404e143054092ce47d51b4aa4f50a360b61335a58fbc9d5640bfe6da7767497a

Sharing

Copy URL Twitter E-mail

General

Target

404e143054092ce47d51b4aa4f50a360b61335a58fbc9d5640bfe6da7767497a
Size

476KB
MD5

83dc36393e4bfa1b45dd76e365b63f8d
SHA1

350962e6ecc1793c3d5ceac628098c45fbe53cac
SHA256

404e143054092ce47d51b4aa4f50a360b61335a58fbc9d5640bfe6da7767497a
SHA512

efe0b61c1b1b169e508201bc9ca46c9558e2412ef7797aa5dbeddf70cf99e9567ebd84d7cc27835018039aac4e83c046170b912c5e070de2ad3fae01f7fd6544
SSDEEP

12288:JllLhhi1NmrdqYo22Q61P4eOfYh0igTx9nXMOx:NiCgg2x1P4hfYMdt

Score

N/A

Malware Config

Signatures

Files

404e143054092ce47d51b4aa4f50a360b61335a58fbc9d5640bfe6da7767497a
.dll regsvr32 windows x86

2961b405d39d64fc104be4346df6761c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wiaservc

wiasSetPropChanged
wiasGetRootItem
wiasSetItemPropAttribs
wiasWriteMultiple
wiasReadPropLong
wiasSetItemPropNames
wiasValidateItemProperties
wiasWritePropStr
wiasReadPropGuid
wiasWritePropGuid
wiasReadPropStr
wiasGetChangedValueLong
wiasGetImageInformation
wiasCreateDrvItem
wiasWritePropLong
wiasReadMultiple
wiasGetItemType
wiasCreatePropContext
wiasFreePropContext
wiasUpdateScanRect
wiasUpdateValidFormat
wiasGetDrvItem
wiasWritePageBufToFile

kernel32

SetEnvironmentVariableA
Sleep
GetProcessHeap
SetEndOfFile
ReadFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
CreateEventA
CloseHandle
DeleteFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetSystemTime
lstrcpyW
GetUserDefaultLangID
GetSystemDefaultLangID
GetTickCount
CreateSemaphoreA
GetCurrentProcessId
WaitForSingleObject
ReleaseSemaphore
GetTempPathA
OutputDebugStringA
InterlockedExchange
GetCurrentThreadId
SetEvent
IsBadWritePtr
ResetEvent
GetOverlappedResult
WaitForMultipleObjects
GetLastError
DeviceIoControl
FlushFileBuffers
RaiseException
GetSystemTimeAsFileTime
GetStdHandle
SetFilePointer
ExitThread
GetUserDefaultLCID
VirtualFree
HeapCreate
GetEnvironmentStringsW
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapReAlloc
GetACP
HeapSize
GetModuleHandleA
ExitProcess
RtlUnwind
WriteFile
GetTimeZoneInformation
GetOEMCP
TlsSetValue
TlsGetValue
CreateThread
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
TlsAlloc
CompareStringA
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringW
TlsFree
SetLastError

user32

wsprintfA
CharNextA
wvsprintfA

advapi32

RegOpenKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoGetClassObject
CLSIDFromString
StringFromIID
FreePropVariantArray
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TulipLog
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2961b405d39d64fc104be4346df6761c

Headers

File Characteristics

Imports

wiaservc

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 176KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 28KB - Virtual size: 32KB

TulipLog Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 16KB - Virtual size: 14KB

.text Size: 208KB - Virtual size: 208KB

.text
Size: 180KB - Virtual size: 176KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 28KB - Virtual size: 32KB

TulipLog
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 16KB - Virtual size: 14KB

.text
Size: 208KB - Virtual size: 208KB