b40909ac0b70b7bd82465dfc7761a6b4e0df55b894dd42290e3f72cb4280fa44_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

b40909ac0b70b7bd82465dfc7761a6b4e0df55b894dd42290e3f72cb4280fa44_unpacked
Size

3.2MB
MD5

d51d485f98810ab1278df4e41b692761
SHA1

0b28de2c2b0913cc5684461812d294f50fea6105
SHA256

b40909ac0b70b7bd82465dfc7761a6b4e0df55b894dd42290e3f72cb4280fa44
SHA512

5488d169047aea84e89913ce48ffbf7148eedf343ee8b6636607f458a8b54daeee671f4e453bc4da0358c3509f7b105cf2dea73a13625d32d76f2446d295f8f4
SSDEEP

49152:11Y2apHQbtZdQ15Prdh1cPwPV2PX68tOLvknTLccEPbx6bV:8dD/PQXlUGQx6bV

Score

N/A

Malware Config

Signatures

Files

b40909ac0b70b7bd82465dfc7761a6b4e0df55b894dd42290e3f72cb4280fa44_unpacked
.dll regsvr32 windows x64

f4e1c3aaec90d5dfa23c04da75ac9501

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentDirectoryW
TlsFree
TlsSetValue
GetExitCodeThread
GetCurrentThreadId
TlsAlloc
SetThreadPriority
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetFileAttributesW
SetEndOfFile
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
GetEnvironmentVariableW
GetVersionExA
GetComputerNameW
GetVersionExW
CreateEventW
FindClose
FindNextFileW
FindFirstFileW
GetTimeZoneInformation
LocalFree
FormatMessageW
EncodePointer
DecodePointer
InitializeCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitThread
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
GetSystemTimeAsFileTime
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
HeapSize
GetModuleHandleW
ExitProcess
GetModuleFileNameW
GetLocaleInfoW
FlsGetValue
FlsFree
SetLastError
FlsAlloc
SetHandleCount
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA
GlobalMemoryStatus
FlushConsoleInputBuffer
LoadLibraryA
FileTimeToSystemTime
CreateFileW
SetFilePointer
GetProcessHeap
CreateMutexW
GetStartupInfoW
DuplicateHandle
GetStdHandle
GetConsoleWindow
CreateProcessW
WaitForSingleObject
TerminateProcess
OpenProcess
GetExitCodeProcess
ReadFile
GetLastError
WriteFile
CreatePipe
CloseHandle
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetFullPathNameA
GetCurrentProcess
SetUnhandledExceptionFilter
GetFileInformationByHandle
ExpandEnvironmentStringsW
CreateThread
GetProcAddress
LoadLibraryW
FreeLibrary
WideCharToMultiByte
CreateFileA
SetConsoleMode
ReadConsoleInputA
SetFileAttributesA
EnterCriticalSection
MultiByteToWideChar
LeaveCriticalSection
Sleep
PeekNamedPipe
LCMapStringW
TryEnterCriticalSection
GetDriveTypeW

user32

OemToCharBuffA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxW

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

urlmon

ObtainUserAgentString

winhttp

WinHttpGetIEProxyConfigForCurrentUser

advapi32

CryptSetHashParam
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegCloseKey
RegQueryValueExW
CryptDestroyKey
CryptGetUserKey
CryptGetProvParam
CryptEnumProvidersA
CryptDecrypt
CryptCreateHash
CryptSignHashA
CryptDestroyHash
CryptExportKey
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegOpenKeyExW

ws2_32

getsockopt
socket
ioctlsocket
getnameinfo
WSASetLastError
listen
bind
accept
getsockname
closesocket
setsockopt
inet_addr
getaddrinfo
freeaddrinfo
ntohl
htons
ntohs
WSAStartup
WSACleanup
select
recvfrom
sendto
recv
WSAGetLastError
getpeername
send
connect
shutdown

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertOpenStore

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 357KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4e1c3aaec90d5dfa23c04da75ac9501

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

iphlpapi

urlmon

winhttp

advapi32

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 520KB - Virtual size: 519KB

.data Size: 357KB - Virtual size: 385KB

.pdata Size: 86KB - Virtual size: 86KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 520KB - Virtual size: 519KB

.data
Size: 357KB - Virtual size: 385KB

.pdata
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 37KB - Virtual size: 36KB