a0dd92b809e8a1d35b6d8ca5eb7021e5f021584f53562c8b9f27e7918bab8d61

Sharing

Copy URL

Twitter E-mail

General

Target

a0dd92b809e8a1d35b6d8ca5eb7021e5f021584f53562c8b9f27e7918bab8d61
Size

122KB
MD5

6950f6fb8b7c6c736d012e3ff6cddf80
SHA1

8c1e26a7622264c5aac7b7519f9f2f7b92b5f26b
SHA256

a0dd92b809e8a1d35b6d8ca5eb7021e5f021584f53562c8b9f27e7918bab8d61
SHA512

d83a301b4a25a82705e4a215b66a6465c7be7b9eda307d5bbf5cedbae2ebf65510c3eff5963752cf4f7480168835ddcaf39f84cc2a6f7b0f17d378e99e107a33
SSDEEP

3072:uPNfzKWcWOvyxbRmy75vTdMuNsv9TdF89MCIFvlsr6:ufcWJJAk51NsFf87QvD

Score

N/A

Malware Config

Signatures

Files

a0dd92b809e8a1d35b6d8ca5eb7021e5f021584f53562c8b9f27e7918bab8d61
.exe regsvr32 windows x64

5d36e1e25c630aa6c55aea3986a27821

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathRemoveArgsA
PathUnquoteSpacesA
PathFileExistsA
PathQuoteSpacesA
StrRChrA
PathAppendA

advapi32

SetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
RegDeleteKeyA
QueryServiceConfigA
CreateServiceA
GetUserNameA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
InitializeSecurityDescriptor
QueryServiceStatusEx
CloseServiceHandle
GetTokenInformation
OpenProcessToken
DeleteService
OpenServiceA
OpenSCManagerA
StartServiceA
ControlService
SetServiceStatus
EnumServicesStatusExA

user32

CharNextA
LoadStringA
CharLowerA
wvsprintfA

kernel32

LCMapStringA
LCMapStringW
GetTempFileNameA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
lstrlenA
CloseHandle
GetModuleHandleA
WideCharToMultiByte
GetStringTypeExA
GetThreadLocale
lstrcmpA
lstrcmpiA
GetProcAddress
ReadFile
GetFileSize
CreateFileA
WriteFile
DeleteFileA
GetVersionExA
GetCurrentProcess
LoadLibraryA
VirtualQuery
Sleep
GetCurrentProcessId
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
CreateMutexA
MapViewOfFileEx
SetEvent
OpenEventA
GetLastError
MoveFileExA
GetTickCount
GetFileTime
GetVolumeInformationA
CreateFileMappingW
GetExitCodeProcess
lstrlenW
GetComputerNameA
QueryDosDeviceA
GetLogicalDriveStringsA
ExpandEnvironmentStringsA
FreeLibrary
GetModuleFileNameA
GetTempPathA
lstrcpynA
FileTimeToSystemTime
IsBadReadPtr
CreateThread
ExitProcess
CreateEventW
OpenEventW
FreeLibraryAndExitThread
CreateEventA
GetLocaleInfoA
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
GetCommandLineA
GetStdHandle
HeapSetInformation
HeapCreate
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSize
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoInitialize
StringFromGUID2
CoUninitialize

psapi

GetProcessImageFileNameA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d36e1e25c630aa6c55aea3986a27821

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

advapi32

user32

kernel32

shell32

ole32

psapi

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 5KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 5KB - Virtual size: 4KB