9ed89d5facf943202c47b9d78177f4bd9db622055ec85331bbc98c8bc1410f02

Sharing

Copy URL Twitter E-mail

General

Target

9ed89d5facf943202c47b9d78177f4bd9db622055ec85331bbc98c8bc1410f02
Size

3.5MB
MD5

0f55132d3396aea4e8164a6af543764a
SHA1

560f794ed088c5296c42b0ad80f17e006629ba58
SHA256

9ed89d5facf943202c47b9d78177f4bd9db622055ec85331bbc98c8bc1410f02
SHA512

18e5bfd4323e2e8cb1f506a3af00f7cd707ef9bed19382748c9eb73a377f5f5a96fd6b79fcd2cfdc54ba8387ed03907c2aca67e06bec606ae284b7ff8455f9cd
SSDEEP

98304:q9Cf73l/s+s/K2rnTRQfBKC9wwEUHWG0Rd:pT3lE+sl3RGF9Zcv

Score

N/A

Malware Config

Signatures

Files

9ed89d5facf943202c47b9d78177f4bd9db622055ec85331bbc98c8bc1410f02
.dll regsvr32 windows x86

03422ad33ab236d4b096576db9238b58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
LoadLibraryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

user32

wsprintfA
CharUpperBuffW

advapi32

RegOpenKeyA
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shlwapi

StrStrIA

wtsapi32

WTSSendMessageW

Exports

Exports

AlphaBlend
DllCanUnloadNow
DllGetClassObject
DllInitialize
DllRegisterServer
DllUnregisterServer
DriverProc
GradientFill
INIT
Main
ServiceMain
TransparentBlt
midMessage
modMessage
mxdMessage
vSetDdrawflag
widMessage
wodMessage

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.up0
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.up1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03422ad33ab236d4b096576db9238b58

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wtsapi32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 116KB - Virtual size: 116KB

.up0 Size: 1.6MB - Virtual size: 1.6MB

.up1 Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 116KB - Virtual size: 116KB

.up0
Size: 1.6MB - Virtual size: 1.6MB

.up1
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB