6976a152e57713286649d7b0f0f4368630f8ba92076a35be68436d4a0505650d

Sharing

Copy URL

Twitter E-mail

General

Target

6976a152e57713286649d7b0f0f4368630f8ba92076a35be68436d4a0505650d
Size

1.0MB
MD5

91e44b8441750665ec9555b85eb829a6
SHA1

8a1b06c84327675fac5f062be08f4b725a3466fb
SHA256

6976a152e57713286649d7b0f0f4368630f8ba92076a35be68436d4a0505650d
SHA512

a4cf552b7fb3a0a59b8485dd1b512a9a52590a890a8d6f74bd4e8510c4c1ece19e561434b3a8909a80c0721f511de015d41f9c980f801340f1358e86bcb88a1d
SSDEEP

12288:895fV5eE+ecfmq8yAKwGslW++O4G3C+fb+WhlPwtWewUAf:mfD+eqD8yAKwGslW+QGyYbEtWi

Score

N/A

Malware Config

Signatures

Files

6976a152e57713286649d7b0f0f4368630f8ba92076a35be68436d4a0505650d
.dll regsvr32 windows x86

9d1ef36f642a2b650196d996e51f4574

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
recvfrom
sendto
WSAStartup
gethostbyaddr
WSAGetLastError
WSACleanup
htons
closesocket
socket
bind
getsockname
ntohs
gethostbyname
gethostname

kernel32

LeaveCriticalSection
GetModuleFileNameA
FreeResource
LocalFree
FormatMessageA
GetLastError
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
DeleteFileA
GetACP
RaiseException
FlushInstructionCache
GetCurrentProcess
TerminateThread
SetEvent
WaitForSingleObject
ResetEvent
WaitForMultipleObjects
CreateEventA
DeviceIoControl
OpenEventA
GetCurrentThreadId
GetTickCount
GetSystemPowerStatus
SetLastError
GetProcAddress
FreeLibrary
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
LoadLibraryExA
GetModuleHandleA
GetExitCodeThread
lstrcpynA
IsValidCodePage
GetComputerNameA
Sleep
GlobalDeleteAtom
GlobalAddAtomA
LoadLibraryA
GetCommandLineA
lstrcpyA
SetFilePointer
CreateMutexA
ReleaseMutex
ReleaseSemaphore
ReadFile
CreateSemaphoreA
GetOverlappedResult
CreateThread
lstrcmpA
GetVersionExA
CreateProcessA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FindClose
FindNextFileA
FindFirstFileA
GetShortPathNameA
MulDiv
OutputDebugStringA
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalReAlloc
LocalSize
LocalUnlock
LocalLock
SetErrorMode
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetVersion
GetPrivateProfileSectionA
lstrlenA
MultiByteToWideChar
lstrlenW
FindResourceA
LoadResource
LockResource
GetLocaleInfoA
InterlockedExchange
SizeofResource
WideCharToMultiByte
GetThreadLocale
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
EnterCriticalSection

user32

GetWindow
GetClassNameA
UnregisterClassA
GetWindowTextA
GetMenuItemCount
GetMenuItemInfoA
GetWindowTextLengthA
RegisterClassA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
IsIconic
PostQuitMessage
TranslateMessage
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
GetWindowRect
GetParent
SetWindowPos
SystemParametersInfoA
GetSystemMetrics
SetRect
GetDlgItem
IsWindowEnabled
EnableWindow
LoadStringA
SetTimer
KillTimer
ShowWindow
MsgWaitForMultipleObjects
RegisterWindowMessageA
SendMessageA
CharNextA
SetWindowTextA
CallWindowProcA
GetWindowLongA
CreateWindowExA
RegisterClassExA
DefWindowProcA
DestroyWindow
PostMessageA
LoadCursorA
GetClassInfoExA
IsWindow
SetWindowLongA
wsprintfA
SetMenuItemInfoA

gdi32

GetStockObject
GetObjectA
SelectObject
GetTextMetricsA
GetDeviceCaps
CreateFontIndirectA

winspool.drv

EnumPortsA
GetPrinterA
OpenPrinterA
GetPrinterDriverA
EnumMonitorsA
EnumPrintersA
EnumJobsA
SetJobA
SetPrinterA
StartDocPrinterA
StartPagePrinter
WritePrinter
EndPagePrinter
EndDocPrinter
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatusEx
RegOpenKeyExA

shell32

CommandLineToArgvW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemRealloc
StringFromGUID2
GetRunningObjectTable
MkParseDisplayName
CreateBindCtx
ProgIDFromCLSID
CoGetInstanceFromFile
CreateFileMoniker

oleaut32

VarUI4FromStr
DispCallFunc
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayPutElement
SetErrorInfo
CreateErrorInfo
VariantChangeType
GetErrorInfo
UnRegisterTypeLi
SafeArrayRedim
SafeArrayCreate
SafeArrayDestroy
VarBstrCmp
SafeArrayLock
SafeArrayUnlock
LoadTypeLi
LoadRegTypeLi
SysAllocString
VariantCopy
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen
RegisterTypeLi

msvcp80

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
strchr
strlen
memcpy
memset
??_V@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
malloc
_resetstkoflw
memcmp
_mbschr
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
atoi
_mbstok_s
sprintf_s
_ltoa_s
_mbsicmp
_purecall
_endthreadex
_beginthreadex
strcpy_s
_wcsicmp
_recalloc
__RTDynamicCast
_gmtime32_s
_mktime32
_get_daylight
calloc
atol
wcslen
__CxxFrameHandler3
_CxxThrowException
__dllonexit
_encode_pointer
_unlock
_except_handler4_common
?terminate@@YAXXZ
_vsnprintf_s
_mbsnbicmp
isalnum
_chdrive
_chdir
_getcwd
ceil
floor
_time32
free
??3@YAXPAX@Z
_itow_s
abs
_mbsnbcpy_s
wcsncpy_s
strcat_s
_mbsstr
_itoa_s
exit
strtol
wcscmp
isdigit
memmove_s
wcscpy_s
toupper
iswctype
isxdigit
memcpy_s
_localtime32_s

Exports

Exports

?COMWndProc@@YGJPAUHWND__@@IIJ@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9d1ef36f642a2b650196d996e51f4574

Headers

File Characteristics

Imports

wsock32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 388KB - Virtual size: 387KB

.rdata Size: 152KB - Virtual size: 150KB

.data Size: 180KB - Virtual size: 181KB

.rsrc Size: 224KB - Virtual size: 221KB

.reloc Size: 52KB - Virtual size: 48KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 388KB - Virtual size: 387KB

.rdata
Size: 152KB - Virtual size: 150KB

.data
Size: 180KB - Virtual size: 181KB

.rsrc
Size: 224KB - Virtual size: 221KB

.reloc
Size: 52KB - Virtual size: 48KB

.rmnet
Size: 60KB - Virtual size: 60KB