3e9b7b7e58f5d708d7250e5da9aea298afe8ffca95ffd47edd9409934139cb72

Sharing

Copy URL Twitter E-mail

General

Target

3e9b7b7e58f5d708d7250e5da9aea298afe8ffca95ffd47edd9409934139cb72
Size

328KB
MD5

91b5f73659049918c368bb1e3a4b246a
SHA1

a65e83e210a62916cb5c1883855ebab0055f86eb
SHA256

3e9b7b7e58f5d708d7250e5da9aea298afe8ffca95ffd47edd9409934139cb72
SHA512

f443e85083c511b4c0a9f44877aa2db4dc81be25a93f40ee766b7aa227619a0f6d6ddb9a0b8b2ac18a1cc59d6fd5aa171bbc44b2476e273d27ed81489f9e34af
SSDEEP

6144:HnlEMv2q4YzZugn9qGcR/KMl2TG620Oaq0szbVwD:bvc51j0SbVwD

Score

N/A

Malware Config

Signatures

Files

3e9b7b7e58f5d708d7250e5da9aea298afe8ffca95ffd47edd9409934139cb72
.dll regsvr32 windows x86

357395e4ba14c50a47fa7ffc2c312319

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_CIpow
_CIlog10
??3@YAXPAX@Z
_ftol2
wcsrchr
memmove
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
_except_handler4_common
_amsg_exit
_initterm
_XcptFilter
memcpy
??2@YAPAXI@Z
memset
??_U@YAPAXI@Z
_purecall
??_V@YAXPAX@Z
wcscat_s
wcsncpy_s
wcscpy_s
memcpy_s
free
malloc
_vsnwprintf
_ftol2_sse

kernel32

GetOverlappedResult
WriteFile
WaitForSingleObjectEx
QueueUserAPC
ReadFileEx
K32GetModuleBaseNameW
WaitForSingleObject
CancelIo
InitOnceExecuteOnce
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
DisableThreadLibraryCalls
ProcessIdToSessionId
GetCurrentProcessId
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
DebugBreak
GetTickCount64
GetVersionExA
InterlockedExchange
CompareStringW
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
CloseHandle
LocalAlloc
LocalFree
CreateEventW
SetEvent
ResetEvent
WaitForMultipleObjects
CreateSemaphoreW
ReleaseSemaphore
CreateThread
GetModuleHandleExW
TlsSetValue
TlsGetValue
SwitchToThread
OpenThread
GetSystemInfo
TlsFree
TlsAlloc
FreeLibraryAndExitThread
OpenProcess

user32

RegisterClassExW
GetClassInfoExW
UnregisterClassW
CreateWindowExW
DestroyWindow
UnregisterClassA
GetClientRect
GetDC
FillRect
PostMessageW
PostThreadMessageW
KillTimer
PeekMessageW
MsgWaitForMultipleObjectsEx
DispatchMessageW
DefWindowProcW
CharNextW
CloseDesktop
GetUserObjectInformationW
OpenInputDesktop
IsWindowVisible
IsWindow
GetMonitorInfoW
SetWindowLongW
GetWindowLongW
LoadCursorW
UnhookWinEvent
ClientToScreen
GetWindowRect
GetAncestor
GetDesktopWindow
GetWindowRgn
OffsetRect
MapWindowPoints
GetClassNameW
EnumWindows
EnumDisplayMonitors
SetWinEventHook
GetSystemMetrics
SetTimer

ole32

CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
PropVariantClear
PropVariantCopy
StringFromCLSID
CoTaskMemFree

oleaut32

UnRegisterTypeLi
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
EventRegister
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegEnumKeyExW
EventWrite
RegEnumValueW
EventUnregister
TraceMessage
RegDeleteValueW
RegQueryValueExW
GetTraceEnableFlags

gdi32

DeleteObject
EqualRgn
GetRegionData
CombineRgn
OffsetRgn
CreateRectRgn
CreateSolidBrush

mfplat

MFCreateMediaType
MFInitMediaTypeFromAMMediaType
MFDeserializeAttributesFromStream
MFSerializeAttributesToStream
MFCreateAMMediaTypeFromMFMediaType
MFCreateEventQueue

wtsapi32

WTSVirtualChannelOpen
WTSQuerySessionInformationW
WTSVirtualChannelQuery
WTSFreeMemory
WTSVirtualChannelClose

winsta

WinStationIsSessionRemoteable
WinStationQueryInformationW
WinStationQueryEnforcementCore
WinStationVerify
WinStationVirtualOpenEx
WinStationFreePropertyValue
WinStationGetConnectionProperty
WinStationNameFromLogonIdW

mf

MFCreateTopologyNode

ntdll

RtlClearBits
RtlInitializeBitMap
RtlReleaseResource
RtlAcquireResourceExclusive
RtlDeleteResource
RtlInitializeResource
RtlAreBitsSet
RtlMultiByteToUnicodeN
RtlFindClearBitsAndSet

slc

SLGetWindowsInformationDWORD

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

357395e4ba14c50a47fa7ffc2c312319

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

ole32

oleaut32

advapi32

gdi32

mfplat

wtsapi32

winsta

mf

ntdll

slc

Exports

Exports

Sections

.text Size: 230KB - Virtual size: 230KB

.data Size: 512B - Virtual size: 2KB

.tls Size: 64KB - Virtual size: 64KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 230KB - Virtual size: 230KB

.data
Size: 512B - Virtual size: 2KB

.tls
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 19KB - Virtual size: 19KB