabled
MenuItemFromPoint
PostMessageW
GetForegroundWindow
GetDC
ReleaseDC
GetWindowRect
UnhookWindowsHook
WindowFromPoint
CreateDesktopW
GetWindowPlacement
ScreenToClient
ChildWindowFromPoint
RealGetWindowClassW
SetProcessDPIAware
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookA
GetWindow
GetWindowThreadProcessId
GetTopWindow
FindWindowW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
PtInRect

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectObject

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

CoInitialize
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantInit
VariantClear

advapi32

RegCloseKey
RegCreateKeyExW
RegGetValueW
GetUserNameW

ws2_32

freeaddrinfo
getnameinfo
WSAGetLastError
getaddrinfo
__WSAFDIsSet
closesocket
connect
ioctlsocket
getpeername
getsockopt
ntohs
recv
select
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSASocketW

Exports

Exports

TLSDataStart

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05372ee01ea7415a41c46374bd899d59

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

gdiplus

shlwapi

wininet

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 5.6MB - Virtual size: 5.6MB

.data Size: 29KB - Virtual size: 39KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 54KB - Virtual size: 54KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 5.6MB - Virtual size: 5.6MB

.data
Size: 29KB - Virtual size: 39KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 54KB - Virtual size: 54KB