bedba61827b8b0dd2b0a0855803978d30b22a8d9771acf5c3fbe0961ab91dbaf

Sharing

Copy URL Twitter E-mail

General

Target

bedba61827b8b0dd2b0a0855803978d30b22a8d9771acf5c3fbe0961ab91dbaf
Size

890KB
MD5

0bae191034137cc328970355cd36e3e0
SHA1

0dc8fbc1cfc8b4122dd2c8da10310810c14339a4
SHA256

bedba61827b8b0dd2b0a0855803978d30b22a8d9771acf5c3fbe0961ab91dbaf
SHA512

8c88b9f95ae732f568c8d0decf80e3a7650e291f9fe565b12f7334f30fdc1d2915bd4a5b5495c3dea0f0d93be496ac3513be7667cd55bd0168214083407228a2
SSDEEP

24576:mBEp1+WjYBWoxZXhy6VNq3z3ZTIootrmq1wxTJ:m81+Wja1GuNmq1wxT

Score

N/A

Malware Config

Signatures

Files

bedba61827b8b0dd2b0a0855803978d30b22a8d9771acf5c3fbe0961ab91dbaf
.dll regsvr32 windows x86

679a5e25575970af4594011923ca1741

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyA

kernel32

GetThreadLocale
GetLocaleInfoA
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
QueryPerformanceCounter
InterlockedCompareExchange
GetCurrentProcessId
GetCurrentProcess
FormatMessageA
FormatMessageW
SetLastError
LoadLibraryW
VirtualFree
VirtualProtect
GetVersionExA
LoadLibraryA
LocalAlloc
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
RaiseException
GetSystemInfo
FindResourceExA
LoadResource
LockResource
FindResourceA
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
CopyFileW
CreateDirectoryW
GetProcAddress
SetEndOfFile
SetFilePointer
WriteFile
FindClose
FindNextFileW
FindFirstFileW
GetModuleFileNameW
VirtualAlloc
HeapAlloc
GetConsoleCP
GetSystemDefaultLangID
GetUserDefaultLangID
LoadLibraryExW
lstrlenA
WideCharToMultiByte
GetEnvironmentVariableA
MultiByteToWideChar
lstrlenW
InterlockedExchange
GetLastError
lstrcmpiA
GetModuleFileNameA
FreeLibrary
IsDBCSLeadByte
LoadLibraryExA
GetModuleHandleA
Sleep
ExpandEnvironmentStringsW
GetFileSize
CloseHandle
CreateFileW
ReadFile
HeapFree
GetProcessHeap
SizeofResource

msvcr80

memcpy
_vsnprintf_s
??3@YAXPAX@Z
atoi
strrchr
__CxxFrameHandler3
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
strcpy_s
isxdigit
iswdigit
memmove
wcsncpy_s
_fpclass
atof
sprintf_s
strncat_s
_ecvt_s
swscanf_s
_isnan
_finite
_purecall
memmove_s
memcpy_s
bsearch
_wcsicmp
wcsrchr
_vsnwprintf_s
wcscat_s
qsort
_wcsicoll
wcschr
_mbsnbcpy_s
strcat_s
_splitpath_s
wcsncmp
??2@YAPAXI@Z
wcscpy_s
_recalloc
_resetstkoflw
malloc
calloc
free
memset
_CIfmod

ole32

StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoGetClassObject
CoCreateInstance

oleaut32

SysFreeString
VarBstrCat
VarUI4FromStr
VarI4FromDec
SysAllocString
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
VarDecFromI4
VarDecFromUI4
VarDecFromR4
VarDecFromR8
VarDecFix
VarI1FromDec
VarUI1FromDec
VarI2FromDec
VarUI2FromDec
VarUI4FromDec
VarR4FromDec
VarR8FromDec
VarR8FromStr
SetErrorInfo
VarBstrFromDec
GetErrorInfo
VarDecCmp
VarDecDiv
VarDecMul
VarDecSu
VarDecAdd

shell32

SHGetFolderPathW

user32

UnregisterClassA
LoadStringA
LoadStringW
PeekMessageA
CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

679a5e25575970af4594011923ca1741

Headers

File Characteristics

Imports

advapi32

kernel32

msvcr80

ole32

oleaut32

shell32

user32

Exports

Exports

Sections

.text Size: 797KB - Virtual size: 797KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 25KB - Virtual size: 25KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 797KB - Virtual size: 797KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 25KB - Virtual size: 25KB

.rmnet
Size: 56KB - Virtual size: 60KB