9d754381aaa796a231c197612dbcb590f846dba7a97b592c507864c6f006ce59

Sharing

Copy URL Twitter E-mail

General

Target

9d754381aaa796a231c197612dbcb590f846dba7a97b592c507864c6f006ce59
Size

246KB
MD5

4479423b96a7943255595de95cd9b3fa
SHA1

1b762985f3532fc6eec6690577de84bec28cf8e7
SHA256

9d754381aaa796a231c197612dbcb590f846dba7a97b592c507864c6f006ce59
SHA512

e1877a2eaa3a2f38c897633b414f686244e534294ac1e8d2e0daf1bb72e3ae3c2da311decfa703c3c4e30ab430bd1642b4a4993d6a1d09b899d467460ab1a3f7
SSDEEP

6144:1qFzUdfmz2FFTxt4Qzk/uZp5sY8sX6fcNz:1qx2FnaQI/QzsPsX6

Score

1^/10

Malware Config

Signatures

Files

9d754381aaa796a231c197612dbcb590f846dba7a97b592c507864c6f006ce59
.dll windows x86

a1ab249511c273fd669c802aac0e4e9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcessHeap
IsBadReadPtr
SetLastError
GetProcAddress
LoadLibraryA
VirtualProtect
lstrcmpiA
GetCurrentThreadId
ExitProcess
CreateFileA
SetPriorityClass
InterlockedDecrement
Process32First
GetTickCount
GetCurrentThread
WriteFile
GetDriveTypeA
OpenProcess
GlobalAlloc
WideCharToMultiByte
GetFileAttributesA
TerminateProcess
FileTimeToSystemTime
lstrcatA
GetEnvironmentVariableA
MultiByteToWideChar
SetThreadPriority
GetShortPathNameA
GlobalFree
Process32Next
GlobalMemoryStatusEx
GetModuleHandleA
CreateToolhelp32Snapshot
GetFileTime
GetDiskFreeSpaceExA
GetVersionExA
DeleteFileA
lstrcpyA
SetErrorMode
SetUnhandledExceptionFilter
CreateMutexA
ReadFile
HeapAlloc
LocalFree
InitializeCriticalSection
FlushFileBuffers
CreateFileW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
FreeLibrary
lstrlenA
GetNativeSystemInfo
GetCurrentProcessId
CancelIo
GetModuleFileNameA
GetSystemInfo
ResetEvent
GetCurrentProcess
WinExec
InterlockedExchange
CreateProcessA
TerminateThread
CloseHandle
GetLastError
CreateEventA
Sleep
SetEvent
WaitForSingleObject
VirtualAlloc
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
VirtualQuery
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
LCMapStringW
HeapSize
RtlUnwind
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
UnhandledExceptionFilter
GetLocaleInfoW
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
GetModuleHandleW
DecodePointer
GetSystemTimeAsFileTime
HeapReAlloc
ExitThread
CreateThread
GetCommandLineA
IsProcessorFeaturePresent
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
EncodePointer
InitializeCriticalSectionAndSpinCount

user32

GetUserObjectInformationA
GetLastInputInfo
wsprintfA
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
ExitWindowsEx
CloseDesktop

advapi32

RegEnumValueA
CloseEventLog
RegCloseKey
AdjustTokenPrivileges
OpenEventLogA
RegOpenKeyA
CheckTokenMembership
ClearEventLogA
FreeSid
OpenProcessToken
AllocateAndInitializeSid
RegQueryInfoKeyA
RegOpenKeyExA
LookupPrivilegeValueA
LookupAccountSidA
RegQueryValueExA
RegSetValueExA
GetTokenInformation

shell32

ShellExecuteExA

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

ws2_32

send
gethostbyname
closesocket
socket
recv
setsockopt
htons
select
WSAStartup
connect
WSAIoctl
getsockname
gethostname
WSACleanup

psapi

GetModuleFileNameExA

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

avicap32

capGetDriverDescriptionA

Exports

Exports

FindUser
GetGameVersion
miniupdate
update
userfind

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1ab249511c273fd669c802aac0e4e9b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

psapi

wininet

avicap32

Exports

Exports

Sections

.text Size: 146KB - Virtual size: 146KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 10KB - Virtual size: 10KB