d339b05552cf5ad9b40a4541944b9ddbf52446a22ce2c1220780f96acd10c142

Sharing

Copy URL Twitter E-mail

General

Target

d339b05552cf5ad9b40a4541944b9ddbf52446a22ce2c1220780f96acd10c142
Size

317KB
MD5

52532e8251750f5c0c567889508ec720
SHA1

d01677627488b97886d788dcb0ba48535006ae31
SHA256

d339b05552cf5ad9b40a4541944b9ddbf52446a22ce2c1220780f96acd10c142
SHA512

d0bad3ec5f05d542c3cfd962fe83d058216d1771a5cde3d77fae19beae1481eb3cb15f4b2529f067f3833bbf4d4a742dac2d24c88ae3eef26ee4bae0b9836fb3
SSDEEP

6144:cr9O8RS8/tLqijjOdWZaj9qmIErsXhIEKd:cxVS8VLqijhZMffw+

Score

N/A

Malware Config

Signatures

Files

d339b05552cf5ad9b40a4541944b9ddbf52446a22ce2c1220780f96acd10c142
.dll regsvr32 windows x86

ba309e6389fc75a94d468140ad24646d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
TraceEvent
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegQueryValueExW
SetNamedSecurityInfoW
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
InitializeSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl

kernel32

GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InterlockedExchange
RtlUnwind
LCMapStringW
GetConsoleCP
SetHandleCount
SetStdHandle
WriteConsoleW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetConsoleMode
SetThreadLocale
GetThreadLocale
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrlenA
lstrcpynW
GetModuleHandleW
GetProcAddress
FindResourceExW
LockResource
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
RaiseException
lstrlenW
QueryPerformanceCounter
LocalFree
SetLastError
CreateDirectoryW
GetTickCount
LoadLibraryW
WaitForSingleObject
GetCurrentProcess
CloseHandle
ReleaseMutex
GetEnvironmentVariableW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
OutputDebugStringW
Sleep
CreateFileW
WriteFile
lstrcmpW
SetFilePointer
CreateMutexW
InitializeCriticalSection
TryEnterCriticalSection
InterlockedCompareExchange
WideCharToMultiByte
GetFileAttributesExW
GetStringTypeExW
GetSystemTimeAsFileTime
GetVersionExW
MoveFileExW
FlushFileBuffers
VerSetConditionMask
VerifyVersionInfoW
TerminateProcess
VirtualQuery
IsDebuggerPresent
ExitProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
GetStringTypeW

ole32

StringFromGUID2
IIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
SysStringLen

user32

GetWindow
SetForegroundWindow
AllowSetForegroundWindow
GetWindowLongW
wvsprintfW
CharLowerW
CharUpperW
wvsprintfA
wsprintfW
MessageBoxW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
SetWindowPos
CreateWindowExW
DestroyWindow
GetClientRect
CharNextW
CharLowerBuffW

shlwapi

SHQueryValueExW
PathIsRelativeW
PathCanonicalizeW
PathAppendW
UrlEscapeW
UrlUnescapeW
PathStripPathW
PathRemoveFileSpecW
UrlUnescapeA
PathRemoveExtensionW
PathRemoveBackslashW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW

wininet

InternetCrackUrlW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba309e6389fc75a94d468140ad24646d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

user32

shlwapi

version

shell32

wininet

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 22KB - Virtual size: 21KB

.text Size: 102KB - Virtual size: 104KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 22KB - Virtual size: 21KB

.text
Size: 102KB - Virtual size: 104KB