820c8df55be139e5157e91846d6ce1332f94a5a4f14c3376ae350518f90a007f

Sharing

Copy URL Twitter E-mail

General

Target

820c8df55be139e5157e91846d6ce1332f94a5a4f14c3376ae350518f90a007f
Size

250KB
MD5

870ce6a1950645cfe76255e560c3afeb
SHA1

220f1ecf11439f6f92b9fa46daa5c405e4d00c6b
SHA256

820c8df55be139e5157e91846d6ce1332f94a5a4f14c3376ae350518f90a007f
SHA512

0252422fc672312834de6e5853567a0402b2d07a295aa2594f816832ccb02a1019b93e891c5efbd2dd43ef7496335594540c55a7c44a0e9a8e0f193e22cfe528
SSDEEP

6144:OukvAcIg/jU2Spvu1MD9Fm9bsFm4bsFm4bsFmO:O3h7Uf58MFm9bsFm4bsFm4bsFmO

Score

N/A

Malware Config

Signatures

Files

820c8df55be139e5157e91846d6ce1332f94a5a4f14c3376ae350518f90a007f
.dll regsvr32 windows x86

c09f603c6c4a2a7e60c63245315031cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
lstrlenW
GetComputerNameW
CreateMutexW
ReleaseMutex
CreateThread
GetCurrentProcessId
ResetEvent
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FindResourceExW
MultiByteToWideChar
LoadLibraryExW
FileTimeToSystemTime
LocalFileTimeToFileTime
UnmapViewOfFile
DisableThreadLibraryCalls
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
ProcessIdToSessionId
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
OpenThread
SetLastError
GetProcessHeap
HeapAlloc
HeapFree
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetLastError
VirtualFree
IsBadCodePtr
VirtualAlloc
VirtualProtect
IsBadReadPtr
InterlockedExchangeAdd
InterlockedExchange
WaitForSingleObject
DuplicateHandle
GetCurrentThreadId
TerminateThread
GetCurrentThread
GetThreadPriority
SetThreadPriority
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryW
CloseHandle
GetModuleHandleW
GetCurrentProcess
GetProcAddress
FreeLibrary
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
TerminateProcess
RtlUnwind
GetThreadLocale
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
lstrcpynW
WriteFile
CreateFileW
DeleteFileW
ReadFile
GetFileSize
GetTempFileNameW
CreateMutexA
lstrcpynA
lstrlenA
GetTickCount
WideCharToMultiByte
GetSystemTime
GlobalUnlock
GlobalLock
GlobalSize
GetTempPathW
CreateSemaphoreW
CreateDirectoryW
lstrcatW
lstrcpyW
GetSystemTimeAsFileTime
ReleaseSemaphore
Sleep
GetTimeZoneInformation
SetFilePointer
GlobalAlloc
GlobalFree
GlobalReAlloc
CreateFileA
GetACP
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
GetLocaleInfoA
UnhandledExceptionFilter

user32

UnregisterClassA
GetDesktopWindow
CharLowerW
CharLowerBuffW
GetWindowTextW
FindWindowExW
RegisterWindowMessageW
SendMessageTimeoutW
GetClassNameW
CharNextW
SetTimer
KillTimer
PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW

advapi32

OpenProcessToken
LookupPrivilegeValueW
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
RegOpenKeyExW
RegCloseKey
SetNamedSecurityInfoW
ConvertStringSidToSidW
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptDeriveKey
AdjustTokenPrivileges

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
GetHGlobalFromStream
CoUninitialize
CoInitializeEx
StringFromCLSID

oleaut32

SysStringByteLen
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
SafeArrayDestroy
VarBstrCmp
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SystemTimeToVariantTime

shlwapi

SHCreateStreamOnFileW
PathFileExistsW
StrStrIW
PathStripPathW

wtsapi32

WTSCloseServer
WTSFreeMemory
WTSQuerySessionInformationW
WTSOpenServerW

netapi32

NetApiBufferFree
NetWkstaUserEnum

oleacc

ObjectFromLresult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c09f603c6c4a2a7e60c63245315031cc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

oleacc

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 20KB - Virtual size: 18KB