be5f3bd3c694b5234c37e03f7d2b6c6d37935aecab328715de674239249e35a6

Sharing

Copy URL Twitter E-mail

General

Target

be5f3bd3c694b5234c37e03f7d2b6c6d37935aecab328715de674239249e35a6
Size

153KB
MD5

5a4737170f3c531a763c99c79700e450
SHA1

c947210b7cbcf22821c20c15be90740c5c8e4427
SHA256

be5f3bd3c694b5234c37e03f7d2b6c6d37935aecab328715de674239249e35a6
SHA512

125443c3bebed3f1c9b3af7f12a0f169277fe840f3e96e2964825aadb8b5f33076c3a87001412a7bba5cdf6f32e4c77f07a7871e024264f344298946a5b8f1ec
SSDEEP

3072:8RkvEtdaoOBoN1kO1hZOceoLP6is0eu6SqixCIZz:lEtkoIk1kO1hZOcH76isE6Gn

Score

N/A

Malware Config

Signatures

Files

be5f3bd3c694b5234c37e03f7d2b6c6d37935aecab328715de674239249e35a6
.dll regsvr32 windows x86

104032f6cd1e4096deb347317f4cc46a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiOpenClassRegKey

mfc90u

ord1137
ord3497
ord1668
ord1769
ord616
ord2595
ord753
ord5152
ord5661
ord4632
ord4608
ord5277
ord5301
ord5231
ord5508
ord5511
ord5509
ord5510
ord2050
ord795
ord4265
ord1688
ord436
ord590
ord1111
ord5755
ord539
ord4026
ord2365
ord5168
ord5047
ord2224
ord2597
ord321
ord3908
ord1018
ord4027
ord756
ord4692
ord1640
ord4700
ord5662
ord1709
ord5011
ord1405
ord549
ord4043
ord589
ord3670
ord4905
ord3115
ord6018
ord5663
ord5680
ord4996
ord4347
ord5676
ord5674
ord3217
ord4000
ord4213
ord5830
ord6741
ord5548
ord1048
ord4179
ord6035
ord2206
ord2251
ord4747
ord6803
ord4173
ord6801
ord4423
ord4448
ord794
ord1250
ord1254
ord266
ord4211
ord1092
ord2447
ord2084
ord265
ord1063
ord3648
ord1715
ord1782
ord2040
ord6476
ord4516
ord3907
ord5167
ord5008
ord6760
ord2360
ord4442
ord1938
ord2057
ord1918
ord1934
ord5632
ord5324
ord2208
ord1810
ord1809
ord1675
ord3353
ord6408
ord1492
ord5653
ord4682
ord3515
ord374
ord296
ord813
ord654
ord4664
ord3528
ord615
ord2103
ord1601
ord4510
ord2277
ord1667
ord4654
ord3496
ord2274
ord1665
ord3355
ord6411
ord1754
ord1751
ord4345
ord1493
ord4652
ord5602
ord2074
ord5512
ord6800
ord4603
ord5664
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1248
ord1088
ord3736
ord6385
ord2537
ord6579
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord6311
ord1937
ord802
ord322
ord1076
ord1145
ord1271
ord1273
ord2764
ord3286
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4681
ord3489
ord595
ord4631
ord611
ord772
ord639
ord2478
ord799
ord286
ord909
ord600
ord5979
ord3185
ord938
ord801
ord605
ord1274
ord1241
ord1239
ord1264
ord1180
ord1233
ord391
ord1152
ord2087

msvcr90

wcscpy_s
wcslen
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
wcstok_s
_CxxThrowException
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
_recalloc
wcsncpy_s
memcpy_s
free
malloc
wcscat_s
memcmp
wcsstr
_wcsicmp
memset
wcscmp
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3

kernel32

InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
GetModuleFileNameW
LoadLibraryExW
CloseHandle
CreateSemaphoreW
GetFullPathNameW
lstrcmpiW
RaiseException
lstrlenW
lstrcatW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LoadResource
FindResourceW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalAlloc
LocalFree
ReleaseSemaphore
GetCurrentThreadId
WaitForSingleObject
GetCurrentProcessId
InitializeCriticalSection

user32

FindWindowW
SetForegroundWindow
GetSystemMetrics
SendMessageW
EnableWindow
CharNextW

gdi32

GetBkColor

advapi32

RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetFileInfoW

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysAllocString
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysFreeString

msvcp90

??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

104032f6cd1e4096deb347317f4cc46a

Headers

File Characteristics

Imports

setupapi

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp90

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 62KB - Virtual size: 63KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 62KB - Virtual size: 63KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 8KB - Virtual size: 7KB