General
-
Target
2796-28-0x0000000003AE0000-0x0000000003D21000-memory_unmapped.dmp
-
Size
172KB
-
MD5
00e15080c6878c5a9cf3204d8f23aaeb
-
SHA1
cab66cee9f720799e52995f961b790bdfdf5c007
-
SHA256
c8b51d1a946d605c66ebe4e459d2a680d3122df8c87ab7a5f9a0863693f864a3
-
SHA512
9baf2c693aa2ee79283a460050fdfc9c30e357fd5e036ed46f1c98fc02c83c5186439b67e75272b4c49841271e56bbfe29d7377647b2860082dc72ecdea4bff6
-
SSDEEP
3072:cH/CDIzhlkZG+jZGZGfnzqa6rZy2zJHI4LWtwZ/fpcgeUredsagzE/E:7IobjA8fzqa6F7HI4LWtwJCghF
Malware Config
Signatures
Files
-
2796-28-0x0000000003AE0000-0x0000000003D21000-memory_unmapped.dmp.exe windows:5 windows x86 arch:x86
7b5a8d7a6a007050bb3907e879153095
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_EH_prolog
memset
memcmp
strcmp
rand
strncpy
malloc
_wtoi64
atexit
??_V@YAXPAX@Z
memchr
strcpy_s
_time64
__CxxFrameHandler3
strtok_s
strchr
memcpy
??_U@YAPAXI@Z
strlen
memmove
srand
kernel32
LCMapStringW
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetCurrentProcess
FlsAlloc
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
ConvertDefaultLocale
SetCriticalSectionSpinCount
GetLastError
ReadFile
CloseHandle
WriteFile
CreateFileW
GetTempPathW
Sleep
GetProcAddress
lstrlenA
GetStringTypeW
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
VirtualQueryEx
OpenProcess
GetComputerNameA
FileTimeToSystemTime
CreateProcessA
WaitForSingleObject
CreateThread
GetDriveTypeA
GetLogicalDriveStringsA
CreateDirectoryA
LoadLibraryA
SetFilePointer
GetFileSize
GetFileInformationByHandle
lstrcpyA
MapViewOfFile
CreateFileMappingA
CreateFileA
SystemTimeToFileTime
GetLocalTime
GetTickCount
lstrcatA
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsSetValue
TlsGetValue
GetModuleFileNameW
GetStdHandle
GetModuleHandleW
RtlUnwind
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateProcess
DecodePointer
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
user32
GetDesktopWindow
wsprintfW
MessageBoxA
GetWindowContextHelpId
GetWindowLongW
RegisterClassW
IsWindowVisible
IsDialogMessageW
CharToOemA
advapi32
RegOpenKeyExA
RegGetValueA
GetUserNameA
GetCurrentHwProfileA
shell32
SHFileOperationA
ole32
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
oleaut32
VariantInit
SysAllocString
SysFreeString
VariantClear
shlwapi
ord155
Sections
.text Size: 113KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ