59f113d042c973922595c0c7cb5506a36e141c860af1c5e4e8cfdc9265f68c48

Sharing

Copy URL Twitter E-mail

General

Target

59f113d042c973922595c0c7cb5506a36e141c860af1c5e4e8cfdc9265f68c48
Size

1.6MB
MD5

9391b73883d757cfc0563d6e2230c9f9
SHA1

ebf67cd6fbb94ef905028d6087b5ad8d35e1e67f
SHA256

59f113d042c973922595c0c7cb5506a36e141c860af1c5e4e8cfdc9265f68c48
SHA512

58d405631a9f82a174b1b30b9481940fa28eff840d900543808001e7a550f25bb9cfc3090cc0a9970b4c04262fb94a15cb67c47188132d788b50c3c4bde992a3
SSDEEP

24576:ZUs6NqGCTOL9DZKSHzj741qBeEGtoy4V4k1ld9lqsTQ819TcAqXVXMeBAGe:lGISH74wBDy45dtkMTCtMV

Score

N/A

Malware Config

Signatures

Files

59f113d042c973922595c0c7cb5506a36e141c860af1c5e4e8cfdc9265f68c48
.dll regsvr32 windows x86

ef633e6b8c562c81704a3e9d04aca8fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeBeginPeriod
timeSetEvent
timeGetTime
timeEndPeriod

videotrans

ord2150
ord2147
ord567
ord592
ord583
ord581
ord597
ord563
ord560
ord587
ord610
ord606
ord609
ord571
ord540
ord2149

videoformat

ord128
ord221
ord29
ord36
ord287
ord55
ord19
ord50
ord296
ord16
ord34
ord54
ord45

videocore

ord21
ord22
ord19
ord45
ord35
ord18
ord34
ord42
ord49
ord9
ord25
ord24
ord16

kernel32

HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
HeapDestroy
HeapAlloc
GetSystemTimeAsFileTime
UnmapViewOfFile
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
GetSystemPowerStatus
GlobalMemoryStatus
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetProcessTimes
Process32Next
Heap32ListFirst
Heap32First
Heap32Next
Heap32ListNext
QueryPerformanceFrequency
GetCurrentProcessId
QueryPerformanceCounter
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
Sleep
LoadLibraryA
FreeLibrary
VirtualAlloc
GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
InterlockedDecrement
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetVersion
lstrcmpiA
lstrlenA
GetModuleFileNameA
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
WaitForMultipleObjects
WaitForSingleObject
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
SetEvent
ResetEvent
CreateEventA
CreateMutexA
CloseHandle
CreateThread
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
CreateSemaphoreA
DisableThreadLibraryCalls
InterlockedIncrement

user32

DispatchMessageA
GetQueueStatus
RegisterWindowMessageA
PostThreadMessageA
wsprintfA
wvsprintfA
MsgWaitForMultipleObjects
PeekMessageA
UnregisterClassA
CharUpperW
CharUpperA
CharLowerW
CharLowerA

advapi32

RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegSetValueA
RegCreateKeyA
RegCloseKey

ole32

CoTaskMemFree
CoCreateInstance
CoFreeUnusedLibraries
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoGetMalloc

oleaut32

SysFreeString
SysStringByteLen
SysAllocString

shlwapi

StrStrIA

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ

msvcr71

?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
_strupr
_fileno
_strlwr
_fcloseall
_strnicmp
_stricmp
_callnewh
_fdopen
clearerr
strerror
_vsnprintf
_errno
strpbrk
strtoul
isalpha
isdigit
toupper
tolower
log
fabs
tmpfile
rand
srand
fgetpos
_ftime
fgets
memcmp
printf
abs
fgetc
strcmp
strcat
strcpy
memset
ceil
atan2
tan
sqrt
sin
asin
cos
acos
isalnum
_strdup
calloc
isspace
exit
memchr
pow
floor
fputc
strlen
memcpy
realloc
remove
fputwc
rename
fsetpos
_filelengthi64
setlocale
time
fprintf
malloc
free
_resetstkoflw
_except_handler3
_CxxThrowException
wcscpy
__CxxFrameHandler
??3@YAXPAX@Z
_mbsrchr
_vscprintf
vsprintf
memmove
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_purecall
??0exception@@QAE@ABV0@@Z
strncpy
??_V@YAXPAX@Z
_fcvt
_iob
strncmp
sprintf
strrchr
strstr
strchr
fclose
fwrite
fopen
atoi
fread
ftell
fseek
asctime
gmtime
fflush
vfprintf
sscanf
atof

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef633e6b8c562c81704a3e9d04aca8fe

Headers

File Characteristics

Imports

winmm

videotrans

videoformat

videocore

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 188KB - Virtual size: 185KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 976B

.reloc Size: 60KB - Virtual size: 57KB

.text Size: 196KB - Virtual size: 196KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 188KB - Virtual size: 185KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 60KB - Virtual size: 57KB

.text
Size: 196KB - Virtual size: 196KB