5feb1cf371a5cda38a00cebb43e7287749ddc73d0d65ef3aff213fe3f45bb9bc

Sharing

Copy URL Twitter E-mail

General

Target

5feb1cf371a5cda38a00cebb43e7287749ddc73d0d65ef3aff213fe3f45bb9bc
Size

152KB
MD5

43f0c47c1974f491f049bf0b7bdc0f30
SHA1

288848297b85441990055fe37c61c7622876db08
SHA256

5feb1cf371a5cda38a00cebb43e7287749ddc73d0d65ef3aff213fe3f45bb9bc
SHA512

b64accca3bcf914c9b821d01613a81eac5427bb4526133cac53990a9a4cd865d4805a8a2914d559eeed5c0dd3fdca96a523dcbb682d3ae8c0095c1b92c9423bf
SSDEEP

3072:tYacOr4/nSJ/PxD7/fHFVlS+m7C3/yPwWdX5i:tYacMZ7//Fyl76cw+X

Score

N/A

Malware Config

Signatures

Files

5feb1cf371a5cda38a00cebb43e7287749ddc73d0d65ef3aff213fe3f45bb9bc
.dll regsvr32 windows x86

fa2ee8ebe446184e5eb4bd56e98a1e60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
lstrcpynA
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
lstrcpyA
lstrcatA
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FreeLibrary
LoadLibraryA
IsDBCSLeadByte
GetProcAddress
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
IsBadReadPtr

user32

CharNextA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fa2ee8ebe446184e5eb4bd56e98a1e60

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 5KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 5KB

.rmnet
Size: 60KB - Virtual size: 60KB