a1507e30864b54f0a31e7e7d7422074f2f014b8ab1bb663a1559614ee2f89511

Sharing

Copy URL Twitter E-mail

General

Target

a1507e30864b54f0a31e7e7d7422074f2f014b8ab1bb663a1559614ee2f89511
Size

1.2MB
MD5

09d238e033ec184fcd5c34f9fc970186
SHA1

4c329b7e4ec859cfd9e106bf0e7345d8fb62bfcf
SHA256

a1507e30864b54f0a31e7e7d7422074f2f014b8ab1bb663a1559614ee2f89511
SHA512

94511a75690aafd51f4a30400c5e9e346845116bb5807ce2982b972b24e97da0dde1e6cb8e7e6fa62deb313910cb9b949e6cd7ccdf0e28e1d7fb4c74d3d55981
SSDEEP

24576:O0wLnUo1YJArl1WAFsNkv+MZ8tuZVTjUDlKt0kwNe2He:O0GXrutNkv+Y80jlNwAC

Score

N/A

Malware Config

Signatures

Files

a1507e30864b54f0a31e7e7d7422074f2f014b8ab1bb663a1559614ee2f89511
.exe regsvr32 windows x86

49e90d95241b04f0986c227e4ce40d96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharLowerA
UnhookWinEvent
SetWinEventHook
wsprintfA

advapi32

RegCreateKeyA
DeleteService
OpenServiceA
StartServiceA
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
CloseServiceHandle
CreateServiceA

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
OpenEventA
VirtualFree
lstrlenA
VirtualAlloc
lstrcmpA
CloseHandle
CompareStringA
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
CreateEventA
MoveFileA
ReadFile
GetFileSizeEx
CreateFileA
WaitForSingleObject
GetProcAddress
LoadLibraryExA
GetModuleHandleA
HeapFree
SetFilePointerEx
GetModuleFileNameA
HeapAlloc
GetProcessHeap
VirtualProtect
LoadLibraryA
ExpandEnvironmentStringsA
MoveFileExA
GetFileAttributesA
DeleteFileA
GetLastError
SetUnhandledExceptionFilter
WriteFile
GetLongPathNameA
GetEnvironmentVariableA
DeviceIoControl
ExitThread
DisableThreadLibraryCalls
InterlockedExchange
SetEvent
FindClose
FindNextFileA
FindFirstFileA
ReleaseMutex
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
InterlockedExchangeAdd
LeaveCriticalSection
EnterCriticalSection
CreateMutexA
Beep
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
GetTickCount
WaitForMultipleObjects
GetExitCodeProcess
GetTempFileNameA
GetTempPathA
CreateThread
OpenThread
Thread32Next
Thread32First
Module32Next
Module32First

ntdll

memcpy
memmove
memset
_vsnprintf

msvcrt

malloc
free

Exports

Exports

DllRegisterServer
DllUnregisterServer
InitializePrintProvidor
ServiceMain
wep

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49e90d95241b04f0986c227e4ce40d96

Headers

File Characteristics

Imports

user32

advapi32

kernel32

ntdll

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 8KB - Virtual size: 8KB