1bddfe5616f40116b676c6007c7ddbed7998ed13c077a850ad614295e58be163

Sharing

Copy URL Twitter E-mail

General

Target

1bddfe5616f40116b676c6007c7ddbed7998ed13c077a850ad614295e58be163
Size

821KB
MD5

399aa5fa7be897cde1680391c84ae379
SHA1

509ec0a8c80a379100471993241ed9d6b3591cd0
SHA256

1bddfe5616f40116b676c6007c7ddbed7998ed13c077a850ad614295e58be163
SHA512

23ee1219e61b86c6edcb198625e4ac3e43d2c6f16e104e8941c6a7b23325e09d87c8b9e7bc42bce1016e4e60e3b2b0664b9c8f5dc8d55570b869325c3094ccfd
SSDEEP

12288:VerJacnSQda1A5Bl5NqhNFYcyt88+fhug/ZR4DpWjZqM7c67:VerMcnSQda1A5Bl5Cy28/g/ZAWjZr

Score

N/A

Malware Config

Signatures

Files

1bddfe5616f40116b676c6007c7ddbed7998ed13c077a850ad614295e58be163
.dll regsvr32 windows x86

3b6a12e98560c72956f84a6f8ea4eafe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
FindClose
FindFirstFileW
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
OutputDebugStringW
ReadFile
DeleteFileW
GetEnvironmentVariableW
lstrlenA
CreateDirectoryW
WriteFile
FlushFileBuffers
GetTimeZoneInformation
GetFileSize
CopyFileW
LoadLibraryW
FileTimeToSystemTime
CreateThread
TerminateThread
GetExitCodeThread
WaitForSingleObject
SetThreadLocale
GetThreadLocale
FormatMessageW
SetEnvironmentVariableA
CompareStringW
CompareStringA
LocalAlloc
CloseHandle
LocalFree
GetLastError
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FileTimeToDosDateTime
WideCharToMultiByte
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
SetEndOfFile
LoadLibraryA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
SetHandleCount
CreateFileA
GetFileType
GetModuleFileNameA
GetStdHandle
ExitProcess
Sleep
HeapCreate
VirtualFree
GetCommandLineA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetConsoleCP
GetConsoleMode
SetFilePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetLastError

user32

CharNextW
wsprintfW
MessageBoxW

gdi32

DeleteObject

advapi32

RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
OleRun
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitialize
CLSIDFromString
CLSIDFromProgID

oleaut32

RegisterTypeLi
UnRegisterTypeLi
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantCopy
VarUdateFromDate
SetErrorInfo
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
GetErrorInfo
SysAllocString
VariantClear
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString

gdiplus

GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageEncodersSize
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageEncoders
GdipCloneImage
GdiplusShutdown
GdipGetImageThumbnail
GdiplusStartup
GdipSaveImageToFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 534KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b6a12e98560c72956f84a6f8ea4eafe

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 534KB - Virtual size: 533KB

.rdata Size: 133KB - Virtual size: 132KB

.data Size: 90KB - Virtual size: 105KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 45KB - Virtual size: 45KB

.text
Size: 534KB - Virtual size: 533KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 90KB - Virtual size: 105KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 45KB - Virtual size: 45KB