2aa6f68df68a0a2edcc6e6e2def4c32017b7aaecfa45715a80b1d82a8eef41e1

Sharing

Copy URL Twitter E-mail

General

Target

2aa6f68df68a0a2edcc6e6e2def4c32017b7aaecfa45715a80b1d82a8eef41e1
Size

520KB
MD5

2014c2dcdcbab6857a54443a9aa2eac0
SHA1

2add8d197a9aca25611a6942fe975422fa7ed429
SHA256

2aa6f68df68a0a2edcc6e6e2def4c32017b7aaecfa45715a80b1d82a8eef41e1
SHA512

e971cf9e291a5ab25959db2191a64c6ca32b291206265a54699c213ed09114729838c78faf437ad1252064d9720cade077ba33802bb1fd93c32ca6e1877310a0
SSDEEP

6144:xJS+AVjKWboXGBHKWVEuwjW7dfpltFRxbavSdEFTvyEdrWpT:6HDMXwg87ZGSCT6ArmT

Score

N/A

Malware Config

Signatures

Files

2aa6f68df68a0a2edcc6e6e2def4c32017b7aaecfa45715a80b1d82a8eef41e1
.dll regsvr32 windows x86

82bc79f7be20f39aea142a37e0205a92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetLastError
WriteFile
CloseHandle
CreateDirectoryW
WaitForSingleObject
ReleaseMutex
GetModuleFileNameW
LoadLibraryW
FreeLibrary
LocalAlloc
LocalFree
GetCurrentThreadId
GetThreadLocale
SetThreadLocale
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
GetFileAttributesW
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
InterlockedExchange
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
InterlockedDecrement
GetComputerNameExW
GetFileSize
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
HeapCreate
lstrcmpiW
SetFileAttributesW
GetTempFileNameW
GetTempPathW
lstrcmpW
FormatMessageW
SetEndOfFile
ReadFile
GetFileInformationByHandle
InterlockedCompareExchange
SystemTimeToFileTime
GetSystemTime
CompareFileTime
GetFileTime
DeleteFileW
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
OpenEventW
FindCloseChangeNotification
UnregisterWaitEx
RegisterWaitForSingleObject
FindFirstChangeNotificationW
CreateMutexW
FindNextChangeNotification
SetEvent
FindResourceExW
LockResource

user32

LoadStringW
CharNextW
UnregisterClassA

advapi32

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceEvent
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW
UnregisterTraceGuids

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
StringFromCLSID
CoCreateGuid
CoCreateInstance
CLSIDFromString

oleaut32

SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysAllocStringLen
SafeArrayLock
SafeArrayCreate
SafeArrayRedim
SafeArrayUnlock
SafeArrayDestroy
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
SysAllocString
VarUI4FromStr
SysFreeString
VariantCopy
SetErrorInfo
CreateErrorInfo
GetErrorInfo
VarBstrCat

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

StrDupW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

rpcrt4

UuidFromStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

82bc79f7be20f39aea142a37e0205a92

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

version

shlwapi

shell32

rpcrt4

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 368KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 29KB - Virtual size: 29KB

.text Size: 108KB - Virtual size: 112KB

.text
Size: 368KB - Virtual size: 368KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 29KB - Virtual size: 29KB

.text
Size: 108KB - Virtual size: 112KB