ca95f266ef2eea6b863a0e5ba3685e1343839a806de7181c824addb2993af50a

Sharing

Copy URL Twitter E-mail

General

Target

ca95f266ef2eea6b863a0e5ba3685e1343839a806de7181c824addb2993af50a
Size

156KB
MD5

3f323b0afd8c21cb4db3ce062dbbdeca
SHA1

073832c74e299b336e991ffb6f81d410e5656449
SHA256

ca95f266ef2eea6b863a0e5ba3685e1343839a806de7181c824addb2993af50a
SHA512

eb6bda90c8e6e66a10e9e692cfeb8bef444f617bb9bf50bade5064330eeb806d87b90785056d720cdb30622119e77ce8bb3bbf1c0830533f0bca2d408bdb1e81
SSDEEP

3072:Ng4DzrVw2O01nQ8lV7qHAnQDZ34IuNiqeAkRJTdm4:3zrOWQJHSG34IuSAkX04

Score

N/A

Malware Config

Signatures

Files

ca95f266ef2eea6b863a0e5ba3685e1343839a806de7181c824addb2993af50a
.dll regsvr32 windows x86

db8b7787ef56f84f41ac05c2eafde2df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIA
SHSetValueA
SHGetValueA

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

msvcrt

_adjust_fdiv
tolower
__CxxFrameHandler
malloc
free
??1type_info@@UAE@XZ
_onexit
__dllonexit
isspace
ispunct
isupper
wctomb
strtol
atoi
tmpnam
fopen
fwrite
fclose
isalpha
strstr
strchr
strerror
isgraph
isxdigit
strncpy
strtok
isalnum
toupper
islower
printf
wcscmp
wcslen
??1exception@@UAE@XZ
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_initterm

winmm

timeGetTime

oleaut32

SysFreeString
GetErrorInfo
VariantClear
SysAllocString

user32

TranslateMessage
SetWindowPos
SystemParametersInfoA
wsprintfA
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
GetClassNameA
DispatchMessageA
OpenClipboard
CloseClipboard
SetTimer
DefWindowProcA
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
KillTimer

version

GetFileVersionInfoSizeA
GetFileVersionInfoA

rpcrt4

UuidToStringA

advapi32

RegCloseKey
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegOpenKeyExA

ole32

CoTaskMemFree
CoInitialize
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc

netapi32

Netbios

kernel32

GetVersion
FormatMessageA
LocalFree
GetCurrentDirectoryA
SleepEx
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle
CreateFileA
lstrcpyA
lstrlenA
GetSystemInfo
GetThreadTimes
HeapFree
GetLastError
GetProcessHeap
GetModuleFileNameA
HeapSize
HeapAlloc
lstrcpynA
GetTickCount
GetFullPathNameA
GetWindowsDirectoryA
GetProcessTimes
GetCurrentThread
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetModuleHandleA
GetCurrentProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
OpenProcess
GetCurrentProcessId
lstrcmpiA
lstrcmpA
MoveFileExA
WaitForSingleObject
CreateProcessA
DeleteFileA
GetSystemDirectoryA
GetLocalTime
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
Sleep
GetVersionExA
MultiByteToWideChar

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db8b7787ef56f84f41ac05c2eafde2df

Headers

File Characteristics

Imports

shlwapi

wininet

psapi

msvcrt

winmm

oleaut32

user32

version

rpcrt4

advapi32

ole32

netapi32

kernel32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 20KB - Virtual size: 23KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 20KB - Virtual size: 23KB

.reloc
Size: 8KB - Virtual size: 7KB