016da2501669f96394179cbcdf1e3f6cbfd32a15e4e2b85ea183ebfcf111fba9

Resubmissions

02/07/2025, 06:38

250702-heh2zsszgy 10

12/02/2023, 18:31

230212-w54y2aff94 3

Sharing

Copy URL Twitter E-mail

General

Target

016da2501669f96394179cbcdf1e3f6cbfd32a15e4e2b85ea183ebfcf111fba9
Size

1.0MB
MD5

08416d1ad8a9f6c9b7dc42ce0f9d8fe4
SHA1

fb19182c3103446d2a1b18e1da2b8ca5886c8aca
SHA256

016da2501669f96394179cbcdf1e3f6cbfd32a15e4e2b85ea183ebfcf111fba9
SHA512

f4da3a212a840abd5c3f7f836d239b69eb99b3e84506f1061ea5e79db4741f5eca47c60f667d28796ff7f819a75e37589525184414c827ee7f3fe745e70f6c5b
SSDEEP

24576:I4LeUrYFkKLXN6JAD/vxDHhCM8cSprq4rv3XLMDO7tOlndw:C1N6JADM9PLMDotOlndw

Score

1^/10

Malware Config

Signatures

Files

016da2501669f96394179cbcdf1e3f6cbfd32a15e4e2b85ea183ebfcf111fba9
.dll windows x86

547170d7e3e45e3a1eaaa7bd23e5c2af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath

shlwapi

PathIsDirectoryW

oleaut32

SysStringLen
SysAllocString

ole32

CLSIDFromString
CoInitialize
CoCreateInstance

advapi32

CryptImportKey
CryptDestroyKey
CryptAcquireContextA
CryptEncrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
RegDeleteValueW
RegNotifyChangeKeyValue
CryptGenRandom
CryptGetHashParam
RegQueryValueExW
RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW

comdlg32

GetSaveFileNameW

kernel32

GetCurrentProcess
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateEventW
Sleep
CloseHandle
CreateThread
SetEndOfFile
GetModuleFileNameW
InitializeCriticalSectionEx
HeapSize
GetLastError
OutputDebugStringW
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
CreateDirectoryW
SizeofResource
GetPrivateProfileStringW
LockResource
FindResourceExW
LoadResource
FindResourceW
OutputDebugStringA
SetEvent
ResetEvent
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetCurrentThreadId
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SetStdHandle
WriteConsoleW
HeapFree
FreeLibrary
SleepEx
GetTickCount64
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
FormatMessageA
CreateFileA
GetFileSizeEx
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
ExitThread
GetModuleHandleExW
ExitProcess
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
WriteFile
GetConsoleCP
DeleteFileW
GetFileAttributesExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW

ws2_32

ntohl
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
send
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
htonl
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
WSACleanup
WSAStartup

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord217
ord143
ord45

crypt32

CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CertFindCertificateInStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
CertOpenStore
CryptQueryObject

Exports

Exports

Entrypoint
ExecuteFunction
Post_Entrypoint
Post_EntrypointReturn
freeBuffer
startService
timerCallback

Sections

.text
Size: 826KB - Virtual size: 826KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

547170d7e3e45e3a1eaaa7bd23e5c2af

Headers

DLL Characteristics

File Characteristics

Imports

shell32

shlwapi

oleaut32

ole32

advapi32

comdlg32

kernel32

ws2_32

wldap32

crypt32

Exports

Exports

Sections

.text Size: 826KB - Virtual size: 826KB

.rdata Size: 175KB - Virtual size: 174KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 826KB - Virtual size: 826KB

.rdata
Size: 175KB - Virtual size: 174KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 39KB - Virtual size: 39KB