0d90a50ed2d7097a0da0bb359d505e5f6386d098262b31913dc4d2501bf53537

Sharing

Copy URL Twitter E-mail

General

Target

0d90a50ed2d7097a0da0bb359d505e5f6386d098262b31913dc4d2501bf53537
Size

164KB
MD5

6dea360b366b445291f065505ae473ff
SHA1

8a1f691e388772a0eb8561fef098f9d7eca7441e
SHA256

0d90a50ed2d7097a0da0bb359d505e5f6386d098262b31913dc4d2501bf53537
SHA512

fe42474813fd96ea6a342adda4e80d828b448ecaeb56c3cb2955fa59fd5e19ea3a56aa1bfbbabb6adbcdf4ccd5bd36f61a3dd80332695fd53c3a539397577a61
SSDEEP

3072:M/3gcDjSpHCW4oDuuxRriGwCTFkrfNkU4C50nCP/H+J6/+rtqT9SH+S8:czjqHmt60/+val/+J4ceS

Score

N/A

Malware Config

Signatures

Files

0d90a50ed2d7097a0da0bb359d505e5f6386d098262b31913dc4d2501bf53537
.dll regsvr32 windows x86

a15d28c370f491df42410f409728cf69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

ImageDirectoryEntryToData

ntdll

RtlNtStatusToDosError
RtlCreateUserThread
NtQueueApcThread

kernel32

CloseHandle
lstrcmpA
SetFilePointerEx
LoadLibraryW
ReadFile
FlushInstructionCache
GetFileSizeEx
GetProcAddress
VirtualProtect
FreeLibrary
LoadLibraryExW
WaitForSingleObject
SetEvent
GetTickCount
VirtualAlloc
ReleaseMutex
VirtualFreeEx
TerminateThread
Sleep
FormatMessageW
ExitThread
lstrlenW
FreeLibraryAndExitThread
lstrcmpiA
VirtualAllocEx
Process32FirstW
ProcessIdToSessionId
CreateEventW
Module32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32NextW
GetCurrentProcessId
WriteProcessMemory
ResumeThread
IsWow64Process
DisableThreadLibraryCalls
SetLastError
OpenMutexW
GetCurrentProcess
SearchPathW
InterlockedDecrement
ExpandEnvironmentStringsW
SetFileAttributesW
LocalFree
DeleteFileW
lstrcmpiW
LocalAlloc
FindClose
GetLastError
GetModuleFileNameW
GetVersionExW
CopyFileW
GetSystemDirectoryW
GetModuleHandleExW
MoveFileExW
InterlockedIncrement
FindFirstFileW
CreateMutexW
GetTempFileNameW
OpenProcess

user32

LoadStringW
MessageBoxW
GetSystemMetrics

advapi32

AdjustTokenPrivileges
ControlService
QueryServiceStatusEx
SetServiceStatus
ChangeServiceConfigW
RegisterServiceCtrlHandlerExW
OpenServiceW
OpenSCManagerW
DeleteService
OpenProcessToken
CloseServiceHandle
CreateServiceW
CryptVerifySignatureW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
CheckTokenMembership
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
ChangeServiceConfig2W
StartServiceW
QueryServiceStatus
RegQueryValueExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ServiceMain
ServiceRunCmd

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a15d28c370f491df42410f409728cf69

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

ntdll

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 143KB - Virtual size: 142KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 143KB - Virtual size: 142KB

.reloc
Size: 1KB - Virtual size: 1KB