63bee7416a8dd9f300cb137411cbbd620fff839acf01177439b796b8387d312b

Sharing

Copy URL

Twitter E-mail

General

Target

63bee7416a8dd9f300cb137411cbbd620fff839acf01177439b796b8387d312b
Size

117KB
MD5

96ab514765a4f2123bdb25345295e7f0
SHA1

9618955a6c280faebe852e3224b1e6d29ac9a121
SHA256

63bee7416a8dd9f300cb137411cbbd620fff839acf01177439b796b8387d312b
SHA512

95e2d4245405e02c80a57caa076df5a650e6ae9f1763dffaa0b150a27594150911cfb293713378488ee7f8c6c5de332ecc9b47336cfa79049168759a06d70aa5
SSDEEP

3072:npr2YUlTwPgAfxajN3q65DslwsvYM/r1Sd54Hvlpr7x:VQwPnxsJl5psw4Rvz

Score

N/A

Malware Config

Signatures

Files

63bee7416a8dd9f300cb137411cbbd620fff839acf01177439b796b8387d312b
.exe regsvr32 windows x64

3f0d5a856c16a54bc4a4eb47ab7e554b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathQuoteSpacesA
PathFileExistsA
PathRemoveArgsA
PathUnquoteSpacesA

advapi32

InitializeSecurityDescriptor
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
RegDeleteKeyA
QueryServiceConfigA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
SetSecurityDescriptorDacl
QueryServiceStatusEx
CloseServiceHandle
GetTokenInformation
OpenProcessToken
DeleteService
OpenServiceA
OpenSCManagerA
StartServiceA
ControlService
SetServiceStatus
EnumServicesStatusExA
GetUserNameA
CreateServiceA

user32

CharNextA
CharLowerA
wvsprintfA
LoadStringA

kernel32

IsBadReadPtr
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
lstrlenA
CloseHandle
GetModuleHandleA
WideCharToMultiByte
GetStringTypeExA
GetThreadLocale
lstrcmpA
lstrcmpiA
GetProcAddress
ReadFile
GetFileSize
CreateFileA
WriteFile
DeleteFileA
GetVersionExA
GetCurrentProcess
LoadLibraryA
VirtualQuery
Sleep
GetCurrentProcessId
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
CreateMutexA
MapViewOfFileEx
SetEvent
OpenEventA
GetLastError
GetTickCount
GetVolumeInformationA
CreateFileMappingW
MoveFileExA
GetExitCodeProcess
lstrlenW
GetComputerNameA
QueryDosDeviceA
GetLogicalDriveStringsA
ExpandEnvironmentStringsA
FreeLibrary
GetSystemTime
GetModuleFileNameA
GetTempFileNameA
GetTempPathA
CreateThread
ExitProcess
CreateEventW
OpenEventW
FreeLibraryAndExitThread
CreateEventA
GetLocaleInfoA
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
GetCommandLineA
GetStdHandle
HeapSetInformation
HeapCreate
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSize
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA

shell32

ShellExecuteExA

ole32

CoInitialize
StringFromGUID2
CoUninitialize

psapi

GetProcessImageFileNameA

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetConnectedState
InternetCheckConnectionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f0d5a856c16a54bc4a4eb47ab7e554b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

advapi32

user32

kernel32

shell32

ole32

psapi

wininet

Exports

Exports

Sections

.text Size: 101KB - Virtual size: 101KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 101KB - Virtual size: 101KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 3KB