559a068e606679478420f21c2452d22bdb59b403fcbd80dbd348ad12f98ee033

Sharing

Copy URL

Twitter E-mail

General

Target

559a068e606679478420f21c2452d22bdb59b403fcbd80dbd348ad12f98ee033
Size

488KB
MD5

0cc1ef99808d8e41b97bf541920a0770
SHA1

75ad3e2244624da3a0ac55c358d107288ae448e9
SHA256

559a068e606679478420f21c2452d22bdb59b403fcbd80dbd348ad12f98ee033
SHA512

c029c7f6b6164d5df27080dd9ae7295cd3b76d00c8f8da2309d5389a5e5fdc97ef410559b02993b23e556132fdaaaf2ae8a64a5efb40e7435eb11aeb2b69da5c
SSDEEP

12288:+okQooGuNXWFQKK/0hNNNNNNXNNN/NT5XNNNfNNDhKsUp:+SyDVap

Score

N/A

Malware Config

Signatures

Files

559a068e606679478420f21c2452d22bdb59b403fcbd80dbd348ad12f98ee033
.dll regsvr32 windows x86

896811a463bede7d4b4b885a63b4e14d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
IsBadWritePtr
WideCharToMultiByte
OutputDebugStringW
GlobalHandle
IsBadReadPtr
GetExitCodeThread
WaitForSingleObject
CreateThread
GetCurrentProcessId
Sleep
UnmapViewOfFile
FindFirstFileW
FindClose
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GlobalAlloc
GetModuleFileNameW
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapCreate
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetCommandLineA
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
lstrlenA
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
FreeResource
lstrlenW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError

user32

GetCursorPos
CharUpperBuffW
ReleaseDC
GetDC
DestroyWindow
SetWindowPos
GetWindowRect
GetWindowDC
InvalidateRect
ShowWindow
IsWindowVisible
SetTimer
KillTimer
SendDlgItemMessageW
SetWindowLongW
GetWindowLongW
LoadBitmapW
MapDialogRect
CreateWindowExW
GetWindow
SetWindowContextHelpId
SendMessageW
DefWindowProcW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
GetSysColor
CharNextW
MoveWindow
UnhookWindowsHookEx
CallNextHookEx
GetClientRect
ClientToScreen
ScreenToClient
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetWindowModuleFileNameW
SetWindowsHookExW
DialogBoxParamW
PostMessageW
EndDialog
CreateDialogIndirectParamW
GetKeyState
FindWindowW
FindWindowExW
SendMessageTimeoutW
PtInRect
UnregisterClassA
WindowFromPoint
GetWindowThreadProcessId
CopyRect
CreateAcceleratorTableW
IsWindow
SetFocus
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem

gdi32

GetDeviceCaps
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
GetObjectW
GetStockObject
SelectPalette
RealizePalette
CreateDIBSection
GetDIBits
DeleteObject
CreateSolidBrush

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW

shell32

ShellExecuteW

ole32

CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc

oleaut32

VarBstrCat
SysAllocStringByteLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
SafeArrayGetDim
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
SafeArrayGetElemsize
SysStringLen
VarBstrCmp
SysFreeString
SysAllocString
SysAllocStringLen
SysStringByteLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize

comctl32

_TrackMouseEvent

gdiplus

GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateFromHDC
GdipReleaseDC
GdipFree
GdipDrawImageI
GdipCloneImage
GdiplusStartup
GdiplusShutdown

rpcrt4

NdrStubCall2
NdrStubForwardingFunction
NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy

urlmon

CoInternetGetSession

oleacc

ObjectFromLresult

ws2_32

gethostbyname

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FreeIEInstance
FreeMxInstance
FreeTTInstance
init_hook
init_hook_IE
init_hook_Maxthon
init_hook_TTravel

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 844B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

896811a463bede7d4b4b885a63b4e14d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

rpcrt4

urlmon

oleacc

ws2_32

version

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 255KB

.orpc Size: 4KB - Virtual size: 844B

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 52KB - Virtual size: 49KB

.reloc Size: 24KB - Virtual size: 23KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 256KB - Virtual size: 255KB

.orpc
Size: 4KB - Virtual size: 844B

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 52KB - Virtual size: 49KB

.reloc
Size: 24KB - Virtual size: 23KB

.rmnet
Size: 60KB - Virtual size: 60KB