e270aba007b9207b3039184c8752a1d5c8e62f87b1d99e85c36d884876fe3683

Sharing

Copy URL Twitter E-mail

General

Target

e270aba007b9207b3039184c8752a1d5c8e62f87b1d99e85c36d884876fe3683
Size

547KB
MD5

8f6e40c7a8e09a8f20c5b3743aa89630
SHA1

a917b64b7554de35ad0acf8d171a06277f34182e
SHA256

e270aba007b9207b3039184c8752a1d5c8e62f87b1d99e85c36d884876fe3683
SHA512

c3b71b2e90b62fb5db7be73d89132914b56b66ae748488050cdf28a5a110525e6d8803156062954abfdbb0193e35bb91f5389bea0e14b2c06f1b7abdce9a99fd
SSDEEP

12288:FbQXVftPmwiVUtYsdqVzRuWVhyxMeAAKFvrcOKBsCpH8cNT4Ovew1sUcVbLg:FygpVZIbA/FRnCpBNT47w1sFVbLg

Score

1^/10

Malware Config

Signatures

Files

e270aba007b9207b3039184c8752a1d5c8e62f87b1d99e85c36d884876fe3683
.dll windows x86

094471ac4d170461f589dbb5ff7d8898

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
GetCurrentProcess
InterlockedCompareExchange
GetCurrentThread
VirtualFree
FlushInstructionCache
VirtualAlloc
VirtualProtect
GetCurrentThreadId
SuspendThread
FreeLibrary
Module32FirstW
CreateToolhelp32Snapshot
Module32NextW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
GetVersionExA
TlsAlloc
TlsFree
CopyFileExW
ReplaceFileW
MoveFileWithProgressW
CreateRemoteThread
VirtualFreeEx
lstrlenW
GetExitCodeThread
OutputDebugStringA
TlsGetValue
TlsSetValue
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
Thread32First
LoadLibraryW
Thread32Next
Process32FirstW
Process32NextW
OpenEventW
SleepEx
QueueUserAPC
SetEndOfFile
WaitForSingleObjectEx
CancelIo
DeviceIoControl
QueryDosDeviceW
RemoveDirectoryW
LocalAlloc
FindClose
lstrcpynW
GetVersionExW
FindFirstFileW
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFileAttributesA
CreateDirectoryA
OpenProcess
SetThreadContext
CreateProcessW
SetFileAttributesW
DeleteFileW
CreateEventW
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GetFileAttributesW
GlobalAlloc
GlobalLock
GetProcAddress
GetModuleHandleW
ExitProcess
GetModuleFileNameW
CreateFileA
GetLastError
CreateFileW
ReadFile
SetFilePointer
GetThreadContext
ResumeThread
WriteProcessMemory
VirtualAllocEx
VirtualProtectEx
SetLastError
GetCurrentProcessId
CloseHandle
ReleaseMutex
GetFileAttributesExW
GetFileSizeEx
CreateEventA
Sleep
TerminateThread
WriteFile
GetTickCount
GetVolumeInformationA
GetDriveTypeA
GetProcessHeap
HeapFree
HeapAlloc
WriteConsoleW
FlushFileBuffers
HeapReAlloc
GetLogicalDrives
GetDriveTypeW
GetModuleFileNameA
LocalFree
ProcessIdToSessionId
OpenMutexW
GetStartupInfoW
GetSystemDirectoryW
GetLocalTime
SetEvent
WaitForSingleObject
SetFilePointerEx
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
MoveFileExW
HeapDestroy
HeapCreate
GetConsoleMode
GetConsoleCP
SetStdHandle
LCMapStringW
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetStdHandle
VirtualQueryEx
TerminateProcess
CreateMutexW
SetHandleCount
HeapSize
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
ExitThread
RaiseException
GetCommandLineA
GetFileType
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetSystemDirectoryA
FindNextFileW

user32

GetAsyncKeyState
GetMenuItemCount
GetMenuItemInfoW
EnumThreadWindows
IsWindowVisible
PostMessageW
mouse_event
SendMessageW
GetSystemMetrics
ReleaseDC
GetDC
FillRect
GetWindowDC
CreateWindowExW
EnumChildWindows
GetClassNameW
GetWindowTextW
SetClipboardData
CountClipboardFormats
OpenClipboard
EmptyClipboard
GetClipboardData
EnumClipboardFormats
IsClipboardFormatAvailable
GetPriorityClipboardFormat
CloseClipboard
GetWindowThreadProcessId
GetCursorPos
WindowFromPoint
GetWindowLongW
GetParent
UpdateWindow
UnhookWindowsHookEx
SetWindowsHookExW
GetKeyNameTextW
DispatchMessageA
IsWindow
DefWindowProcA
CreateWindowExA
TrackPopupMenu
LoadIconW
TranslateMessage
CallNextHookEx
LoadCursorW
GetKeyState
PostQuitMessage
RegisterClassExA
GetMessageW
SetMenuItemInfoW
EnableMenuItem
InsertMenuItemW
CreateDialogParamW
wsprintfW
wsprintfA
CharUpperW

gdi32

EndPage
BitBlt
StretchBlt
GetStockObject
StartPage
StartDocW
EndDoc

winspool.drv

OpenPrinterW
StartDocPrinterW
StartPagePrinter
ClosePrinter
EndDocPrinter

advapi32

ConvertSidToStringSidW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExA
OpenProcessToken
ConvertSidToStringSidA
GetTokenInformation
RegSetValueExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExW

shell32

SHCreateDirectoryExW
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExA
DragQueryFileW
CommandLineToArgvW
ShellExecuteExW

ole32

CoCreateGuid
OleGetClipboard
CoCreateInstance
DoDragDrop
ReleaseStgMedium
CoTaskMemFree

shlwapi

PathFileExistsW
wnsprintfA
wnsprintfW
PathIsNetworkPathW
PathFindFileNameW
StrStrIW
SHGetValueW
PathAppendW
ord219
wvnsprintfA
PathMatchSpecW
StrStrW
PathFileExistsA
SHSetValueA
SHSetValueW
StrCmpIW
SHDeleteValueA
PathAppendA
SHEnumValueA
PathAddBackslashW
StrToIntExA
PathFindFileNameA

ws2_32

connect
htons
inet_addr
WSASocketW
WSAGetLastError
closesocket
WSASend
WSARecv
socket
WSAGetOverlappedResult

iphlpapi

GetAdaptersAddresses

netapi32

Netbios

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcesses

Exports

Exports

InstallHook
LdrInjectDll
StartInjectDingTalk
StartInjectQQOnX86
UnistallHook

Sections

.text
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sharedx
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

094471ac4d170461f589dbb5ff7d8898

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

shlwapi

ws2_32

iphlpapi

netapi32

version

psapi

Exports

Exports

Sections

.text Size: 336KB - Virtual size: 336KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 10KB - Virtual size: 37KB

.detourc Size: 13KB - Virtual size: 13KB

.detourd Size: 512B - Virtual size: 36B

.shared Size: 512B - Virtual size: 16B

.sharedx Size: 512B - Virtual size: 4B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 336KB - Virtual size: 336KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 10KB - Virtual size: 37KB

.detourc
Size: 13KB - Virtual size: 13KB

.detourd
Size: 512B - Virtual size: 36B

.shared
Size: 512B - Virtual size: 16B

.sharedx
Size: 512B - Virtual size: 4B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 31KB - Virtual size: 31KB