c971e532dab16ebd11ebd48feaa8702a7093ce366ae042de1a99b22f8217ef74

Sharing

Copy URL Twitter E-mail

General

Target

c971e532dab16ebd11ebd48feaa8702a7093ce366ae042de1a99b22f8217ef74
Size

889KB
MD5

39523114482adc6d3513f30033711f92
SHA1

dcc5f93d22ea7cf0ab1b5b287915880adb5dd824
SHA256

c971e532dab16ebd11ebd48feaa8702a7093ce366ae042de1a99b22f8217ef74
SHA512

bc86b82ae28b801d8510b1aaf93530c5414b535cf1a0286af64ec5aefcfdf4adb480cb1a8077ed4c73232dfadd0c85ca41038885245c649c36f2d630d4440844
SSDEEP

24576:hN1VYgL/obw5Jhvm3hrkp2N3KNsOIfKPAxDbTpup:hN1igL/obWOdN3KbsDbTpup

Score

1^/10

Malware Config

Signatures

Files

c971e532dab16ebd11ebd48feaa8702a7093ce366ae042de1a99b22f8217ef74
.dll windows x86

aaf7cc8014ac893100611208db157608

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ReleaseMutex
GetFileSizeEx
LoadLibraryW
FreeLibrary
GetCurrentProcess
GetModuleHandleW
ReadProcessMemory
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Process32NextW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetFullPathNameW
TerminateThread
CreateThread
FindClose
GetVersionExW
FlushFileBuffers
LocalAlloc
CreateFileA
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
CreateProcessW
ProcessIdToSessionId
GetUserDefaultLangID
FileTimeToLocalFileTime
DeleteFileA
TryEnterCriticalSection
InterlockedExchange
LoadLibraryA
GetVersionExA
GetFileAttributesA
GetTempPathA
GetTempPathW
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetSystemTime
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentDirectoryA
FindFirstFileA
GetDriveTypeA
ExitThread
FormatMessageA
SetLastError
SetFilePointer
GetLocalTime
SetEndOfFile
GetCurrentProcessId
GetTickCount
InterlockedCompareExchange
CreateMutexW
WaitForSingleObject
GetFileSize
QueryDosDeviceW
GetLogicalDriveStringsW
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetEvent
CreateEventW
OpenProcess
WideCharToMultiByte
GetModuleFileNameW
CloseHandle
ReadFile
CreateFileW
CreateDirectoryW
GetFileAttributesW
GetPrivateProfileStringW
FindResourceExW
DeleteFileW
LoadResource
LockResource
SizeofResource
FindResourceW
LocalFree
GetLastError
MultiByteToWideChar
lstrlenA
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
GetProcAddress
lstrlenW
Sleep
ExpandEnvironmentStringsA
SleepEx
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
CompareStringW
CompareStringA
GetModuleFileNameA
GetStdHandle
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
TlsFree
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
RtlUnwind
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
RaiseException
HeapSize
HeapDestroy
GetModuleHandleA

user32

UnregisterClassA
CharLowerA
wsprintfW

advapi32

CryptDestroyKey
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenServiceW
OpenSCManagerW
OpenProcessToken
ConvertSidToStringSidW
RegQueryValueExW
CloseServiceHandle
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyW

shell32

ShellExecuteW
ShellExecuteExW

ole32

CLSIDFromString
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
CoGetObject
StringFromGUID2
CoCreateGuid

shlwapi

PathRemoveFileSpecW
PathAppendW
PathRemoveArgsW
PathParseIconLocationW
PathAddBackslashW
PathFindFileNameW
PathFileExistsW
PathFileExistsA
StrToIntW
PathMakePrettyW
PathCanonicalizeW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSACleanup
getaddrinfo
closesocket
WSASetEvent
WSACreateEvent
WSARecv
freeaddrinfo
WSAGetOverlappedResult
WSASend
WSAStartup
ioctlsocket
select
__WSAFDIsSet
socket
connect
WSACloseEvent
setsockopt
getpeername
WSAResetEvent
WSAEnumNetworkEvents
WSAConnect
WSAGetLastError
WSASocketW
WSAEventSelect
WSASetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt

crypt32

CertNameToStrW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

Exports

Exports

DllCanUnloadNow
DllGetClassObject
RunApp
_sqlite3_key_interop@12
_sqlite3_rekey_interop@12

Sections

.text
Size: 740KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aaf7cc8014ac893100611208db157608

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

ws2_32

crypt32

wtsapi32

Exports

Exports

Sections

.text Size: 740KB - Virtual size: 739KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 28KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 32KB

.text
Size: 740KB - Virtual size: 739KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 28KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 32KB