d9fef06818112e7060ae06bc80af0b7add512befc22297340e7c3d51b6ff47b6

Sharing

Copy URL Twitter E-mail

General

Target

d9fef06818112e7060ae06bc80af0b7add512befc22297340e7c3d51b6ff47b6
Size

665KB
MD5

bde7fa5ea93790d33eb08974420378fa
SHA1

00fb587ed75b06dfea52b0afebf8bea98c83bee2
SHA256

d9fef06818112e7060ae06bc80af0b7add512befc22297340e7c3d51b6ff47b6
SHA512

9d19ebcbfec4a2086e8eda7e2dd9c98dc15dcccacb276bf0b196018e13623bb25c3d636cd6d73af2fbe635b45d0b43591c48f7adc0403dc01172234f6cff8ea8
SSDEEP

12288:+UfcmvGnLqCk/QDoxZmzZZSGrLXR9PuSUCeBVLdHyPe:+UfbG7Dox09QWLXR9uxV1yPe

Score

N/A

Malware Config

Signatures

Files

d9fef06818112e7060ae06bc80af0b7add512befc22297340e7c3d51b6ff47b6
.exe regsvr32 windows x86

d7c43e493541090517897bc07edd5c20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
FlushInstructionCache
GetCurrentProcess
GetModuleHandleA
GetFileAttributesW
GetVersion
OutputDebugStringA
LoadLibraryW
lstrcmpW
MulDiv
LeaveCriticalSection
GlobalFree
GlobalHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
LoadLibraryExW
lstrcmpiW
WideCharToMultiByte
WinExec
LoadLibraryA
CloseHandle
GetFileSize
CreateFileW
ReadFile
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindFirstFileW
LocalFree
LocalSize
LocalAlloc
FormatMessageW
CreateDirectoryW
IsDBCSLeadByte
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
CreateFileA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedExchange
SetConsoleCtrlHandler
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
FatalAppExitA
GetTimeZoneInformation
GetFileType
SetHandleCount
GetLocaleInfoW
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
Sleep
GetStdHandle
WriteFile
ExitProcess
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
EnterCriticalSection
lstrlenW
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
GetModuleFileNameW
GetThreadLocale
SetThreadLocale
GetSystemDefaultLCID
InterlockedDecrement
FindResourceExW
SizeofResource
lstrlenA
GetLastError
FindResourceW
LoadResource
LockResource
GetEnvironmentVariableW
MultiByteToWideChar
InterlockedIncrement
QueryPerformanceCounter

user32

GetWindow
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
SendDlgItemMessageW
EndDialog
ShowWindow
SetWindowTextW
SetDlgItemTextW
GetDlgItem
SendMessageW
UnregisterClassA
OpenClipboard
keybd_event
GetWindowRect
GetParent
GetWindowLongW
GetActiveWindow
SetWindowContextHelpId
RegisterClipboardFormatW
EmptyClipboard
SetClipboardData
CloseClipboard
EnableWindow
UnhookWindowsHookEx
SetWindowsHookExW
IsDialogMessageW
CallNextHookEx
CreateDialogIndirectParamW
LoadIconW
MessageBoxW
DialogBoxIndirectParamW
DestroyWindow
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
ClientToScreen
ScreenToClient
MoveWindow
CreateAcceleratorTableW
GetDC
ReleaseDC
GetDesktopWindow
GetClassNameW
RedrawWindow
IsWindow
BeginPaint
FillRect
EndPaint
CallWindowProcW
SetFocus
GetFocus
IsChild
GetSysColor
DestroyAcceleratorTable
GetWindowTextLengthW
GetWindowTextW
DefWindowProcW
GetClassInfoExW
RegisterClassExW
RegisterWindowMessageW
LoadCursorW
CreateWindowExW
CharNextW
SetWindowLongW
MapDialogRect

gdi32

GetObjectW
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateFontIndirectW
GetStockObject
DeleteObject

advapi32

RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegFlushKey
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

StringFromIID
CoUninitialize
OleRun
CoTaskMemRealloc
CoTaskMemFree
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
OleUninitialize
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
CoInitialize
CoTaskMemAlloc

oleaut32

CreateErrorInfo
SysAllocString
SysFreeString
SysStringLen
LoadTypeLi
SetErrorInfo
GetErrorInfo
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
VariantCopy
OleCreatePictureIndirect
OleCreateFontIndirect
LoadRegTypeLi
VariantInit
VariantClear
SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi

shlwapi

PathFileExistsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 427KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared_d
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7c43e493541090517897bc07edd5c20

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

Exports

Exports

Sections

.text Size: 427KB - Virtual size: 426KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 12KB - Virtual size: 24KB

shared_d Size: 512B - Virtual size: 16B

.rsrc Size: 123KB - Virtual size: 123KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 427KB - Virtual size: 426KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 12KB - Virtual size: 24KB

shared_d
Size: 512B - Virtual size: 16B

.rsrc
Size: 123KB - Virtual size: 123KB

.reloc
Size: 21KB - Virtual size: 20KB