dec200454464b0744f70382a21bcf0ec108d6a636732e92306b8db02ee223d7b

Sharing

Copy URL Twitter E-mail

General

Target

dec200454464b0744f70382a21bcf0ec108d6a636732e92306b8db02ee223d7b
Size

1.2MB
MD5

090776ace7edd7d1731bdb6dc349ab82
SHA1

854132987bbe5fbba7f594c33624d43490ecd5f3
SHA256

dec200454464b0744f70382a21bcf0ec108d6a636732e92306b8db02ee223d7b
SHA512

e7e079b6beb32b2da230ee703e93833870e80a247a406f89e7a08fed8a078c92665b17b26b2c94bef14616cf835ac06300198024c0fac1055ef39bac37314cc8
SSDEEP

24576:9hYsMrcyncRAltL6DQ9GiQxtBxaFTECyJ:PYsMrcyncRArODthBxoTLa

Score

N/A

Malware Config

Signatures

Files

dec200454464b0744f70382a21bcf0ec108d6a636732e92306b8db02ee223d7b
.dll regsvr32 windows x86

64c4567364ef038d063e8f6ef8053e36

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
recvfrom
sendto
WSAStartup
gethostbyaddr
WSAGetLastError
WSACleanup
htons
closesocket
socket
bind
getsockname
ntohs
gethostbyname
gethostname

winspool.drv

EnumPortsA
GetPrinterA
OpenPrinterA
GetPrinterDriverA
EnumMonitorsA
EnumPrintersA
EnumJobsA
SetJobA
SetPrinterA
StartDocPrinterA
StartPagePrinter
WritePrinter
EndPagePrinter
EndDocPrinter
ClosePrinter

kernel32

GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetConsoleCtrlHandler
GetTimeZoneInformation
HeapSize
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
lstrlenW
MultiByteToWideChar
lstrlenA
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
FreeResource
LocalFree
FormatMessageA
GetLastError
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
DeleteFileA
GetACP
RaiseException
FlushInstructionCache
GetCurrentProcess
TerminateThread
SetEvent
WaitForSingleObject
ResetEvent
WaitForMultipleObjects
CreateEventA
DeviceIoControl
OpenEventA
GetCurrentThreadId
GetTickCount
GetSystemPowerStatus
SetLastError
GetProcAddress
FreeLibrary
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
IsDBCSLeadByte
LoadLibraryExA
GetModuleHandleA
GetExitCodeThread
lstrcpynA
GetStartupInfoA
GetComputerNameA
Sleep
GlobalDeleteAtom
GlobalAddAtomA
LoadLibraryA
GetCommandLineA
GetStringTypeW
SetFilePointer
CreateMutexA
ReleaseMutex
ReleaseSemaphore
ReadFile
CreateSemaphoreA
GetOverlappedResult
CreateThread
lstrcmpA
GetVersionExA
CreateProcessA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FindClose
FindNextFileA
FindFirstFileA
GetShortPathNameA
MulDiv
OutputDebugStringA
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalReAlloc
LocalSize
LocalUnlock
LocalLock
SetErrorMode
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetVersion
GetPrivateProfileSectionA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetCurrentDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetSystemTimeAsFileTime
ExitProcess
ExitThread
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
IsValidCodePage
GetCurrentProcessId
HeapCreate
HeapDestroy
FatalAppExitA
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
GetStdHandle
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CompareStringA
lstrcpyA
CompareStringW

user32

GetDlgItem
SetRect
GetSystemMetrics
SystemParametersInfoA
SetWindowPos
GetParent
GetWindowRect
ReleaseDC
GetDC
PeekMessageA
DispatchMessageA
TranslateMessage
IsWindowEnabled
IsIconic
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
RegisterClassA
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemCount
GetWindowTextA
GetWindowTextLengthA
GetClassNameA
GetWindow
UnregisterClassA
PostQuitMessage
EnableWindow
LoadStringA
SetTimer
KillTimer
ShowWindow
MsgWaitForMultipleObjects
RegisterWindowMessageA
SendMessageA
CharNextW
CharNextA
CallWindowProcA
GetWindowLongA
CreateWindowExA
RegisterClassExA
DefWindowProcA
DestroyWindow
PostMessageA
LoadCursorA
GetClassInfoExA
IsWindow
SetWindowLongA
wsprintfA
SetWindowTextA

advapi32

QueryServiceStatusEx
RegCloseKey
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemRealloc
StringFromGUID2
GetRunningObjectTable
MkParseDisplayName
CreateBindCtx
ProgIDFromCLSID
CoGetInstanceFromFile
CreateFileMoniker

shell32

CommandLineToArgvW

oleaut32

SafeArrayUnlock
GetErrorInfo
VariantChangeType
CreateErrorInfo
SetErrorInfo
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
DispCallFunc
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SafeArrayRedim
SafeArrayCreate
SafeArrayDestroy
VarBstrCmp
SafeArrayLock
LoadTypeLi
LoadRegTypeLi
SysAllocString
VariantCopy
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen

gdi32

CreateFontIndirectA
GetTextMetricsA
SelectObject
GetObjectA
GetStockObject
GetDeviceCaps

Exports

Exports

?COMWndProc@@YGJPAUHWND__@@IIJ@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 533KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64c4567364ef038d063e8f6ef8053e36

Headers

File Characteristics

Imports

wsock32

winspool.drv

kernel32

user32

advapi32

ole32

shell32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 533KB - Virtual size: 533KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 256KB - Virtual size: 265KB

.rsrc Size: 221KB - Virtual size: 221KB

.reloc Size: 51KB - Virtual size: 51KB

.text
Size: 533KB - Virtual size: 533KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 256KB - Virtual size: 265KB

.rsrc
Size: 221KB - Virtual size: 221KB

.reloc
Size: 51KB - Virtual size: 51KB