0258251f7b4260cd5e579447ad3a1840eeb4ad038fd195aa79f48ab3397be005

Sharing

Copy URL Twitter E-mail

General

Target

0258251f7b4260cd5e579447ad3a1840eeb4ad038fd195aa79f48ab3397be005
Size

32KB
MD5

21f1e957e41a6731a4c95f652293760c
SHA1

aeee8bdd92f9adc0ec0bd6aec511304c3ed65882
SHA256

0258251f7b4260cd5e579447ad3a1840eeb4ad038fd195aa79f48ab3397be005
SHA512

49f28a3aff366348d91d2a77371d5570bf7d1a1dae5d015e9cd8cfdef2dd237e4fd47b0213992110fd9ab8f103b180f038ff281f8a00cdfa99573c58c2a0addc
SSDEEP

384:aPghOVp4kAlA9WGvk56+OJqRD031eX2v8xBPITSUcHd:e4VMOtFDU8X2v8PPwN8d

Score

N/A

Malware Config

Signatures

Files

0258251f7b4260cd5e579447ad3a1840eeb4ad038fd195aa79f48ab3397be005
.dll regsvr32 windows x86

8ebbd2fdd2f39545e985564cfd9460f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4129
ord5856
ord6663
ord5710
ord941
ord858
ord6385
ord537
ord803
ord543
ord3584
ord540
ord825
ord800
ord2818
ord2614
ord860
ord354
ord5186
ord3318
ord5773
ord5442
ord1979
ord665
ord823

msvcrt

_adjust_fdiv
_initterm
_onexit
free
wcscmp
malloc
atoi
strchr
_except_handler3
strstr
wcslen
wcsstr
sprintf
__dllonexit

kernel32

GetCurrentProcess
TerminateProcess
GetSystemDirectoryA
DeleteFileA
MultiByteToWideChar
GetModuleFileNameA
WideCharToMultiByte
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
Sleep
CloseHandle
CreateFileA
ReadFile
SetFilePointer
AreFileApisANSI
GetCommandLineW
VirtualProtect
IsBadReadPtr
lstrcmpiA
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
CreateThread
GetWindowsDirectoryA
WaitForSingleObject
WinExec
GetTempPathA
VirtualAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
InitializeCriticalSection
VirtualFree
DeleteCriticalSection
WriteFile
CopyFileA

user32

EnumWindows
IsWindowVisible
GetWindowTextA
GetSystemMetrics
wsprintfA
GetDesktopWindow
ShowWindow
SetWindowPos
GetWindowDC
GetWindowRect

gdi32

CreateCompatibleDC
SelectObject
GetDeviceCaps
CreateCompatibleBitmap
DeleteObject
BitBlt

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyA

gdiplus

GdiplusStartup
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipDrawImageI
GdipSaveImageToFile
GdipDeleteGraphics
GdipDisposeImage
GdipScaleWorldTransform

wininet

InternetCloseHandle
InternetReadFile
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetOpenUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
St

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ebbd2fdd2f39545e985564cfd9460f9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

gdiplus

wininet

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB