e06d7f4f790fa4a1b94556c78585f2f83d209f20552a262424a78710adb9f107

Sharing

Copy URL

Twitter E-mail

General

Target

e06d7f4f790fa4a1b94556c78585f2f83d209f20552a262424a78710adb9f107
Size

544KB
MD5

4f604ebfc959a6e0782273af1fb91b40
SHA1

e301e18a8a73a27077911e2f1b4c81695cb36519
SHA256

e06d7f4f790fa4a1b94556c78585f2f83d209f20552a262424a78710adb9f107
SHA512

893515b399cd1e2103c70457d3f3da97a5e9d2ec887effdc90228f3e9501435def97ab233a65d9bf7072899742747e15e68bb99c86a8441bba73fb759687dfd4
SSDEEP

12288:S4ciF6xLyNidzkj65XnJ1GTJX3nsEc8B+XLEqIeX6gAy/+:S4rFMkj65XnCTd3sVXMeBAG+

Score

N/A

Malware Config

Signatures

Files

e06d7f4f790fa4a1b94556c78585f2f83d209f20552a262424a78710adb9f107
.dll regsvr32 windows x86

ca92ab0540862c93d46f4ccfe890108b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathStripPathW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
UrlIsW

rpcrt4

UuidFromStringA

wininet

InternetCloseHandle
InternetConnectW
HttpSendRequestW
InternetSetStatusCallbackW
HttpAddRequestHeadersW
InternetCrackUrlW
InternetOpenW
HttpQueryInfoA
InternetReadFile
HttpOpenRequestA

urlmon

ObtainUserAgentString
IsValidURL

url

InetIsOffline

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetLocaleInfoA
WaitForSingleObject
LoadLibraryW
TerminateThread
GetVersionExW
GetProcAddress
GetExitCodeThread
CreateThread
FindResourceExW
FindResourceW
LoadResource
InterlockedDecrement
GetCurrentProcess
SetEvent
InitializeCriticalSection
WideCharToMultiByte
SizeofResource
LeaveCriticalSection
lstrlenW
FlushInstructionCache
RaiseException
SetLastError
MoveFileW
EnterCriticalSection
LockResource
CreateEventW
DeleteCriticalSection
GetCurrentThreadId
ReleaseMutex
CloseHandle
DeleteFileW
SwitchToThread
lstrlenA
FreeLibrary
MultiByteToWideChar
GetVersion
GetModuleFileNameW
GetFileSize
ReadFile
CreateFileW
CreateMutexA
LoadLibraryExW
InterlockedIncrement
GetModuleHandleW
ExitProcess
DisableThreadLibraryCalls
lstrcmpiW
WriteFile
Sleep
SetThreadPriority
ReleaseSemaphore
CreateSemaphoreW
ResumeThread
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetModuleHandleA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
HeapCreate
GetModuleFileNameA
GetCPInfo
TlsFree
TlsSetValue
CreateFileA
SetStdHandle
LCMapStringW
IsValidCodePage
GetOEMCP
TlsAlloc
TlsGetValue
GetCommandLineA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
GetLastError
VirtualQuery
HeapFree
GetProcessHeap
InterlockedCompareExchange
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
GlobalAddAtomA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetACP

user32

UnregisterClassA
FindWindowW
CreateWindowExW
DispatchMessageW
DefWindowProcW
MessageBoxW
CharNextW
SetTimer
GetMessageW
PostMessageW
KillTimer
LoadCursorW
GetClassInfoExW
TranslateMessage
RegisterClassExW
GetWindowLongW
PeekMessageW
SetWindowLongW
SendMessageTimeoutW
IsWindow
CallWindowProcW
SendMessageW

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
GetUserNameW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW

shell32

DoEnvironmentSubstW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VariantChangeType
VariantInit
VariantCopy
VariantClear
LoadRegTypeLi
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString

dnsapi

DnsQuery_W

Exports

Exports

ConvertToBMP
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetDownloadManager
GetHelperObject
IsUnicode
StaticCallJS
UnpackGzip

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 195KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ca92ab0540862c93d46f4ccfe890108b

Headers

File Characteristics

Imports

shlwapi

rpcrt4

wininet

urlmon

url

kernel32

user32

advapi32

shell32

ole32

oleaut32

dnsapi

Exports

Exports

Sections

.text Size: 244KB - Virtual size: 243KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 9KB - Virtual size: 17KB

.SHARED Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 17KB - Virtual size: 17KB

.text Size: 195KB - Virtual size: 196KB

.text
Size: 244KB - Virtual size: 243KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 9KB - Virtual size: 17KB

.SHARED
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 195KB - Virtual size: 196KB