d03fe75ed56118c399ce63884bc47e06d4b595d5961bab6c6748b135d84116c7

Sharing

Copy URL Twitter E-mail

General

Target

d03fe75ed56118c399ce63884bc47e06d4b595d5961bab6c6748b135d84116c7
Size

4.3MB
MD5

0fd8853d621a4e2dc80098fe8ac1dd3f
SHA1

e4fea875ebec1e86915bb49abc1bfe5a365bff00
SHA256

d03fe75ed56118c399ce63884bc47e06d4b595d5961bab6c6748b135d84116c7
SHA512

940dd8a7175c30158a75e910c1159dddbe013c66b61007589385dae0757630b66519a6b20ccf43d00c611d1cc9c40574c4e61ab85051b417f90aa8097052fff6
SSDEEP

98304:2CfXLZYD0wQvAObdYhiZPYOOQbAILoGBKRyKvE:2CHbdYkZPY1QEILoGBWyKvE

Score

1^/10

Malware Config

Signatures

Files

d03fe75ed56118c399ce63884bc47e06d4b595d5961bab6c6748b135d84116c7
.dll windows x86

4f0f5b6727b07a98feac15c550be89e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
StrStrIW
PathAppendW

crypt32

CryptMsgClose
CertGetNameStringW
CryptQueryObject
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam

kernel32

MoveFileW
FreeResource
FindResourceW
LoadResource
WriteFile
SizeofResource
CreateFileW
FlushFileBuffers
CloseHandle
GetWindowsDirectoryW
FreeLibrary
LoadLibraryW
GetLocalTime
GetFileSize
lstrlenA
FileTimeToSystemTime
ReadFile
FileTimeToLocalFileTime
GetEnvironmentVariableW
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
GetUserDefaultLangID
GetLogicalDriveStringsW
QueryDosDeviceW
WaitForSingleObject
DeleteFileW
DisableThreadLibraryCalls
GetLastError
GetTempPathW
GetModuleFileNameW
IsBadReadPtr
IsBadStringPtrW
GetTempFileNameW
InterlockedExchange
CopyFileW
GetTickCount
DeviceIoControl
GetProcAddress
OpenProcess
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateMutexW
OpenMutexW
ReleaseMutex
SearchPathW
GetModuleHandleW
GetVersionExW
LockResource
GetSystemInfo
lstrcmpiW
WideCharToMultiByte
GetACP
MultiByteToWideChar
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
GetShortPathNameW
ResumeThread
SetEvent
ResetEvent
CreateEventW
OpenEventW
ExpandEnvironmentStringsW
MoveFileExW
FindNextFileW
HeapAlloc
HeapFree
GetProcessHeap
GlobalAlloc
GlobalFree
LocalFree
GetCurrentProcess
CreateDirectoryW
CreateThread
LoadLibraryExW
GetDiskFreeSpaceW
GetVolumeInformationW
CreateProcessW
GetExitCodeProcess
WaitForMultipleObjects
GetFileAttributesW
SetEndOfFile
SetFileTime
GetFileTime
FormatMessageW
GetFullPathNameW
GetSystemDirectoryW
lstrlenW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
LoadLibraryA
GlobalMemoryStatusEx
InitializeCriticalSectionAndSpinCount
lstrcatW
lstrcpyW
GetFileSizeEx
SetLastError
GetStringTypeW
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
ExitThread
RaiseException
RtlUnwind
GetCPInfo
FatalAppExitA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCurrentThread
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
SetConsoleCtrlHandler
OutputDebugStringW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
QueryPerformanceFrequency
Sleep
InterlockedExchangeAdd
TerminateThread
FindClose
GetDriveTypeW

user32

wsprintfW

advapi32

CreateServiceW
OpenSCManagerW
AdjustTokenPrivileges
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegFlushKey
RegDeleteValueW
OpenServiceW
StartServiceW
ChangeServiceConfigW
CloseServiceHandle
LookupPrivilegeNameW
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenCurrentUser
SetNamedSecurityInfoW
LookupPrivilegeValueW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetProcessImageFileNameW

Exports

Exports

ExportFunc1
ExportFunc10
ExportFunc11
ExportFunc12
ExportFunc13
ExportFunc2
ExportFunc3
ExportFunc4
ExportFunc5
ExportFunc6
ExportFunc7
ExportFunc8
ExportFunc9

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 974KB - Virtual size: 987KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f0f5b6727b07a98feac15c550be89e1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

crypt32

kernel32

user32

advapi32

shell32

version

psapi

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 481KB - Virtual size: 481KB

.data Size: 974KB - Virtual size: 987KB

.rsrc Size: 458KB - Virtual size: 458KB

.reloc Size: 107KB - Virtual size: 107KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 481KB - Virtual size: 481KB

.data
Size: 974KB - Virtual size: 987KB

.rsrc
Size: 458KB - Virtual size: 458KB

.reloc
Size: 107KB - Virtual size: 107KB