cf27e054c2a446397561bc403712b947c87e342027e5851060630a7171493146

Sharing

Copy URL

Twitter E-mail

General

Target

cf27e054c2a446397561bc403712b947c87e342027e5851060630a7171493146
Size

64KB
MD5

81f8d1929326c3c630eb8ff74b60c315
SHA1

5ad924a766da56ab0bfdf29c1fd974047e4d6e63
SHA256

cf27e054c2a446397561bc403712b947c87e342027e5851060630a7171493146
SHA512

863c209f3d84b4951d049907ccdffe16dab9c26ed8373c6ac53f21fa5e565f4975c3eac71b802e645b2bff7277428489ad462e94576a16dcea8132af07bd377e
SSDEEP

1536:p0YAiDlWBEcJ3AQdjZoCT4JNDBOIxYADTwsYLuK4CCJB:uPiDlSJJ3AQd9kNlOYVMVuK4CCJB

Score

N/A

Malware Config

Signatures

Files

cf27e054c2a446397561bc403712b947c87e342027e5851060630a7171493146
.dll regsvr32 windows x86

1003afa1bcc5e92e895e0de61495d8b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToCacheFileA

mfc42

ord823
ord4202
ord2915
ord860
ord4277
ord4129
ord2818
ord540
ord939
ord825
ord537
ord800
ord858
ord535
ord4278
ord926
ord922
ord924
ord941

msvcrt

free
strcmp
strcpy
memset
_mbsstr
strncpy
strlen
time
srand
atoi
__CxxFrameHandler
malloc
memcpy
strstr
strtok
_mbscmp
realloc
_adjust_fdiv
_mbslwr
_initterm
_onexit
__dllonexit
memcmp
_purecall
_except_handler3
?terminate@@YAXXZ

kernel32

FreeLibrary
lstrcpynA
IsDBCSLeadByte
InitializeCriticalSection
DisableThreadLibraryCalls
lstrlenA
MultiByteToWideChar
lstrcpyA
DeleteFileA
WideCharToMultiByte
lstrlenW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetProcAddress
lstrcatA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
GetLastError

user32

EnumThreadWindows
IsWindow
GetClassNameA
CharNextA

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
RegisterTypeLi
SysStringLen
VarUI4FromStr
LoadTypeLi
SysFreeString
SysAllocString

msvcirt

??_Difstream@@QAEXXZ
?open@ifstream@@QAEXPBDHH@Z
?read@istream@@QAEAAV1@PADH@Z
??0ifstream@@QAE@XZ
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
?close@ifstream@@QAEXXZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1003afa1bcc5e92e895e0de61495d8b5

Headers

File Characteristics

Imports

urlmon

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

msvcirt

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB