6bc66cf8c068e65082bb4a7e9998ccf436a659c247318e5d48be322ce17f4737

Sharing

Copy URL Twitter E-mail

General

Target

6bc66cf8c068e65082bb4a7e9998ccf436a659c247318e5d48be322ce17f4737
Size

412KB
MD5

d7514668cb697b7a184ebbed01546e72
SHA1

a2e0e7d69297ba2b2547bcdd2b96eec794787674
SHA256

6bc66cf8c068e65082bb4a7e9998ccf436a659c247318e5d48be322ce17f4737
SHA512

2fcd14ae5eaf8d2d00395231df500e771e6d60cec668d7fd50a217a60e213ecbb6dba4317ad19ab697c9bbb288b0b8594e6ab97a71fd70fe9f8035ea72214c04
SSDEEP

6144:u94mYHp9Wll4vWxFKEfyo7ITcAlDFJE4hS9TBq7TPT/G9:y4npaCv+Fbyo7ITH9Fi4hS9Tsg

Score

1^/10

Malware Config

Signatures

Files

6bc66cf8c068e65082bb4a7e9998ccf436a659c247318e5d48be322ce17f4737
.dll windows x86

71d14b0f0222fd20807066b7461e25e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
GetLastError
GetDiskFreeSpaceExA
CreateThread
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForMultipleObjects
SetFileAttributesA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetModuleFileNameA
GetTickCount
lstrcmpiA
WaitForSingleObject
FindNextFileA
RemoveDirectoryA
FindClose
FindFirstFileA
lstrlenA
ResumeThread
SetThreadPriority
Sleep
MultiByteToWideChar
RaiseException
GetEnvironmentVariableA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLocalTime
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
OutputDebugStringA
CreateFileA
GetFileAttributesA
CopyFileA
LeaveCriticalSection
CreateDirectoryA
GetFileAttributesExA
GetCurrentProcess
Process32Next
OpenProcess
GetLongPathNameA
Module32First
Process32First
CreateToolhelp32Snapshot
Module32Next
TerminateProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEvent
SystemTimeToFileTime
ResetEvent
CreateEventA
MoveFileA
SetEndOfFile
SetFileTime
GetFullPathNameA
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
lstrcpyA
lstrcatA
GetShortPathNameA
MoveFileExA
CreateProcessA
SetEnvironmentVariableA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
lstrcpynA
WritePrivateProfileStringA
DeleteFileA
GetPrivateProfileStringA
InterlockedExchange
GetPrivateProfileIntA
WideCharToMultiByte
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetFileSize
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
GetCommandLineA
GetCurrentThreadId
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

EnumChildWindows
PostMessageA
GetWindowTextA
GetClassNameA
GetWindowThreadProcessId
EnumWindows
SendMessageTimeoutA
KillTimer
SetTimer

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
GetTokenInformation
LookupAccountSidA
DuplicateTokenEx
ImpersonateLoggedOnUser
CreateProcessAsUserA
RevertToSelf
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoInitializeEx
OleUninitialize
OleInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString

shlwapi

PathFileExistsA
PathFindExtensionA
PathGetDriveNumberA

wininet

HttpOpenRequestA
InternetOpenUrlA
InternetReadFileExA
InternetOpenA
InternetSetOptionA
HttpQueryInfoA
InternetConnectA
InternetSetStatusCallback
InternetCloseHandle
InternetCrackUrlA
InternetCanonicalizeUrlA
HttpSendRequestA

wsock32

socket
ioctlsocket
setsockopt
htons
inet_addr
bind
WSAStartup
WSACleanup
closesocket
sendto
recvfrom
WSASetLastError

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

CreateUpdateSession
InitLog
SDDnsQuery
SDDownloadFile

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

71d14b0f0222fd20807066b7461e25e0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

wsock32

version

Exports

Exports

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 20KB - Virtual size: 17KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 20KB - Virtual size: 17KB

.rmnet
Size: 60KB - Virtual size: 60KB