956ecb4afa437eafe56f958b34b6a78303ad626baee004715dc6634b7546bf85

Sharing

Copy URL Twitter E-mail

General

Target

956ecb4afa437eafe56f958b34b6a78303ad626baee004715dc6634b7546bf85
Size

819KB
MD5

2897721785645ad5b2a8fb524ed650c0
SHA1

d836fa75f0682b4c393418231aefca97169d551e
SHA256

956ecb4afa437eafe56f958b34b6a78303ad626baee004715dc6634b7546bf85
SHA512

f40e3cd7ab855c3d5513efb0c84b831a538226a8baa7d743368989dcb5461b3d0ef7dd5cdd9a538a48835aebe60044e9bfdc063e5fb19cce7fecabe213c2786a
SSDEEP

24576:Fg/lh7rH/i9rz+hwKzyUj/JGzwMgNx1EWsrbw4iaZ4gRrb4:Fg9h7e9rz+t/JGz5gXuWsrbw4iaqgRrM

Score

1^/10

Malware Config

Signatures

Files

956ecb4afa437eafe56f958b34b6a78303ad626baee004715dc6634b7546bf85
.dll windows x86

fadf54554241c990b4607d042e11e465

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
GetVersion
VirtualProtectEx
GetProcessHeap
Sleep
GetLocalTime
OpenMutexW
CreateEventW
LoadLibraryW
GetEnvironmentVariableW
CreateFileW
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
CloseHandle
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapSize
SetStdHandle
SetEnvironmentVariableW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
MultiByteToWideChar
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
GetCurrentThread
HeapFree
HeapAlloc
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateThread

ole32

OleInitialize
OleUninitialize

mprapi

MprConfigInterfaceTransportGetInfo
MprConfigInterfaceTransportGetHandle
MprConfigInterfaceTransportEnum
MprConfigServerBackup
MprAdminMIBEntryGetNext
MprAdminMIBEntrySet
MprConfigInterfaceTransportRemove
MprConfigInterfaceTransportSetInfo

Exports

Exports

Dropleave
GlassExercise
Mehope
Top

Sections

.text
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 649KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fadf54554241c990b4607d042e11e465

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

mprapi

Exports

Exports

Sections

.text Size: 507KB - Virtual size: 507KB

.rdata Size: 284KB - Virtual size: 284KB

.data Size: 6KB - Virtual size: 649KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 507KB - Virtual size: 507KB

.rdata
Size: 284KB - Virtual size: 284KB

.data
Size: 6KB - Virtual size: 649KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB