8e9679509eec3877d8e90f9aa8289b888de53c3412e86a2a295d900350f7285f

Sharing

Copy URL Twitter E-mail

General

Target

8e9679509eec3877d8e90f9aa8289b888de53c3412e86a2a295d900350f7285f
Size

71KB
MD5

4a05e96fa76aaa9ddea4771520a26455
SHA1

72e3e10bb81436fc84704c260cb393f3eb632562
SHA256

8e9679509eec3877d8e90f9aa8289b888de53c3412e86a2a295d900350f7285f
SHA512

6206ae86c86db3a7824bb8833575f16a4402e15658d6e4e2348a8feec88f22675ae839f1c5bbb51277dfd3c4aff7533221e38d9c795e5db73b15a5868c47c117
SSDEEP

1536:npBecwNhvyEvMljBt1GnSy5U4b+Yhi9L/cs1itZoae:pdwTvyKMHtESyi4ni9hitZoae

Score

N/A

Malware Config

Signatures

Files

8e9679509eec3877d8e90f9aa8289b888de53c3412e86a2a295d900350f7285f
.dll regsvr32 windows x86

03d827b603ce72fbe6c3922580dbffa9

Code Sign

11:f3:af:c3:27:d0:1e:a0:4b:6d:03:1a:ce:d9:5c:a2
Certificate

Issuer

CN=Root Agency

Not Before

08/12/2009, 07:34

Not After

31/12/2039, 23:59

Subject

CN=Microsofft 模块

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
InterlockedDecrement
InterlockedIncrement
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
GetLastError
IsDBCSLeadByteEx
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
GetCurrentThreadId
lstrlenW
DisableThreadLibraryCalls
CreateThread
TerminateThread
CloseHandle
Sleep
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar

user32

DestroyWindow
CharLowerA
SetWindowLongA
wsprintfA
CharNextA
LoadStringA
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
GetFocus
IsChild
GetClassInfoExA
CreateWindowExA
ReleaseDC
GetDC
RegisterClassExA
CallWindowProcA
GetWindowLongA
LoadCursorA
PostMessageA

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA

ole32

CoCreateInstance
CoInitialize
CoGetMalloc
StringFromIID
CoCreateGuid

oleaut32

SafeArrayGetDim
SysFreeString
VariantClear
VariantCopy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
DispCallFunc
SysStringLen
LoadRegTypeLi
SysAllocString
LoadTypeLi
RegisterTypeLi
SafeArrayGetElemsize

gdi32

RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
LPtoDP
GetDeviceCaps
CreateDCA
SaveDC

msvcrt

_stricmp
wcslen
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_strnicmp
strtoul
strcat
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcscpy
??1exception@@UAE@XZ
??0exception@@QAE@XZ
malloc
_vsnprintf
strtol
wctomb
_mbsnbcmp
_mbschr
_mbclen
_mbsnbicmp
free
_purecall
memcpy
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memmove
__CxxFrameHandler
strlen
atoi
strcpy
strstr
sprintf
strncpy
time
strftime
localtime
_mbsicmp
strchr
fclose
fopen
memcmp
realloc
_mbsstr

shlwapi

PathFindFileNameA

wininet

InternetSetOptionA
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetGetConnectedState
InternetReadFile

msvcp60

??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

Exports

Exports

ALVELCTSVRTgeWp
AMEtmUnYJbsASqH
ANPnMFkragpRMUJ
AgBdrWoCnmMmUlg
AkEYIZPnbFgSeLF
BHfkEibjq_g
BQAdUWSjQckWQOQ
BTklVHSdMMHtIjc
BYfkCSRDQHdqArg
CLJmagsphcLkFRn
CRUKSNAndGXqlAk
CWnFYShJOjQCakF
DHJXHsEESLUbVsg
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EBUeSKTMBBbIBoF
EWRINBiPcrAFlNc
EkMsLCijH_2
FGCrsYkagGGanag
FHopGXUPWgZXQXs
FRYBWGPZkYLDWZS
FafcqDJpOaJGJfi
FeYRBinDTjlRHFM
FqHMUtkAXIOJmRa
GCpahKpLpPtDSVE
GNTotcqGhdgINSR
GlHXhjjfLWRnBdX
HAWdnqLOciUipIQ
HKiWMFJqWmJqsBV
ICfXQdKOE_k
INRTLfmoL_i
IOsPSEIeLYiYhVh
IWMTJOfVQYYGNde
IaqUasWjr_3
IrISGYPpUUATFkS
JEJcrQdmqLmVqVo
JJggEfRgdoaSSeJ
JpQCESflOUdXofQ
JrEeOefnAFTLdeR
KMbtaOVgoDLHlAW
KOGYdnCrSrCZter
KjGDCnOtHYsMmdW
KkitdKiEpiXaaEh
LFZApaACQgrQlAW
LKkmIGkCYMcDmfq
LQXJloLcteKJKLg
LaVCcZFMUTLrNbb
LdXUDFskddqWKhY
LiYtIlbrUFXnOdh
LlpFMMcXNTReEDf
LpOfPLiSbPsKBGh
MDnCmjkNFcoAiPY
MWCmOLdhKTPhGbW
MeWiGHemG_9
MjYBaodhFHTSZXm
NIibCIjeAnKkUIt
NSJQUcpDNQIMQla
NbHUaFWXZoQWIjm
NflenrATAnpcSQZ
OFVbBhNOfGlfKLt
OQtObgTUJjphdoW
ORiXarQdCIXMJSe
OeVLtmsTOSZnPbL
PpDLArATkHFSHMB
QYZsipmKDFfoSsN
QaFXlekPtsOCIbL
RGOkgnLETDLVaQm
RKGhWTlUD_l
RXRPkGaPQZKnbVr
RZcXgOWPiJiPZgX
SROCSENkLEdTCVn
SSEaWSMPg_6
SVDLQGPDsKIAOOM
SffTjQNBmfqIRHR
SjEBTLfQjpWpXdX
SkWTeltUPInmilY
SsgGYqLrpGNKRPq
TrTUtJAjT_8
UTgrBcFSC_m
UihmfcLCcTgXDJr
UodcfCahSXOUpVn
VEgUFilmGpYqKJH
VpDHhdlmAJJfgXC
WBlZWnLYGoepAGn
WPOBFCAAjXksbKm
WpGejlDrRVjqJMS
XLBGrJIhHDngTGP
XNaZrAboO_7
XQGdWRIsMGPneFD
XgPZMBOSNpYqogI
XhpEHTGcQFPUkNS
YCIqQAibq_c
YDIPSUHNjYopMhT
YPPIZMqNgOFjBPj
YPmbEfeeZUgfTOr
YtngmLQibgRCTOT
ZESnaXYGMlAsrmT
ZFsQaMnKIdSIqpg
ZOIZaqlQWMGfjIX
ZTlKomKfUDnLkrY
ZlAoclPOnHRLcpX
ZtUTjKTIdCXgZnS
ahtZcJbLN_4
arajcpIieqGRBMC
atdZkhKjKZkITXc
bYibolntojGrsmL
baVYSrBBeGjDnYo
cdOqCYIphUVKVeV
dFcUibTqKPIiWLZ
dHhBqBqdi_d
dIIaRCGfTFQjFPk
dIMnDVgSiXOsYLk
dMYNEYDsnSWWnHI
drHrnQRXXEKWLRg
eAbMMTHLLbVbXPT
eNtMOPWBKeGdXWO
eUjcsjaSdTNBsLo
fDPYPbpmfeOdbCC
fTRnRNTKO_j
fVqiLlTHfiXjXLm
fgGlmjmmnRPsihR
gHiGOGkCSCZsbGd
gKsQNhFXGRTqEOd
gNrFFipec_b
gQVepRTeoDOcWeJ
gRnXiAZbLETYcLt
geaLHLHRWOkFjUZ
gioDmajsqIXILVV
hEHWLiltHZYPYHD
hJGsWNUlQnMHmRE
hKcrEpJRZCdYTsD
hMjaNLXXEqWKONt
hXniLsHNVqLNraW
hppfBfNTo_n
htKchkmcLAkAqFY
iHdaPfQkQnnRipa
iKfDXqAmU_5
iMEsMloiZSbkJWK
iNGoUMXVNJkOThs
ighWBjIUgZImjYp
ipErrVTijXjcMdM
jHBGlAgIbjVVigR
jJlMiAehP_f
jVEEEeXQjJIHTGP
kBVPQdtOAOkWsCl
kJYqYgYeU_h
kQkcgYSlGKsbTLV
kTdaTceIlshNOcl
kaRcrLqNr_e
knPXXqIAHcpfjJl
lCZhPdcssbZbBtj
lLNmjcBFLYsSpID
lVPfMIKRTjGsRGh
mUSqCqPnHeblGcf
nBAFIlQpXDogDCm
nBpVKLjmdjlQAdP
nLJFACBmeKgQAlt
nSNdccipDEPPMFg
ndHiLMfZrEHQjRh
ndZfJAaKFKpfQrA
oDeKXpoYL_1
oHBOPlpGFSFEDIP
oKEDCoTFDSddfti
oMXdNhmtbHkKqPk
ofXjkNZaZlPtAcW
pEftigILYEniRHl
ptkZChRSq_a
qDNUZiVRbfZUCIZ
qICBqVPBlRVWUjD
qJeqXWjGobAlmJt
qTnEcARsLCJiMib
qYTUrfRLaMOChHb
qcWQYLDKjbZSUnk
qlBiQtmbdGRSiga
qnGLTsqrZlVhARP
qoUmeTkQHniZaIQ
rCYoeRXClhJCTfD
rttBaddVfYXmSMk
sQYHdCdPkiLJODt
sULUZpJXRoNrWII
sjBisQnKMMbpcEE
skUgVaDOWgXKHgn
spBSMjnGQIFpfUs
tHElJWfhEXtUFOU
tRWHpKbMEbYjqlE
toQTGbDrmNsosjn

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text,ER
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03d827b603ce72fbe6c3922580dbffa9

Code Sign

11:f3:af:c3:27:d0:1e:a0:4b:6d:03:1a:ce:d9:5c:a2Certificate

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

gdi32

msvcrt

shlwapi

wininet

msvcp60

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.text,ER Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

11:f3:af:c3:27:d0:1e:a0:4b:6d:03:1a:ce:d9:5c:a2
Certificate

.text
Size: 50KB - Virtual size: 49KB

.text,ER
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB