1b90b7de4fdef7733874c5860322310877b66817564d60bbb7497d5ebb4c4217

Sharing

Copy URL Twitter E-mail

General

Target

1b90b7de4fdef7733874c5860322310877b66817564d60bbb7497d5ebb4c4217
Size

5.9MB
MD5

a2b8f50f7e7d36d15776c64e30c56c7f
SHA1

381510d2873850f7cb3a4c26474906a20b2c4de7
SHA256

1b90b7de4fdef7733874c5860322310877b66817564d60bbb7497d5ebb4c4217
SHA512

850cd278d092131a52886227a42384f8d012abdcdaebca3a154840fe81c9fbe76f5638ee40594f53bf5e82e0a6acc64c9c869c5708b325c5fd8b66f0c6f6b126
SSDEEP

98304:jQhK3bIOmScf6MiG6UxI01jIqlMsiNnhQeE/YTLha0dYHyEyY49Qd/aKAkLKBHG9:sw39+Y01jFANhQeEgvha0iS3C/f1T64b

Score

N/A

Malware Config

Signatures

Files

1b90b7de4fdef7733874c5860322310877b66817564d60bbb7497d5ebb4c4217
.dll regsvr32 windows x64

a954fe91d73dd1132ffe01a1cf437d4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcrt

__dllonexit

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
StartW

Sections

.text
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a954fe91d73dd1132ffe01a1cf437d4a

Headers

File Characteristics

Imports

kernel32

msvcrt

wtsapi32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 7KB

.data Size: - Virtual size: 265KB

.rdata Size: - Virtual size: 368B

.pdata Size: - Virtual size: 636B

.xdata Size: - Virtual size: 512B

.bss Size: - Virtual size: 2KB

.edata Size: - Virtual size: 176B

.idata Size: - Virtual size: 1KB

.CRT Size: - Virtual size: 88B

.tls Size: - Virtual size: 72B

.vmp0 Size: - Virtual size: 3.9MB

.vmp1 Size: 5.9MB - Virtual size: 5.9MB

.reloc Size: 512B - Virtual size: 188B

.rsrc Size: 51KB - Virtual size: 50KB

.text
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 265KB

.rdata
Size: - Virtual size: 368B

.pdata
Size: - Virtual size: 636B

.xdata
Size: - Virtual size: 512B

.bss
Size: - Virtual size: 2KB

.edata
Size: - Virtual size: 176B

.idata
Size: - Virtual size: 1KB

.CRT
Size: - Virtual size: 88B

.tls
Size: - Virtual size: 72B

.vmp0
Size: - Virtual size: 3.9MB

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

.reloc
Size: 512B - Virtual size: 188B

.rsrc
Size: 51KB - Virtual size: 50KB