4e62e16a2809fe5cd45d5d5f97a80088825119ec77f39e92c18c826892df282a

Sharing

Copy URL

Twitter E-mail

General

Target

4e62e16a2809fe5cd45d5d5f97a80088825119ec77f39e92c18c826892df282a
Size

2.4MB
MD5

b8aca45c75b69fa4dd2c591ec09402a9
SHA1

5408f0dd6210c09ed1a97a92db16869d1ae0473e
SHA256

4e62e16a2809fe5cd45d5d5f97a80088825119ec77f39e92c18c826892df282a
SHA512

cface80db8bc0d93b79b2ae01c540eeeb3ce21efe45abcd1fed9e7561b58b0b47cf59828e747ceb35116e8abf75210e36c49a534b16ea27504f7efac0330503e
SSDEEP

49152:llgpgzE7lZn07+0m/tOVJYKRJOP27Nr9rmiURhpHnqykN/VYz:llgpUE7rneRatWJYUf7NrnURnnqy

Score

1^/10

Malware Config

Signatures

Files

4e62e16a2809fe5cd45d5d5f97a80088825119ec77f39e92c18c826892df282a
.dll windows x86

61af4fb3d381a4bcd00b1c5841fc2b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
LoadResource
LockResource
SizeofResource
MoveFileExW
RemoveDirectoryW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
LocalFree
LocalAlloc
GetCurrentProcess
GetModuleHandleW
GetProcAddress
CopyFileW
GetSystemDirectoryW
GetProcessHeap
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
lstrlenW
DeleteFileW
OpenProcess
GetLogicalDriveStringsW
GetCurrentProcessId
VirtualFree
VirtualAlloc
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
QueryDosDeviceW
UnmapViewOfFile
OpenFileMappingW
SetConsoleMode
ReadConsoleInputA
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
WritePrivateProfileStringW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetFileSize
ReadFile
LoadLibraryW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GlobalAlloc
GlobalFree
GetExitCodeProcess
CreateProcessW
GetVolumeInformationW
GetTickCount
GetSystemInfo
GetVersionExW
SetFileAttributesW
WriteFile
lstrcpyW
GetFileAttributesExW
FreeResource
VirtualProtect
SetLastError
CreateFileMappingW
LoadLibraryA
IsBadReadPtr
FindResourceExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameA
GetLongPathNameW
ReleaseMutex
CreateMutexW
DeviceIoControl
OutputDebugStringA
SetPriorityClass
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
ExitProcess
GetModuleHandleExW
GetFullPathNameW
GetACP
GetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
GetDriveTypeW
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetCurrentDirectoryW
SetEndOfFile
FreeLibraryAndExitThread
ExitThread
GlobalMemoryStatus
FlushConsoleInputBuffer
SystemTimeToFileTime
GetSystemTime
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
SleepEx
GetFileAttributesExA
GetTempPathW
CreateFileW
MapViewOfFile
VerSetConditionMask
GetWindowsDirectoryW
GetPrivateProfileIntW
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
CloseHandle
TerminateThread
GetExitCodeThread
Sleep
GetNativeSystemInfo
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
GetPrivateProfileStringW

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW

advapi32

CryptEnumProvidersA
LookupAccountSidW
GetTokenInformation
ImpersonateLoggedOnUser
DuplicateTokenEx
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
DeleteService
ControlService
StartServiceW
OpenServiceW
ChangeServiceConfig2W
CloseServiceHandle
CreateServiceW
OpenSCManagerW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueW
RegCreateKeyW
RevertToSelf
OpenProcessToken
SetFileSecurityW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityW
LookupAccountNameW
CryptSignHashA
CryptDestroyHash
CryptCreateHash
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

shell32

SHGetFolderPathW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

shlwapi

SHDeleteKeyW
PathFileExistsW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules

crypt32

CertFreeCertificateContext
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW
CertFindCertificateInStore
CryptMsgClose
CertCloseStore

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wldap32

ord41
ord22
ord26
ord50
ord32
ord33
ord60
ord211
ord46
ord35
ord79
ord30
ord27
ord217
ord200
ord301
ord143

ws2_32

closesocket
bind
send
connect
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
getpeername
getsockname
getsockopt
getservbyname
gethostbyname
htonl
shutdown
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
htons
setsockopt
recv
ntohs
WSAIoctl

Exports

Exports

Run

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61af4fb3d381a4bcd00b1c5841fc2b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

psapi

crypt32

iphlpapi

version

wldap32

ws2_32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 453KB - Virtual size: 453KB

.data Size: 45KB - Virtual size: 82KB

.gfids Size: 512B - Virtual size: 424B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 335KB - Virtual size: 335KB

.reloc Size: 78KB - Virtual size: 77KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 453KB - Virtual size: 453KB

.data
Size: 45KB - Virtual size: 82KB

.gfids
Size: 512B - Virtual size: 424B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 335KB - Virtual size: 335KB

.reloc
Size: 78KB - Virtual size: 77KB