1722fba8a8eb7c4a87da3a069b78a281bcc5e7c072c84dee3d346a407a88b66e

Sharing

Copy URL Twitter E-mail

General

Target

1722fba8a8eb7c4a87da3a069b78a281bcc5e7c072c84dee3d346a407a88b66e
Size

324KB
MD5

6401a212af88cd6dc412039f7f7ae1c0
SHA1

44b966e9b54e4826f87ec73019b719a21f817e6a
SHA256

1722fba8a8eb7c4a87da3a069b78a281bcc5e7c072c84dee3d346a407a88b66e
SHA512

c6023973a1c06ee67f690c519c9e6663963f51add5cfbcac67c64b73fc8bb818c81084dce75bb85aa689763e03860c9358cf864bcfae2b248c07252a522381c8
SSDEEP

6144:xr9O8RS8/tLqijLOdWZaj9rCg/BNaToC+FaYTiwrW:xxVS8VLqijZZMWw48CTYTY

Score

N/A

Malware Config

Signatures

Files

1722fba8a8eb7c4a87da3a069b78a281bcc5e7c072c84dee3d346a407a88b66e
.dll regsvr32 windows x86

ba309e6389fc75a94d468140ad24646d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
TraceEvent
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegQueryValueExW
SetNamedSecurityInfoW
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
InitializeSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl

kernel32

GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InterlockedExchange
RtlUnwind
LCMapStringW
GetConsoleCP
SetHandleCount
SetStdHandle
WriteConsoleW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetConsoleMode
SetThreadLocale
GetThreadLocale
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrlenA
lstrcpynW
GetModuleHandleW
GetProcAddress
FindResourceExW
LockResource
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
RaiseException
lstrlenW
QueryPerformanceCounter
LocalFree
SetLastError
CreateDirectoryW
GetTickCount
LoadLibraryW
WaitForSingleObject
GetCurrentProcess
CloseHandle
ReleaseMutex
GetEnvironmentVariableW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
OutputDebugStringW
Sleep
CreateFileW
WriteFile
lstrcmpW
SetFilePointer
CreateMutexW
InitializeCriticalSection
TryEnterCriticalSection
InterlockedCompareExchange
WideCharToMultiByte
GetFileAttributesExW
GetStringTypeExW
GetSystemTimeAsFileTime
GetVersionExW
MoveFileExW
FlushFileBuffers
VerSetConditionMask
VerifyVersionInfoW
TerminateProcess
VirtualQuery
IsDebuggerPresent
ExitProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
GetStringTypeW

ole32

StringFromGUID2
IIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
SysStringLen

user32

GetWindow
SetForegroundWindow
AllowSetForegroundWindow
GetWindowLongW
wvsprintfW
CharLowerW
CharUpperW
wvsprintfA
wsprintfW
MessageBoxW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
SetWindowPos
CreateWindowExW
DestroyWindow
GetClientRect
CharNextW
CharLowerBuffW

shlwapi

SHQueryValueExW
PathIsRelativeW
PathCanonicalizeW
PathAppendW
UrlEscapeW
UrlUnescapeW
PathStripPathW
PathRemoveFileSpecW
UrlUnescapeA
PathRemoveExtensionW
PathRemoveBackslashW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW

wininet

InternetCrackUrlW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba309e6389fc75a94d468140ad24646d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

user32

shlwapi

version

shell32

wininet

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 22KB - Virtual size: 21KB

.text Size: 109KB - Virtual size: 112KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 22KB - Virtual size: 21KB

.text
Size: 109KB - Virtual size: 112KB