de93bacef5716827d5820130402c70812bce78a2a2a47489c8d63cf6e61e7c27

Sharing

Copy URL Twitter E-mail

General

Target

de93bacef5716827d5820130402c70812bce78a2a2a47489c8d63cf6e61e7c27
Size

312KB
MD5

61e06fdb013f84b9c077d8133bbc8d8b
SHA1

7eee0c1ef7b31345a9adad8b3f395afc1be952c4
SHA256

de93bacef5716827d5820130402c70812bce78a2a2a47489c8d63cf6e61e7c27
SHA512

8278e814725a92d1d3be7debcc2c05969c0e24ae75f22498d824ddeb0bfed50347b70f972cdeb34d655496b76233fdbd99b1016dcff505233848a973a29f324b
SSDEEP

6144:Z2cMlFXRNaBx0TlF85HQHaj0yMNf+Zwrqx005dsUq:Z9MzPa5FQ5Nmaex005iUq

Score

N/A

Malware Config

Signatures

Files

de93bacef5716827d5820130402c70812bce78a2a2a47489c8d63cf6e61e7c27
.dll regsvr32 windows x86

609c4d78a6d0293eda5485b982d1ee02

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
HttpQueryInfoA
InternetCrackUrlW
HttpOpenRequestW
InternetConnectW
InternetOpenA
InternetCloseHandle
HttpSendRequestA

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
ExitProcess
InterlockedDecrement
lstrlenA
lstrcmpiA
DisableThreadLibraryCalls
lstrcpynA
lstrcpyA
GetModuleFileNameA
lstrcatA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedIncrement

user32

CharNextA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance

oleaut32

SysFreeString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringLen
SysAllocString

pfcom

procfile

omgutils

?omgRegQueryValue@@YA_NPBDAAK_N@Z
??0OMGExceptionImpl@@QAE@ABV0@@Z
??1OMGExceptionImpl@@UAE@XZ
??ROMGExceptionFunctor@@QAA?AVOMGExceptionImpl@@HPBDZZ
??0OMGExceptionFunctor@@QAE@PBDHK@Z
??0OMGExceptionImpl@@QAE@HPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0H@Z
?code@OMGExceptionImpl@@QBEHXZ
?l3ReadLicense@@YAXQBEAAV?$vector@EV?$allocator@E@std@@@std@@@Z
?l3UnpackLicense@@YAXPBEIAAV?$vector@EV?$allocator@E@std@@@std@@1QAEAAK@Z
??1OmgCriticalSection@@UAE@XZ
??0OmgCriticalSection@@QAE@XZ
?Win32ErrorString@OMGExceptionImpl@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV23@@Z
?Win32ErrorString@OMGExceptionImpl@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
??0OMGExceptionImpl@@QAE@HPBDABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0H@Z
?omgMkdirHier@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?writeToFile@OmgString@@QBEXPBD_NK@Z
?writeToFile@OmgAsn@@YAXPBDPBXK@Z
??0OmgGlobalLock@@QAE@PBD@Z
?lock@OmgGlobalLock@@UAE_NK@Z
?lock@OmgGlobalLock@@UAEXXZ
?unlock@OmgGlobalLock@@UAEXXZ
??1OmgGlobalLock@@UAE@XZ
?omgRegQueryValue@@YA_NPBDAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
??0OmgSha@@QAE@XZ
?update@OmgSha@@QAEXPBXI@Z
?final@OmgSha@@QAEXQAE@Z
??1OmgSha@@QAE@XZ
?l3PackLicense@@YAXPBEI0IQBEKAAV?$vector@EV?$allocator@E@std@@@std@@@Z
?l3WriteLicense@@YAXQBEABV?$vector@EV?$allocator@E@std@@@std@@@Z
?omgResolveRepositoryFile@@YA_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4OmgRepositoryFileType@@ZZ
?readFromFile@OmgString@@QAEXPBDIIK@Z
??0ObjectIdentifier@OmgAsn@@QAA@HZZ
?omghexdump@@YAXPBXII@Z
omglog
??0OmgSinf@@QAE@PBXI@Z
?subkeyExists@OmgSinf@@QAE_NXZ
?convertToSalSinf@OmgSinf@@QAEXQBEAAVOmgString@@@Z
??1OmgSinf@@QAE@XZ

salwrap

salwrap0
salwrap1

rpcrt4

CStdStubBuffer_DebugServerRelease
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerQueryInterface

msvcr71

_fileno
__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
__security_error_handler
??1type_info@@UAE@XZ
strcmp
wcslen
strlen
strncmp
memcmp
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??3@YAXPAX@Z
memcpy
memmove
memset
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??2@YAPAXI@Z
sprintf
malloc
free
_resetstkoflw
_except_handler3
??_V@YAXPAX@Z
wcsncpy
realloc
??_U@YAPAXI@Z
vfprintf
vsprintf
_iob

shlwapi

PathFindExtensionA

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Xlen@_String_base@std@@QBEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Xran@_String_base@std@@QBEXXZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 190B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

609c4d78a6d0293eda5485b982d1ee02

Headers

File Characteristics

Imports

wininet

kernel32

user32

advapi32

ole32

oleaut32

pfcom

omgutils

salwrap

rpcrt4

msvcr71

shlwapi

msvcp71

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 76KB

.orpc Size: 4KB - Virtual size: 190B

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 8KB

.text Size: 172KB - Virtual size: 172KB

.text
Size: 80KB - Virtual size: 76KB

.orpc
Size: 4KB - Virtual size: 190B

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 172KB - Virtual size: 172KB