493883fcc1995f3609105412f02ee8b4868ad97b038f4b7981b5eabb6b6a623d

Sharing

Copy URL Twitter E-mail

General

Target

493883fcc1995f3609105412f02ee8b4868ad97b038f4b7981b5eabb6b6a623d
Size

510KB
MD5

e5faf457cc9db69159f14028d7864c2a
SHA1

41ee78ff399da8ceb11c233500db109ec70c4e40
SHA256

493883fcc1995f3609105412f02ee8b4868ad97b038f4b7981b5eabb6b6a623d
SHA512

52e9af4937f45decc441d77836bb7438903c489eb75a825e247986b189629e60cfc29ca263b8ee263e0eadba6f3e8b75d8771684345545e7eddb399a0df333eb
SSDEEP

12288:THjwVyzTfs+OeO+OeNhBBhhBBcC9GhVvKdMzFZNbE195KS9B4:/wVyzTfFkhYdMRZNbEnIo4

Score

N/A

Malware Config

Signatures

Files

493883fcc1995f3609105412f02ee8b4868ad97b038f4b7981b5eabb6b6a623d
.dll regsvr32 windows x86

8e31093ca7652bbc34f07211d2255641

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname
WSACleanup
inet_addr
htons
recv
WSAGetLastError
send
select
socket
closesocket
connect
WSAStartup

kernel32

FlushFileBuffers
GetModuleFileNameA
GetModuleFileNameW
CreateMutexA
GetLastError
CloseHandle
CreateThread
WideCharToMultiByte
CreateFileA
WriteFile
GetTickCount
GetVersionExW
GetSystemInfo
GlobalAlloc
GlobalFree
GetCurrentProcess
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
ExpandEnvironmentStringsA
Sleep
DecodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
GetStringTypeW
WriteConsoleW
CreateFileW
QueryPerformanceFrequency
GetProcessHeap
SetStdHandle
HeapSize
GetFileType
GetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryA
HeapReAlloc
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetLastError
RtlUnwind
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
HeapFree
HeapAlloc

user32

UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
UpdateWindow
ShowWindow
CreateWindowExW
DestroyWindow
SetTimer
PostQuitMessage
LoadIconW
DestroyIcon
RegisterClassExW
LoadCursorW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA

shell32

Shell_NotifyIconA
ExtractIconExA

ole32

CoTaskMemFree
StringFromCLSID

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileA

Exports

Exports

?InitializObject@@YGXXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e31093ca7652bbc34f07211d2255641

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

iphlpapi

urlmon

Exports

Exports

Sections

.text Size: 346KB - Virtual size: 345KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 25KB - Virtual size: 33KB

.gfids Size: 512B - Virtual size: 392B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 346KB - Virtual size: 345KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 25KB - Virtual size: 33KB

.gfids
Size: 512B - Virtual size: 392B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 22KB - Virtual size: 22KB