dac00b100eb09e4c1d5b3d7fa7fa57828e72e46ccab9514f183073e6c4044aab

Sharing

Copy URL Twitter E-mail

General

Target

dac00b100eb09e4c1d5b3d7fa7fa57828e72e46ccab9514f183073e6c4044aab
Size

244KB
MD5

a1d746d2b6b688a7c1648b03fedaaad1
SHA1

af9e31f50a2a72c1be1ef41d1fb08065696d1d75
SHA256

dac00b100eb09e4c1d5b3d7fa7fa57828e72e46ccab9514f183073e6c4044aab
SHA512

6af600214b1f25e052b2d52cbfcba19e788f439a92bdb245eb4acf841c7543bf171af3ef709e34815eb3426dc4209ae7094200302ec304b57a79f198270b8f0a
SSDEEP

3072:u//XAdc9xlukJzXllXyoXplPqinj1r6P7hzsaUQnMad7kZcrp/p81H:WIdc9xlum5doP7lPMadQ6rd

Score

N/A

Malware Config

Signatures

Files

dac00b100eb09e4c1d5b3d7fa7fa57828e72e46ccab9514f183073e6c4044aab
.dll regsvr32 windows x86

f2f7aff9eecdb0c1132e9e1fab61867c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstChangeNotificationW
FindCloseChangeNotification
GetFileSize
CreateFileW
lstrcatW
ExpandEnvironmentStringsW
lstrcpyW
GetTempPathW
FindClose
FindNextFileW
CompareFileTime
GetFileTime
lstrcmpW
FindFirstFileW
SetEvent
DeleteFileW
GetACP
CopyFileW
GetTempFileNameW
WaitForMultipleObjects
GetSystemTimeAsFileTime
CreateEventW
LockResource
FindResourceExW
GetProcAddress
GetExitCodeThread
TerminateThread
GetTickCount
WaitForSingleObject
GetVersionExW
WideCharToMultiByte
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetCurrentProcessId
ProcessIdToSessionId
GetComputerNameW
GetModuleFileNameW
GetModuleHandleW
LocalFree
CloseHandle
GetProcessHeap
HeapFree
HeapAlloc
lstrlenW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadFile
RaiseException
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
CreateThread
ExitThread
ReleaseMutex
ReleaseSemaphore
InterlockedExchangeAdd
Sleep
UnmapViewOfFile
MapViewOfFile
SetFilePointer
WriteFile
GlobalAlloc
GlobalFree
lstrlenA
GlobalReAlloc
GlobalUnlock
GlobalLock
CreateSemaphoreW
CreateMutexW
lstrcpynW
GetCurrentProcess
CreateFileA
CreateFileMappingW
OpenFileMappingW
lstrcpynA
CreateMutexA
GetCurrentThreadId
CreateDirectoryW
GlobalSize
GetSystemTime
InterlockedExchange
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind

user32

UnregisterClassA
GetDesktopWindow
CharLowerBuffW
CharLowerW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
LoadStringW
CharNextW

advapi32

CryptDestroyKey
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
LookupAccountNameW
ConvertSidToStringSidW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptEncrypt
CryptDecrypt
CryptDeriveKey
SetSecurityDescriptorDacl

ole32

CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
StringFromCLSID
CoTaskMemFree
GetHGlobalFromStream
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
SafeArrayCreateVector
SafeArrayCreate
SafeArrayGetElement
SafeArrayPutElement
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
VarBstrCmp
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysAllocStringLen
SysStringByteLen
VariantInit

shlwapi

SHCreateStreamOnFileW
PathStripPathW
PathFileExistsW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSCloseServer
WTSOpenServerW

netapi32

NetWkstaUserEnum
NetApiBufferFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2f7aff9eecdb0c1132e9e1fab61867c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 12KB - Virtual size: 19KB

.SHARSTA Size: 4KB - Virtual size: 52B

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 19KB

.SHARSTA
Size: 4KB - Virtual size: 52B

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 20KB - Virtual size: 17KB