3a653bc292954b93d9a6b7c28be9a9651317821986bdbea5021dea9d2d73758f

Sharing

Copy URL Twitter E-mail

General

Target

3a653bc292954b93d9a6b7c28be9a9651317821986bdbea5021dea9d2d73758f
Size

195KB
MD5

07595012028c15f85d3e9f6ad77d6120
SHA1

97271806ea5005c42e10bb0d25c19ccdb2d76038
SHA256

3a653bc292954b93d9a6b7c28be9a9651317821986bdbea5021dea9d2d73758f
SHA512

f7e03d4f9f114950093db5d9db56508135931a6ada3b1e4bbf0eed764be72ebdb2e4f7238ae0403b77d06a9535d76858293dbc00c9d1b036b5914d63880d69cf
SSDEEP

6144:oP8nKRmp+00UH3uMX0Igx7DAJoNFPQbOqHaQZ+a0:oP8KRmAQcPuJCa0

Score

N/A

Malware Config

Signatures

Files

3a653bc292954b93d9a6b7c28be9a9651317821986bdbea5021dea9d2d73758f
.dll regsvr32 windows x86

41e85976399c9ff7b83875bd10cb8244

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

realloc
memcpy
memmove
isdigit
isxdigit
isleadbyte
_fileno
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
__mb_cur_max
_iob
_snprintf
_itoa
wctomb
ferror
iswctype
wcstombs
_read
__badioinfo
__pioinfo
_isatty
_write
_lseeki64
ungetc
localeconv
mbtowc
rand
_vscprintf
_vsnwprintf
_wcsicmp
wcsrchr
wcschr
_wtoi
_wcsnicmp
towlower
strrchr
feof
_wfopen
fgetws
fclose
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
memset
__CxxFrameHandler
_errno
calloc
_purecall
_vscwprintf
_vsnprintf
free
memcmp

ntdll

RtlUnwind
RtlFreeHeap
RtlAllocateHeap

kernel32

HeapCreate
IsDebuggerPresent
SearchPathW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
ExitProcess
GetFileSize
TlsGetValue
VirtualQuery
FormatMessageA
TlsSetValue
GetLocalTime
TlsAlloc
GetWindowsDirectoryW
TlsFree
CreateFileA
CreateMutexW
ExpandEnvironmentStringsA
WriteFile
LoadLibraryA
CreateFileMappingA
GetModuleFileNameA
CreateMutexA
ReleaseMutex
DeleteFileW
DebugBreak
DeleteFileA
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
SetThreadUILanguage
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapAlloc
GetProcessHeap
OutputDebugStringA
HeapFree
CreateDirectoryW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapDestroy
HeapReAlloc
HeapSize
InterlockedExchange
GetVersion
MultiByteToWideChar
Sleep
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
CloseHandle
FormatMessageW
LocalFree
GetSystemWindowsDirectoryW
GetSystemInfo
GetVersionExW
GetTempFileNameW
GetFullPathNameW
GetFileAttributesW
SetFilePointer
FreeLibrary
WaitForSingleObject
FlushFileBuffers
GetTempPathW
SetLastError
DeviceIoControl
GetCurrentThread
GetFileSizeEx

advapi32

InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
GetLengthSid
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetSecurityDescriptorDacl
OpenProcessToken
OpenThreadToken
GetTokenInformation
EqualSid

user32

CharNextW
UnregisterClassA
LoadStringW

ole32

CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
SysFreeString

dbghelp

MiniDumpWriteDump

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

41e85976399c9ff7b83875bd10cb8244

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

user32

ole32

oleaut32

dbghelp

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 104KB

.data Size: 13KB - Virtual size: 78KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 9KB - Virtual size: 9KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 105KB - Virtual size: 104KB

.data
Size: 13KB - Virtual size: 78KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 9KB - Virtual size: 9KB

.rmnet
Size: 56KB - Virtual size: 60KB