aaec075c8e88d57a7eed1bc8c8080055bfd83235bcbc08b9d8b217fd6810579c

Sharing

Copy URL Twitter E-mail

General

Target

aaec075c8e88d57a7eed1bc8c8080055bfd83235bcbc08b9d8b217fd6810579c
Size

312KB
MD5

77d5a3a3754256689aca8d4b4799e650
SHA1

837844331ded1defed161d17842951e350bfd602
SHA256

aaec075c8e88d57a7eed1bc8c8080055bfd83235bcbc08b9d8b217fd6810579c
SHA512

c6bc2a59afcc6513198aa251d5ae1d93fb0d902137da981bf0395df38dac577b81c959d437f41b340788b649594ac606679ee649461c76c948eaff788e664c0e
SSDEEP

6144:eFCmBU6OH9YtddW3Hb03oCHcD24/3wDvsJu9UzJ:eFCmmYtd0Hb03t46UJu9A

Score

N/A

Malware Config

Signatures

Files

aaec075c8e88d57a7eed1bc8c8080055bfd83235bcbc08b9d8b217fd6810579c
.dll regsvr32 windows x86

4e512aa23a10dcb49cf5e472c7362afe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord3948
ord2717
ord1128
ord541
ord3658
ord703
ord354
ord403
ord4074
ord398
ord801
ord665
ord5446
ord6390
ord5436
ord6379
ord2836
ord2099
ord5647
ord3611
ord3122
ord350
ord826
ord600
ord1571
ord1250
ord269
ord1248
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1165
ord1568
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord815
ord4269
ord3434
ord5590
ord1173
ord1115
ord4053
ord3176
ord2756
ord4272
ord6278
ord6279
ord4199
ord913
ord942
ord533
ord5188
ord6388
ord1989
ord798
ord2606
ord4273
ord4124
ord940
ord858
ord927
ord6139
ord2910
ord5568
ord922
ord925
ord356
ord2762
ord2773
ord3173
ord6874
ord668
ord1594
ord6466
ord537
ord540
ord861
ord535
ord2810
ord823
ord825
ord800
ord700
ord538

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
strcmp
_CxxThrowException
swscanf
wcscmp
wcstod
wcstol
memcmp
realloc
malloc
free
_purecall
memcpy
wcstoul
_wfopen
fwprintf
fflush
_wgetenv
wcsncmp
_wcsicmp
wcslen
_wsplitpath
fopen
strlen
fgets
fclose
printf
__CxxFrameHandler
memset
sscanf

kernel32

InterlockedExchangeAdd
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
Sleep
GetCurrentDirectoryW
GetPrivateProfileSectionW
FormatMessageW
GetLocalTime
GetLastError
LocalFree
LocalAlloc
InitializeCriticalSection
LoadLibraryW
GetProcAddress
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetVersionExW
HeapDestroy
lstrcpyW
lstrcatW
GetCurrentProcess
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetFullPathNameW
lstrcpynW
lstrcmpiW

user32

CharNextW
LoadStringW

advapi32

RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegQueryValueExW

ole32

CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoInitializeEx
CoTaskMemFree
ProgIDFromCLSID
CoSetProxyBlanket

oleaut32

LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantInit
SetErrorInfo
CreateErrorInfo
SysFreeString
SysAllocString
SysStringLen
VariantClear
VarUI4FromStr

setupapi

CM_Locate_DevNode_ExW
SetupDiGetDeviceInstanceIdW
SetupCopyOEMInfW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
CM_Reenumerate_DevNode_Ex

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e512aa23a10dcb49cf5e472c7362afe

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

setupapi

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 8KB - Virtual size: 6KB

.text Size: 188KB - Virtual size: 188KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 188KB - Virtual size: 188KB