991e04ed808007e1030c620b2bf42b9e802e0940c01a9329a7337fefbbcc0cf4

Sharing

Copy URL Twitter E-mail

General

Target

991e04ed808007e1030c620b2bf42b9e802e0940c01a9329a7337fefbbcc0cf4
Size

392KB
MD5

9303e50d04dddce75d15165e9275feb0
SHA1

c6ad8aab2208106de8ff6fc1997cf8defdc23d69
SHA256

991e04ed808007e1030c620b2bf42b9e802e0940c01a9329a7337fefbbcc0cf4
SHA512

6e32701eed20d403e60314e3fae0a339d838a0178b9b2d8365c646648708f1af920090867acc7f00cb08b3456bdbd0fd1c48d25804a04520968caae81a6ef747
SSDEEP

12288:E2PIJqKE4D5Ipb8l02bKXqLk1/pt2kkWVqqeu:xPIJqD4D5Ipb8l029Lk1/P2dseu

Score

N/A

Malware Config

Signatures

Files

991e04ed808007e1030c620b2bf42b9e802e0940c01a9329a7337fefbbcc0cf4
.dll regsvr32 windows x86

e168ab324b200dcda37eaf55c53fa856

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
lstrcpyA
lstrcatA
EnterCriticalSection
LoadLibraryExW
GetLocaleInfoW
GetEnvironmentVariableW
CreateFileW
GetVersionExA
GetEnvironmentVariableA
GetLocaleInfoA
GetModuleFileNameW
FindNextFileW
CreateFileA
FindFirstFileW
FindFirstFileA
DisableThreadLibraryCalls
DuplicateHandle
GlobalFree
WriteFile
GetUserDefaultLangID
GlobalAlloc
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
FindNextFileA
InitializeCriticalSection
SetFilePointer
SetEndOfFile
GetTickCount
DeleteFileA
lstrcpynA
DeleteCriticalSection
HeapDestroy
GetSystemTime
IsDBCSLeadByte
ResumeThread
lstrlenW
CloseHandle
lstrcmpiA
CopyFileA
GetTempPathA
SystemTimeToFileTime
lstrlenA
MultiByteToWideChar
GlobalReAlloc
CreateDirectoryA
GlobalSize

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegQueryValueExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey

ole32

CoCreateInstance
CoTaskMemRealloc
CoDisconnectObject
ProgIDFromCLSID
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarUI4FromStr
CreateErrorInfo
SysFreeString
RegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantCopy
VariantClear
SysAllocStringLen
SetErrorInfo

comctl32

ord17

user32

wsprintfA
SetWindowLongA
DestroyWindow
MessageBoxA
LoadStringA
MessageBoxW
LoadStringW
CreateWindowExA
CallWindowProcA
GetWindowLongA
DefWindowProcA
CharNextA
BeginPaint
GetClientRect
EndPaint
GetDC
ReleaseDC
GetFocus
IsChild
GetClassInfoExA
LoadCursorA
RegisterClassExA

gdi32

SetMapMode
SetViewportOrgEx
SetWindowOrgEx
LPtoDP
GetDeviceCaps
SaveDC
CreateDCA
DeleteDC
RestoreDC

shell32

ShellExecuteA

winmm

mciSendCommandA

msvcrt

_strcmpi
_itoa
_strnicmp
_adjust_fdiv
_initterm
_errno
_commit
_close
_get_osfhandle
_lseek
_write
_read
_open
swprintf
sprintf
fclose
fopen
fwrite
strchr
strrchr
rand
__mb_cur_max
towupper
_isctype
_setmode
memmove
free
malloc
realloc
memcpy
??2@YAPAXI@Z
memset
memcmp
_purecall
wcslen
strtoul
wcscmp
strcmp
calloc
strncmp
strcat
strcpy
strlen
wcscpy
_snprintf
_pctype
_wtol
_wtoi
iswctype
_beginthreadex
strstr
_itow
_stat
_snwprintf
strncpy
wcsncmp
_ltow
sscanf
wcsstr
wcsncpy
wcsrchr
wcschr
_wcsicmp
_tempnam
_endthreadex
srand
time
tmpnam
atol

wsock32

htons
ioctlsocket
select
recv
WSACleanup
WSAStartup
socket
connect
send
gethostbyname
closesocket
WSAGetLastError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e168ab324b200dcda37eaf55c53fa856

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

comctl32

user32

gdi32

shell32

winmm

msvcrt

wsock32

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 192KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 17KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 16KB - Virtual size: 13KB

.text Size: 128KB - Virtual size: 128KB

.text
Size: 196KB - Virtual size: 192KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 128KB - Virtual size: 128KB