1e3138ea5fd62f65d86bcb86e28977aac95a74753c7193d8ce5db80172a27c32

Sharing

Copy URL Twitter E-mail

General

Target

1e3138ea5fd62f65d86bcb86e28977aac95a74753c7193d8ce5db80172a27c32
Size

196KB
MD5

0c61d6c106280983d2622883b458b870
SHA1

c4c957302e9c4861a81ec0487aef8ecd6e483a7b
SHA256

1e3138ea5fd62f65d86bcb86e28977aac95a74753c7193d8ce5db80172a27c32
SHA512

9f528c2844f92424c858c20d9a01615d4f19f770bd2c7e1c078d7343028fd4d8d186124a4ed6541ba0c0dfcc458ffc031eea17f0a499d44e85d573f5d9153e50
SSDEEP

3072:luecoQkoK/IWbGMGHgXns4g8L51H864J1Vdt9QgAza:lLcFkP/IWKTAX/3L5t864J1VHGgA+

Score

N/A

Malware Config

Signatures

Files

1e3138ea5fd62f65d86bcb86e28977aac95a74753c7193d8ce5db80172a27c32
.dll regsvr32 windows x86

3ff710986f97042f53758086308818ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord600
ord1578
ord269
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord6467
ord1131
ord2725
ord3953
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord1116
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord823
ord825
ord1575
ord1176
ord826

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
fseek
ftell
strcpy
fwrite
memcpy
_purecall
memset
fopen
fprintf
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
strlen
memcmp
realloc
malloc
free
_ftol
fread
fclose
__CxxFrameHandler

kernel32

CloseHandle
CreateEventA
ResetEvent
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
WideCharToMultiByte
GetModuleFileNameA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
GetExitCodeThread
DeleteCriticalSection
InitializeCriticalSection
SetEvent
LocalFree
LocalAlloc
FreeLibrary
GetModuleHandleA

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumValueA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance

oleaut32

LoadRegTypeLi
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3ff710986f97042f53758086308818ea

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 2KB

.text Size: 128KB - Virtual size: 128KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 128KB - Virtual size: 128KB