eff5dae3b1d2085e0460f50dae4cfc870cb6e56f44a133bc6668e35ae1f1cf80

Sharing

Copy URL

Twitter E-mail

General

Target

eff5dae3b1d2085e0460f50dae4cfc870cb6e56f44a133bc6668e35ae1f1cf80
Size

68KB
MD5

23ea62e2c28843797e38b2ed63442bd2
SHA1

1fb665153a12e72c72d6cd0cda2d17e4fa9ba834
SHA256

eff5dae3b1d2085e0460f50dae4cfc870cb6e56f44a133bc6668e35ae1f1cf80
SHA512

c919a4f707d0b86da2b7bdcc8c7c762f5fb31202775d4523a0883dfff0d0ec9ddb883f786091ce29385b0c8a3c01061e3cb8dfcf6195df1264c0508e6c0ba395
SSDEEP

1536:uvXwfaNhimtoI9PeVICS4ASiL6LaoDjNp:u/BNhimtVU2AGdoXNp

Score

N/A

Malware Config

Signatures

Files

eff5dae3b1d2085e0460f50dae4cfc870cb6e56f44a133bc6668e35ae1f1cf80
.dll regsvr32 windows x86

1e1fcae549bb24504c445ce68050b2dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

oleaut32

VariantClear
GetErrorInfo
SysAllocString

rpcrt4

UuidToStringA

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetSetOptionA
InternetOpenA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
strstr
strtok
toupper
strchr
isspace
__CxxFrameHandler
printf
isupper
strerror
??1type_info@@UAE@XZ
isgraph
ispunct
atoi
??2@YAPAXI@Z
tmpnam
fopen
fwrite
fclose
??3@YAXPAX@Z
malloc
free
strncpy
_stricmp
_CxxThrowException
srand

shlwapi

SHSetValueA
SHGetValueA
StrStrIA

ole32

CoCreateInstance
CoInitialize
CoCreateGuid

user32

DispatchMessageA
SystemParametersInfoA
SetWindowPos
DefWindowProcA
GetClassNameA
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
wsprintfA
RegisterClassExA
CreateWindowExA
SetTimer
KillTimer
GetMessageA
TranslateMessage
ShowWindow

netapi32

Netbios

kernel32

WriteProcessMemory
CreateRemoteThread
CloseHandle
LocalFree
MultiByteToWideChar
CreateFileA
lstrcmpA
lstrcmpiA
lstrcpyA
GetWindowsDirectoryA
GetFullPathNameA
SetLastError
FreeLibrary
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualAllocEx
OpenProcess
LoadLibraryA
MoveFileExA
WaitForSingleObject
CreateProcessA
DeleteFileA
GetSystemDirectoryA
GetLocalTime
GetVersionExA
GetEnvironmentVariableA
InterlockedExchange
GetCurrentDirectoryA
lstrlenA
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
GetProcAddress
Sleep
DisableThreadLibraryCalls
GetCurrentProcessId
SleepEx
GetModuleFileNameA
HeapSize
HeapAlloc
GetProcessHeap
GetLastError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e1fcae549bb24504c445ce68050b2dd

Headers

File Characteristics

Imports

advapi32

psapi

oleaut32

rpcrt4

wininet

msvcrt

shlwapi

ole32

user32

netapi32

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 12KB - Virtual size: 15KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 12KB - Virtual size: 15KB

.reloc
Size: 4KB - Virtual size: 2KB