e29652434ba14fd5f210a900f74eba5dce4e5e4f48937c307915cafd69243248

Sharing

Copy URL Twitter E-mail

General

Target

e29652434ba14fd5f210a900f74eba5dce4e5e4f48937c307915cafd69243248
Size

312KB
MD5

45036cbbc251f577797cc30e64686f18
SHA1

338037f82ec15597da5187009767ebd684316e81
SHA256

e29652434ba14fd5f210a900f74eba5dce4e5e4f48937c307915cafd69243248
SHA512

0c2d22821552c3a300d44c6904e90a37769a12bb58289a84b64d99d777bb5775fc36508892bab722b8da9e947a7475ea1d67420abbd74aa92255015680ec51d9
SSDEEP

6144:dyHmrTyfHof/bJYh7KQr/VcqHWxJbVikey6mjACBMYwxHEu:dyHmcVJHWn/D68AzHE

Score

N/A

Malware Config

Signatures

Files

e29652434ba14fd5f210a900f74eba5dce4e5e4f48937c307915cafd69243248
.dll regsvr32 windows x86

cd1c4358d157ce4b1459d835c67ddb33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
VirtualAlloc
lstrcatW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
GetModuleHandleW
lstrcpynW
FreeLibrary
LoadLibraryExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetDateFormatW
GetTimeFormatW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetTimeZoneInformation
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForSingleObject
ResetEvent
SetEvent
PulseEvent
GetCurrentThreadId
CreateMutexW
CloseHandle
ReleaseMutex
Sleep
SetThreadPriority
GetThreadPriority
GetExitCodeThread
CreateEventW
FindClose
FindFirstFileW
GetFileAttributesW
GetLastError
SetFileAttributesW
GetExitCodeProcess
CreateProcessW
RemoveDirectoryW
MoveFileW
MoveFileExW
CopyFileW
CopyFileExW
GetTempPathW
DeviceIoControl
CreateFileW
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
GetFileSize
SetFilePointer
SetFileTime
SetEndOfFile
ReadFile
WriteFile
FindNextFileW
GetSystemInfo
GlobalMemoryStatus
CreateFileA
GetVersion
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
SetErrorMode
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetVersionExA
LoadLibraryA
LocalFree
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
DeleteFileW
InterlockedExchange

user32

CharNextW
EnableWindow
GetActiveWindow
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard

advapi32

SetSecurityDescriptorDacl
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
RegEnumValueW
InitializeSecurityDescriptor

shell32

SHGetFileInfoW
SHFileOperationW
SHGetMalloc
SHGetPathFromIDListW
SHGetFolderLocation
SHGetDesktopFolder
SHGetSpecialFolderLocation

ole32

CoCreateGuid
CoInitialize
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2

oleaut32

SysStringByteLen
VariantClear
LoadRegTypeLi
VarUI4FromStr
SysStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

shlwapi

SHDeleteValueW
SHDeleteKeyW
StrRetToStrW
PathIsDirectoryW
PathFindExtensionW

msvcr71

wcsftime
_localtime64
swscanf
_time64
_mktime64
_wtof
wcsspn
_wtoi
_wtoi64
swprintf
memmove
_wcsnicmp
iswspace
_errno
_wmkdir
isalpha
_close
_wopen
setlocale
_control87
_beginthreadex
_endthreadex
_wstat64
calloc
_wcsicoll
wcsncmp
_snwprintf
towupper
iswlower
toupper
islower
wcstombs
memset
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter
__security_error_handler
ceil
_vsnwprintf
wcscmp
wcsrchr
wcslen
_mbsnbcpy
wcschr
realloc
_purecall
??_V@YAXPAX@Z
??_U@YAPAXI@Z
malloc
wcscpy
??2@YAPAXI@Z
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
wcsncpy
??3@YAXPAX@Z
_except_handler3
_CxxThrowException
free
floor
_wcsicmp

msvcp71

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd1c4358d157ce4b1459d835c67ddb33

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcr71

msvcp71

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 100KB - Virtual size: 97KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 100KB - Virtual size: 97KB

.reloc
Size: 16KB - Virtual size: 14KB