1e468d25f2bc2e5d777e0fcd42e9e8193a77c609f831500d2b3c5f6e68256385

Sharing

Copy URL Twitter E-mail

General

Target

1e468d25f2bc2e5d777e0fcd42e9e8193a77c609f831500d2b3c5f6e68256385
Size

3.9MB
MD5

a96fed65b19ebd069742ba657b1707f9
SHA1

377cd1b66eb5bb23d9d84a83b2f380bca3fa6963
SHA256

1e468d25f2bc2e5d777e0fcd42e9e8193a77c609f831500d2b3c5f6e68256385
SHA512

e4770237de283d2f9a664c43f263426dc44bd56df4b2b4e029e32176b153dff28d4b6505010c19425295263073d075d167b7c82da4970754eeecbd69df7f529c
SSDEEP

98304:2CfXLZYD0wQvAObdYhiZPYOOQbAILoGBKRyl:2CHbdYkZPY1QEILoGBWyl

Score

1^/10

Malware Config

Signatures

Files

1e468d25f2bc2e5d777e0fcd42e9e8193a77c609f831500d2b3c5f6e68256385
.dll windows x86

4f0f5b6727b07a98feac15c550be89e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
StrStrIW
PathAppendW

crypt32

CryptMsgClose
CertGetNameStringW
CryptQueryObject
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam

kernel32

MoveFileW
FreeResource
FindResourceW
LoadResource
WriteFile
SizeofResource
CreateFileW
FlushFileBuffers
CloseHandle
GetWindowsDirectoryW
FreeLibrary
LoadLibraryW
GetLocalTime
GetFileSize
lstrlenA
FileTimeToSystemTime
ReadFile
FileTimeToLocalFileTime
GetEnvironmentVariableW
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
GetUserDefaultLangID
GetLogicalDriveStringsW
QueryDosDeviceW
WaitForSingleObject
DeleteFileW
DisableThreadLibraryCalls
GetLastError
GetTempPathW
GetModuleFileNameW
IsBadReadPtr
IsBadStringPtrW
GetTempFileNameW
InterlockedExchange
CopyFileW
GetTickCount
DeviceIoControl
GetProcAddress
OpenProcess
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateMutexW
OpenMutexW
ReleaseMutex
SearchPathW
GetModuleHandleW
GetVersionExW
LockResource
GetSystemInfo
lstrcmpiW
WideCharToMultiByte
GetACP
MultiByteToWideChar
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
GetShortPathNameW
ResumeThread
SetEvent
ResetEvent
CreateEventW
OpenEventW
ExpandEnvironmentStringsW
MoveFileExW
FindNextFileW
HeapAlloc
HeapFree
GetProcessHeap
GlobalAlloc
GlobalFree
LocalFree
GetCurrentProcess
CreateDirectoryW
CreateThread
LoadLibraryExW
GetDiskFreeSpaceW
GetVolumeInformationW
CreateProcessW
GetExitCodeProcess
WaitForMultipleObjects
GetFileAttributesW
SetEndOfFile
SetFileTime
GetFileTime
FormatMessageW
GetFullPathNameW
GetSystemDirectoryW
lstrlenW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
LoadLibraryA
GlobalMemoryStatusEx
InitializeCriticalSectionAndSpinCount
lstrcatW
lstrcpyW
GetFileSizeEx
SetLastError
GetStringTypeW
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
ExitThread
RaiseException
RtlUnwind
GetCPInfo
FatalAppExitA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCurrentThread
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
SetConsoleCtrlHandler
OutputDebugStringW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
QueryPerformanceFrequency
Sleep
InterlockedExchangeAdd
TerminateThread
FindClose
GetDriveTypeW

user32

wsprintfW

advapi32

CreateServiceW
OpenSCManagerW
AdjustTokenPrivileges
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegFlushKey
RegDeleteValueW
OpenServiceW
StartServiceW
ChangeServiceConfigW
CloseServiceHandle
LookupPrivilegeNameW
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenCurrentUser
SetNamedSecurityInfoW
LookupPrivilegeValueW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetProcessImageFileNameW

Exports

Exports

ExportFunc1
ExportFunc10
ExportFunc11
ExportFunc12
ExportFunc13
ExportFunc2
ExportFunc3
ExportFunc4
ExportFunc5
ExportFunc6
ExportFunc7
ExportFunc8
ExportFunc9

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 974KB - Virtual size: 987KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f0f5b6727b07a98feac15c550be89e1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

crypt32

kernel32

user32

advapi32

shell32

version

psapi

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 481KB - Virtual size: 481KB

.data Size: 974KB - Virtual size: 987KB

.rsrc Size: 458KB - Virtual size: 458KB

.reloc Size: 107KB - Virtual size: 107KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 481KB - Virtual size: 481KB

.data
Size: 974KB - Virtual size: 987KB

.rsrc
Size: 458KB - Virtual size: 458KB

.reloc
Size: 107KB - Virtual size: 107KB