1126b757bc39bbe727afb8d16574ee2381008e9aa174eb295921ab9d8b240e0a

Sharing

Copy URL Twitter E-mail

General

Target

1126b757bc39bbe727afb8d16574ee2381008e9aa174eb295921ab9d8b240e0a
Size

539KB
MD5

4e91c3bcfc3d7153359fea46ee3f2160
SHA1

64ea4ad0cbf2e3adb524003028ab930816589737
SHA256

1126b757bc39bbe727afb8d16574ee2381008e9aa174eb295921ab9d8b240e0a
SHA512

742e9fd1955a00015d53426b4a211fee8531ef8d90ae93c99c1fa01e8a4cb86c45b25aadcfaed17bb6a3b502e9c21d05ee6851f76826f7b34d86c38ca5d89e7e
SSDEEP

12288:pGuJs96mOttNcbhkOYl2NSa+tLUoV0TOf+TSg6MXLr3ogQ:pGgmEc1pyrvV0TOf+eg6M7r3ogQ

Score

N/A

Malware Config

Signatures

Files

1126b757bc39bbe727afb8d16574ee2381008e9aa174eb295921ab9d8b240e0a
.dll regsvr32 windows x86

b866fde44e0ef9d3509ea8d871f66e4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32FirstW
GetCurrentThread
GetThreadPriority
InitializeCriticalSectionAndSpinCount
GetPriorityClass
WideCharToMultiByte
FreeLibrary
LocalAlloc
LocalFree
OpenProcess
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
Sleep
FindClose
CloseHandle
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
CreateMutexW
LoadLibraryA
CreateProcessW
RemoveDirectoryW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
CreateToolhelp32Snapshot
Process32NextW
EncodePointer
DecodePointer
InterlockedIncrement
InterlockedDecrement
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameW
GetThreadLocale
CopyFileA
lstrlenW
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
FindVolumeClose
FindFirstVolumeW
VerifyVersionInfoW
GetVersionExW
GetVolumeInformationW
GetModuleHandleW
LoadLibraryW
GetSystemInfo
GetCurrentProcessId
GetProcAddress
VerSetConditionMask
SetLastError
GetLastError
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GlobalFree
MultiByteToWideChar
FindResourceExW
GetUserDefaultLCID
SetEndOfFile
IsValidLocale
GetLocaleInfoW
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
SetFilePointerEx
SetFilePointer
GetFileType
GetStringTypeW
ReadConsoleW
SetConsoleCtrlHandler
LoadLibraryExW
InterlockedExchange
FatalAppExitA
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
FindResourceW
SizeofResource
LoadResource
SetThreadLocale
LockResource
IsValidCodePage
WriteFile
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
ReadFile
HeapDestroy
HeapSize
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
VirtualAlloc
VirtualProtect
VirtualQuery

user32

CloseWindow
GetWindow
SetForegroundWindow
MessageBoxW
CharNextW
AnimateWindow
FindWindowW
GetDesktopWindow

gdi32

GetPixel

advapi32

RegQueryValueExW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
ConvertSidToStringSidW
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegEnumKeyW
RegCreateKeyExW

ole32

StringFromGUID2
CoCreateInstance
CoCreateGuid

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringLen
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
LoadRegTypeLi
DispCallFunc
VariantChangeType
SetErrorInfo
CreateErrorInfo

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest

iphlpapi

IcmpCreateFile
IcmpCloseHandle
GetAdaptersInfo
IcmpSendEcho

userenv

UnloadUserProfile

ws2_32

WSAStartup
gethostbyname
inet_ntoa
WSACleanup

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b866fde44e0ef9d3509ea8d871f66e4b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

winhttp

iphlpapi

userenv

ws2_32

Exports

Exports

Sections

.text Size: 314KB - Virtual size: 313KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 30KB - Virtual size: 29KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 314KB - Virtual size: 313KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 30KB - Virtual size: 29KB

.rmnet
Size: 56KB - Virtual size: 60KB