002970d619d450a1f286f617fac2ef043f29a664ad4d1a1f691400c472543ed4

Sharing

Copy URL Twitter E-mail

General

Target

002970d619d450a1f286f617fac2ef043f29a664ad4d1a1f691400c472543ed4
Size

160KB
MD5

2a9fae0362098d4f26db4365fa2a9b00
SHA1

b32aef88c1ca73be6b096400d5d87446b0040436
SHA256

002970d619d450a1f286f617fac2ef043f29a664ad4d1a1f691400c472543ed4
SHA512

aed6378440dd7d9742f68e0a75c16c96546e9fba96149ab30fef81e60153b1c2f4a8882d3f2ecfbe3505ad78d9d696f3e1e9a1c84cc8997a92549b48a868235d
SSDEEP

1536:ZBlgvpNZKhlAcxthaJpFSNwhiLFqiM+IZq4yIhWSWEt8U2hRgrcSNF9NOdglG:7lgBDKdxEpFSVJqrZqeWnEqvgrcSNlG

Score

N/A

Malware Config

Signatures

Files

002970d619d450a1f286f617fac2ef043f29a664ad4d1a1f691400c472543ed4
.dll regsvr32 windows x86

debe8f00cc24d3835b58e52feb33e251

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__dllonexit
malloc
free
realloc
wcslen
_purecall
_wcsicmp
wcscmp
wcscat
memmove
_wcsnicmp
swprintf
wcschr
wcscpy
_wtol
sprintf
_onexit
_except_handler3
_adjust_fdiv
_initterm

msdart

LoadLibraryI
PostMessageI
GetWindowsDirectoryI
_LoadVersionedResourceEx@16
??1CReaderWriterLock3@@QAE@XZ
??0CReaderWriterLock3@@QAE@XZ
?WriteLock@CReaderWriterLock3@@QAEXXZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?ReadOrWriteLock@CReaderWriterLock3@@QAE_NXZ
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
FXMemAttach
MpGetHeapHandle
FXMemDetach
GetModuleHandleI
LoadLibraryExI
FindResourceI
RegDeleteValueI
lstrcatI
GetModuleFileNameI
LoadStringI
MpHeapAlloc
RegEnumKeyExI
lstrcpynI
lstrlenI
RegSetValueExI
RegOpenKeyExI
RegCreateKeyExI
RegQueryValueExI
RegQueryInfoKeyI
lstrcmpiI
RegDeleteKeyI
MPDeleteCriticalSection
MPInitializeCriticalSection
CharNextI
MpHeapFree
UMSEnterCSWraper
GetVersionExI
lstrcpyI

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
EnterCriticalSection
CompareStringW
LCMapStringW
LCMapStringA
CompareStringA
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetUserDefaultLCID
TlsFree
TlsGetValue
TlsSetValue
InterlockedExchange
DisableThreadLibraryCalls
IsBadCodePtr
LoadLibraryA
GetProcAddress
LoadResource
SizeofResource
lstrlenA
FreeLibrary
HeapDestroy
GetCurrentProcess
CloseHandle
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
GetLastError
TlsAlloc

advapi32

RegCloseKey

ole32

CoTaskMemFree
CoTaskMemAlloc
CreateBindCtx
CreateFileMoniker
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysStringLen
SysAllocStringLen
VariantInit
VariantClear
SysAllocString
VariantChangeType
LoadRegTypeLi
SetErrorInfo
VarI4FromStr
CreateErrorInfo
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
GetErrorInfo
OaBuildVersion
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

debe8f00cc24d3835b58e52feb33e251

Headers

File Characteristics

Imports

msvcrt

msdart

kernel32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 66KB

.data Size: 4KB - Virtual size: 1KB

.sdbid Size: 4KB - Virtual size: 472B

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 6KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 68KB - Virtual size: 66KB

.data
Size: 4KB - Virtual size: 1KB

.sdbid
Size: 4KB - Virtual size: 472B

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 6KB

.rmnet
Size: 60KB - Virtual size: 60KB