ea1aee9882a9d9de836559267999e52a29954304f32abe9617a23e24731bef36

Sharing

Copy URL

Twitter E-mail

General

Target

ea1aee9882a9d9de836559267999e52a29954304f32abe9617a23e24731bef36
Size

577KB
MD5

6acf656f945d262c92328cb237ce2f9a
SHA1

36a1d3f6e11097e3538693ec61ec294f0733e419
SHA256

ea1aee9882a9d9de836559267999e52a29954304f32abe9617a23e24731bef36
SHA512

e2bd12f149b762de0a9f4119864362a29d3c13968404080ef0b6062e10241b60c1d71eeac416631ef02812dc51f24abb01f408b5a9eb7264b10c0669611d0ee2
SSDEEP

12288:PcMEXe4+GxU+kKvcMxMKmZq5hLhhR8ZnQ+u4c:Qe4+9svTxHmZq5hLhUQ+uz

Score

N/A

Malware Config

Signatures

Files

ea1aee9882a9d9de836559267999e52a29954304f32abe9617a23e24731bef36
.dll regsvr32 windows x86

ca7611e0c4f63d97bab0b367f8b7517a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegNotifyChangeKeyValue
OpenProcessToken
EqualSid
GetTokenInformation
GetLengthSid
CopySid
OpenThreadToken
RegCloseKey

gdi32

SelectObject
DeleteObject
GetDeviceCaps

kernel32

DelayLoadFailureHook
HeapAlloc
FlushInstructionCache
HeapDestroy
RaiseException
ResetEvent
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
WideCharToMultiByte
MultiByteToWideChar
MulDiv
SizeofResource
GetThreadLocale
LoadResource
LockResource
LocalLock
LocalFree
Sleep
CreateThread
TerminateThread
GetVersion
SetEvent
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
GetUserDefaultLCID
WriteFile
SetEndOfFile
GetFileType
GetFileSize
ReadFile
WaitForSingleObject
EnterCriticalSection
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCurrentThreadId
DisableThreadLibraryCalls
CloseHandle
InterlockedIncrement
InterlockedDecrement
HeapFree
GetProcessHeap
lstrlenA
SetLastError
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadCodePtr
LeaveCriticalSection

msdart

lstrcpynI
lstrcatI
RegQueryInfoKeyI
SystemParametersInfoI
lstrcpyI
lstrcmpiI
RegDeleteValueI
RegSetValueExI
RegEnumValueI
RegCreateKeyExI
RegEnumKeyExI
GetIUMS
_LoadVersionedResourceEx@16
GetWindowLongPtrI
WinHelpI
SetWindowLongPtrI
GetTextMetricsI
GetTextExtentPointIX
CreateFontIndirectI
ExpandEnvironmentStringsI
DialogBoxIndirectParamI
DialogBoxParamI
LoadIconI
PostMessageI
HtmlHelpI
FindResourceExI
FindResourceI
FormatMessageI
LoadLibraryExI
LoadCursorI
CharNextI
GetWindowLongI
lstrlenI
SendDlgItemMessageI
SetDlgItemTextI
GetWindowTextLengthI
GetWindowTextI
SetWindowTextI
DragQueryFileI
ImageList_LoadImageI
CreatePropertySheetPageI
PropertySheetI
CreateDirectoryI
GetOpenFileNameI
SendMessageI
SetWindowLongI
MPInitializeCriticalSection
MPDeleteCriticalSection
MpHeapAlloc
MpHeapFree
LoadStringI
UMSEnterCSWraper
FXMemDetach
_OnUnicodeSystem@0
FXMemAttach
MpGetHeapHandle
mpFree
mpMalloc
GetVersionExI
??0CReaderWriterLock3@@QAE@XZ
??1CReaderWriterLock3@@QAE@XZ
RegDeleteKeyI
RegQueryValueExI
RegOpenKeyExI
RegSetValueI
GetShortPathNameI
GetModuleFileNameI
mpRealloc
GetComputerNameI
?WriteLock@CReaderWriterLock3@@QAEXXZ
?ReadLock@CReaderWriterLock3@@QAEXXZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
CreateEventI
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
CreateFileI
LoadLibraryI
MPInitializeCriticalSectionAndSpinCount
GetModuleHandleI

msvcrt

_wsplitpath
wcschr
_ltow
_ultow
wcstol
_errno
iswdigit
_snwprintf
wcsrchr
_wmakepath
swscanf
towlower
ceil
_ftol
_controlfp
floor
sprintf
_ecvt
_finite
_ui64tow
_i64tow
_ui64toa
_i64toa
_ultoa
_itoa
_wcslwr
_except_handler3
__CxxFrameHandler
_CxxThrowException
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_purecall
_itow
_wcsicmp
wcscat
wcscpy
towupper
iswlower
_wcsnicmp
wcscmp
wcslen
time
memmove
wcsncpy
swprintf
iswspace

ole32

CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface
CoReleaseMarshalData
CreatePointerMoniker
PropVariantCopy
CoGetMalloc
StringFromGUID2
CLSIDFromString
CoInitialize
CoUninitialize
StringFromCLSID
CLSIDFromProgID
CoGetClassObject
ProgIDFromCLSID
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler

oleaut32

SysAllocStringLen
VarBstrFromCy
VarUI2FromR8
VarBstrFromDate
VarUI4FromR8
VarI2FromStr
VarUI2FromStr
VarI1FromBool
VarUI1FromBool
VarCyFromI2
VarDecFromI2
VarI4FromDec
VarI2FromDec
VarR4FromDec
VarI1FromDec
VarBoolFromDec
VarCyFromDec
VarR8FromDec
VarUI1FromDec
VarUI4FromDec
VarUI2FromDec
VarBstrFromDec
VarI2FromI1
VarI4FromI1
VarR4FromI1
VarR8FromI1
VarCyFromI1
VarUI2FromI1
VarUI4FromI1
VarDecFromI1
VarI2FromUI1
VarUI2FromUI1
VarI4FromUI1
VarUI4FromUI1
VarR4FromUI1
VarR8FromUI1
LoadTypeLi
RegisterTypeLi
CreateErrorInfo
LoadRegTypeLi
VarI1FromI2
VarUI1FromI2
VarI1FromI4
VarUI1FromI4
VarI2FromI4
VarUI2FromI4
VarCyFromI4
VarDecFromI4
VarCyFromUI1
VarI1FromR4
VarUI1FromR4
VarI2FromR4
VarUI2FromR4
VarI4FromR4
VarUI4FromR4
VarDecFromR4
VarCyFromR4
VarI1FromR8
VarUI1FromR8
VarI2FromR8
VarI4FromR8
VarDecFromR8
VarR4FromR8
VarCyFromR8
VarI1FromCy
VarUI1FromCy
VarI2FromCy
VarUI2FromCy
VarDecFromCy
VarBoolFromCy
VarI4FromCy
VarUI4FromCy
VarR4FromCy
SysFreeString
VarR8FromCy
SysStringLen
GetErrorInfo
VariantClear
SetErrorInfo
VariantInit
SysAllocString
SysStringByteLen
VariantCopy
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetDim
VariantChangeType
SafeArrayCopy
VariantTimeToSystemTime
VariantChangeTypeEx
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SystemTimeToVariantTime
VarDateFromStr
VarDecFromStr
VarCyFromStr
VarR8FromStr
VarUI4FromStr
VarI4FromStr
VarBoolFromStr
VarUI1FromStr
VarI1FromStr
VarR4FromStr
VarDecFromUI4
VarCyFromUI4
VarUI2FromUI4
VarI2FromUI4
VarUI1FromUI4
VarI1FromUI4
VarDecFromUI2
VarCyFromUI2
VarUI1FromUI2
VarI1FromUI2
VarDecFromUI1

user32

MessageBoxW
SetWindowPos
ReleaseDC
GetDC
GetSystemMetrics
GetWindowRect
GetParent
GetDlgItem
GetClientRect
CheckRadioButton
EnableWindow
IsWindowEnabled
SetCursor
ScreenToClient
GetCursorPos
GetActiveWindow
SetFocus
GetTopWindow
GetDialogBaseUnits
CharNextExA
GetWindow
MapWindowPoints
EndDialog

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
OpenDSLFile

Sections

.text
Size: 388KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca7611e0c4f63d97bab0b367f8b7517a

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msdart

msvcrt

ole32

oleaut32

user32

Exports

Exports

Sections

.text Size: 388KB - Virtual size: 385KB

.data Size: 12KB - Virtual size: 11KB

.sdbid Size: 4KB - Virtual size: 940B

.rsrc Size: 44KB - Virtual size: 42KB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 388KB - Virtual size: 385KB

.data
Size: 12KB - Virtual size: 11KB

.sdbid
Size: 4KB - Virtual size: 940B

.rsrc
Size: 44KB - Virtual size: 42KB

.reloc
Size: 24KB - Virtual size: 22KB