791e4390bbebd675d5cd6ddf5f8e34f457a916b75a668e295d49021fbd64fbdc

Sharing

Copy URL

Twitter E-mail

General

Target

791e4390bbebd675d5cd6ddf5f8e34f457a916b75a668e295d49021fbd64fbdc
Size

276KB
MD5

03faa420b09b4dbff7eba1a7defc1182
SHA1

d387564a4ec5a08cee7afa6c707f65d9b49a96a9
SHA256

791e4390bbebd675d5cd6ddf5f8e34f457a916b75a668e295d49021fbd64fbdc
SHA512

98cd96cb38ca02017865be212c9d8d885fb2d1d4288b75c8f2014ec3486404d5d33b85b7c4ed1e362b28026ad3cdb2d60ae9f3849c04bb8df6cf7280d8288b6c
SSDEEP

3072:IdgW8CWbpIroYa9bRPVMO13zIhaJ526326AQsTO9JkokZms0kr6IC7e3:ImW8CWbija7VMO13zKaJ063RPs9r6P7

Score

N/A

Malware Config

Signatures

Files

791e4390bbebd675d5cd6ddf5f8e34f457a916b75a668e295d49021fbd64fbdc
.dll regsvr32 windows x86

53680ee685ecccdf49e4e9bfd5a809d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
TerminateProcess
SetFileAttributesA
GetFileAttributesA
Sleep
DeleteFileA
WideCharToMultiByte
CreateDirectoryA
GetLocalTime
CopyFileA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateProcessA
Module32Next
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcatA
lstrcpyA
GetShortPathNameA
GetEnvironmentVariableA
GetTickCount
GetSystemTime
CreateRemoteThread
GetModuleHandleA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
ResumeThread
HeapFree
HeapAlloc
GetProcessHeap
GetCommandLineA
GetCommandLineW
OpenMutexA
GetTempPathA
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerA
LockResource
FreeResource
LoadResource
SizeofResource
FindResourceA
LoadLibraryExA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
DuplicateHandle
FindClose
FindNextFileA
FindFirstFileA
GetVolumeInformationA
ExitProcess
GetCurrentProcessId
Toolhelp32ReadProcessMemory
IsBadCodePtr
SetUnhandledExceptionFilter
RaiseException
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetCurrentProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynA
GetLastError
FormatMessageA
LocalFree
SetLastError
GetWindowsDirectoryA
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
GetVersion
RtlUnwind
GetTimeZoneInformation
HeapReAlloc
lstrlenA
GetModuleFileNameA
DisableThreadLibraryCalls
GetCurrentDirectoryA
GetFileSize
SetFilePointer
ReadFile
CreateFileA
WriteFile
GetLongPathNameA
CloseHandle

user32

wsprintfA
PostMessageA
KillTimer
FindWindowExA
GetWindowThreadProcessId
FindWindowA
DefWindowProcA
RegisterClassExA
CreateWindowExA
SetTimer
MessageBoxA
ShowWindow
SetWindowLongA
SendMessageA
IsWindowVisible
GetWindowRect
SetWindowPos
GetParent
GetClassNameA
GetWindowTextA
GetDesktopWindow
EnumChildWindows

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
SetSecurityInfo
SetEntriesInAclA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteValueA
RegEnumValueA
RegCloseKey
RegQueryInfoKeyA
LookupAccountSidA
GetTokenInformation

shell32

SHChangeNotify
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
CommandLineToArgvW
ShellExecuteExA
SHGetPathFromIDListA

ole32

CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
CLSIDFromString

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
VariantChangeType

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

atl

ord16
ord21
ord18
ord57
ord23
ord15
ord32
ord30
ord31
ord58

psapi

GetModuleFileNameExA

shlwapi

SHDeleteKeyA

netapi32

Netbios

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 20.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53680ee685ecccdf49e4e9bfd5a809d9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

atl

psapi

shlwapi

netapi32

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 175KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 28KB - Virtual size: 20.0MB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 56KB - Virtual size: 53KB

.text
Size: 176KB - Virtual size: 175KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 28KB - Virtual size: 20.0MB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 56KB - Virtual size: 53KB