38f657a9b17d38b0594ba16125aec03acb5793a7388c9f5ec2d1b116fc1cc799

Sharing

Copy URL Twitter E-mail

General

Target

38f657a9b17d38b0594ba16125aec03acb5793a7388c9f5ec2d1b116fc1cc799
Size

616KB
MD5

0722ef36081aa5ff260cd0abc7558904
SHA1

f9fec2e8606942b054e01960e8b7828dbe5492a6
SHA256

38f657a9b17d38b0594ba16125aec03acb5793a7388c9f5ec2d1b116fc1cc799
SHA512

cca8b536f87d38383ab074fe57efebfc7446843fbf1aa321bee69414a5979ffa6cfc154162c8c3eb0287eb07c413238a19a22bb7d70eca9c7677a798adc300cb
SSDEEP

12288:HZqr7P+fcnmHgHxjyx7HAFhWfDOt+miX+al5+oDQ3xaJA0uYgtm:HZe+fcnmHgHdGAFh+DOt+tualACQ3pLg

Score

N/A

Malware Config

Signatures

Files

38f657a9b17d38b0594ba16125aec03acb5793a7388c9f5ec2d1b116fc1cc799
.dll regsvr32 windows x86

e4f3eb3ac86674e814b41fdf88697898

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiOpenClassRegKey

ws2_32

htons
inet_addr
WSACloseEvent
WSAGetLastError
gethostbyname
WSACreateEvent
WSARecv
WSAWaitForMultipleEvents
WSAGetOverlappedResult
WSAResetEvent
WSASend
WSAStartup
WSACleanup
closesocket
select
connect
getsockopt
__WSAFDIsSet
setsockopt
socket
ioctlsocket
htonl

kernel32

GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
DisableThreadLibraryCalls
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
lstrlenA
GetModuleFileNameA
MultiByteToWideChar
lstrlenW
GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
DeleteCriticalSection
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetTickCount
InterlockedExchangeAdd
CreateSemaphoreA
CloseHandle
EnumSystemLocalesA
WaitForSingleObject
ReleaseSemaphore
GetTempPathA
OutputDebugStringA
InterlockedExchange
GetCurrentThreadId
GetProcAddress
LoadLibraryA
GetVersionExA
Sleep
GetOverlappedResult
DeviceIoControl
lstrcpyA
CreateEventA
ResetEvent
FlushFileBuffers
CreateFileA
ReadFile
WriteFile
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
IsValidLocale
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetThreadLocale
CreateFileW
GetCurrentProcessId
GetConsoleCP
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
HeapSize
HeapCreate
HeapDestroy
VirtualFree
ExitProcess
GetStdHandle
SetLastError
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapAlloc
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

IsCharUpperA
UnregisterClassA
wsprintfA
CharNextA

advapi32

RegEnumKeyExA
RegEnumKeyA
RegOpenKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
StringFromIID

oleaut32

SysAllocStringLen
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 384KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TulipLog
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4f3eb3ac86674e814b41fdf88697898

Headers

File Characteristics

Imports

setupapi

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 384KB - Virtual size: 380KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 12KB - Virtual size: 25KB

TulipLog Size: 4KB - Virtual size: 8B

.rsrc Size: 80KB - Virtual size: 76KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 384KB - Virtual size: 380KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 12KB - Virtual size: 25KB

TulipLog
Size: 4KB - Virtual size: 8B

.rsrc
Size: 80KB - Virtual size: 76KB

.reloc
Size: 20KB - Virtual size: 19KB