fd7dc71a71e5319d6eb087d3b86f4d05799862edc13c48b821f097c8e52828dc

Sharing

Copy URL Twitter E-mail

General

Target

fd7dc71a71e5319d6eb087d3b86f4d05799862edc13c48b821f097c8e52828dc
Size

278KB
MD5

6ee38b59dbd9c111670171ab4395c460
SHA1

2fe7fc079702b9a619da54a47baf3897679477a1
SHA256

fd7dc71a71e5319d6eb087d3b86f4d05799862edc13c48b821f097c8e52828dc
SHA512

50daa0f5b649f8e410534a5096eab7ca49a9baff675fc4def5be7bba159b128c717aec29788e56b30b0c8737ac99083350cfae44448941ed22660fc7130d4fa1
SSDEEP

3072:eqcQ7IB97GBQCNz4+slTkhqmP+IfynIqncabh4dv9EmO492dErHNaLZpZLuQC/Lx:5u9iPgghqmP+IfRqlbgO+WZrHNU+Ah

Score

N/A

Malware Config

Signatures

Files

fd7dc71a71e5319d6eb087d3b86f4d05799862edc13c48b821f097c8e52828dc
.dll regsvr32 windows x86

ba309e6389fc75a94d468140ad24646d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
TraceEvent
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegQueryValueExW
SetNamedSecurityInfoW
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
InitializeSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl

kernel32

GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InterlockedExchange
RtlUnwind
LCMapStringW
GetConsoleCP
SetHandleCount
SetStdHandle
WriteConsoleW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetConsoleMode
SetThreadLocale
GetThreadLocale
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrlenA
lstrcpynW
GetModuleHandleW
GetProcAddress
FindResourceExW
LockResource
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
RaiseException
lstrlenW
QueryPerformanceCounter
LocalFree
SetLastError
CreateDirectoryW
GetTickCount
LoadLibraryW
WaitForSingleObject
GetCurrentProcess
CloseHandle
ReleaseMutex
GetEnvironmentVariableW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
OutputDebugStringW
Sleep
CreateFileW
WriteFile
lstrcmpW
SetFilePointer
CreateMutexW
InitializeCriticalSection
TryEnterCriticalSection
InterlockedCompareExchange
WideCharToMultiByte
GetFileAttributesExW
GetStringTypeExW
GetSystemTimeAsFileTime
GetVersionExW
MoveFileExW
FlushFileBuffers
VerSetConditionMask
VerifyVersionInfoW
TerminateProcess
VirtualQuery
IsDebuggerPresent
ExitProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
GetStringTypeW

ole32

StringFromGUID2
IIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
SysStringLen

user32

GetWindow
SetForegroundWindow
AllowSetForegroundWindow
GetWindowLongW
wvsprintfW
CharLowerW
CharUpperW
wvsprintfA
wsprintfW
MessageBoxW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
SetWindowPos
CreateWindowExW
DestroyWindow
GetClientRect
CharNextW
CharLowerBuffW

shlwapi

SHQueryValueExW
PathIsRelativeW
PathCanonicalizeW
PathAppendW
UrlEscapeW
UrlUnescapeW
PathStripPathW
PathRemoveFileSpecW
UrlUnescapeA
PathRemoveExtensionW
PathRemoveBackslashW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW

wininet

InternetCrackUrlW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba309e6389fc75a94d468140ad24646d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

user32

shlwapi

version

shell32

wininet

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 22KB - Virtual size: 21KB

.text Size: 62KB - Virtual size: 64KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 22KB - Virtual size: 21KB

.text
Size: 62KB - Virtual size: 64KB