943f4d4a8a2c53144384303a2a8722d1e27c06b244ab9a3c149179a656a933a4

Sharing

Copy URL Twitter E-mail

General

Target

943f4d4a8a2c53144384303a2a8722d1e27c06b244ab9a3c149179a656a933a4
Size

775KB
MD5

7c59679615418b783017be5b9a112117
SHA1

8f28fa8ab92e2bf2fa523e796cfdc197e49009ce
SHA256

943f4d4a8a2c53144384303a2a8722d1e27c06b244ab9a3c149179a656a933a4
SHA512

c341a3cb23867246ede3c2eb5112a081054d31eae8bdf690a0118768c2571f9de91647e82430d4f16db62f0afa74e31b5a4bc72a2b410efea6b90d45dbef12de
SSDEEP

12288:v5BL3dfa85D4KBt3FUD/PGlK5bcY5aepP750SAFFMFoypofmFWq:LNy8x48OqlKRcsAHMF9p4q

Score

N/A

Malware Config

Signatures

Files

943f4d4a8a2c53144384303a2a8722d1e27c06b244ab9a3c149179a656a933a4
.dll regsvr32 windows x86

f8638c1f4852d948a1722995ba5d477d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

floor
_isatty
_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
wcstombs
ferror
wctomb
_itoa
_snprintf
localeconv
isxdigit
isleadbyte
mbtowc
calloc
iswctype
memcpy
memset
_onexit
_lock
__dllonexit
_unlock
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_iob
__mb_cur_max
_CIfmod
_errno
_isnan
sin
asin
exp
atan
acos
fmod
tan
_ftime
log
pow
cos
sqrt
atan2
bsearch
_ismbblead
_wasctime
_tzset
isdigit
localtime
_vsnwprintf
isalpha
_wcslwr
ceil
iswxdigit
wcsstr
towlower
atoi
wcscspn
_clearfp
_statusfp
strrchr
_ltow
_ultow
longjmp
strtoul
_control87
_mbsrchr
_mbsicmp
_wcsicmp
_purecall
_CIlog
ungetc
_wcsnicmp
??2@YAPAXI@Z
_wcsdup
realloc
wcsncmp
??3@YAXPAX@Z
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memmove
wcschr
malloc
free
_setjmp3

oleaut32

SysAllocString
VariantClear
SysAllocStringLen
CreateTypeLib2
SysFreeString
LoadRegTypeLi
SysStringLen
VariantCopyInd
VariantCopy
SysAllocStringByteLen
VariantInit
SysStringByteLen
SafeArrayDestroy
SafeArrayCreate
GetErrorInfo
LoadTypeLi
GetActiveObject
LoadTypeLibEx
SafeArrayRedim
CreateTypeLi
SafeArrayGetElement
VariantChangeTypeEx
SafeArrayCopy

ole32

BindMoniker
MkParseDisplayName
CreateBindCtx
CLSIDFromString
StringFromCLSID
CoGetClassObject
CLSIDFromProgID
CoTaskMemFree
CoCreateInstance

advapi32

RegSetValueA
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyExA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
TraceEvent
GetTraceEnableFlags
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
GetTraceLoggerHandle
RegisterTraceGuidsA
UnregisterTraceGuids
GetTraceEnableLevel
RegSetValueExA

kernel32

RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
GetLastError
LCMapStringW
GetVersion
CompareStringA
GetNumberFormatW
SetLastError
LCMapStringA
CompareStringW
GetTimeFormatW
GetLocaleInfoW
GetDateFormatA
GetNumberFormatA
GetTimeFormatA
GetDateFormatW
MulDiv
GetSystemTime
GetTimeZoneInformation
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
MultiByteToWideChar
GetComputerNameA
GetProcAddress
TlsSetValue
GetStringTypeW
WideCharToMultiByte
GetStringTypeA
TlsFree
TlsAlloc
FreeLibrary
GetVersionExA
LoadLibraryExA
LockResource
GetModuleFileNameW
SizeofResource
LoadResource
FreeResource
FindResourceA
IsValidCodePage
GetACP
IsValidLocale
GetSystemDefaultLCID
GetUserDefaultLCID
GetLocaleInfoA
GetCurrentThreadId
DeleteCriticalSection
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
InitializeCriticalSection
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FindResourceExW
LoadLibraryExW
MapViewOfFile
CloseHandle
CreateFileMappingW
CreateFileW
GetVersionExW
UnmapViewOfFile
GetEnvironmentVariableW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
SearchPathW

shlwapi

PathRemoveFileSpecW
PathCombineW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 630KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8638c1f4852d948a1722995ba5d477d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

ole32

advapi32

kernel32

shlwapi

version

Exports

Exports

Sections

.text Size: 630KB - Virtual size: 629KB

.data Size: 22KB - Virtual size: 21KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 630KB - Virtual size: 629KB

.data
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 24KB - Virtual size: 24KB