cb8cef0b49ba1dc7ab7203931c126843004c6f0aa5b7f695d4f2f089665ac440

Sharing

Copy URL

Twitter E-mail

General

Target

cb8cef0b49ba1dc7ab7203931c126843004c6f0aa5b7f695d4f2f089665ac440
Size

139KB
MD5

031b6e1c9cbd67a8567bfae29473e684
SHA1

257729224e45727470bab3c646b4ff455f4e414c
SHA256

cb8cef0b49ba1dc7ab7203931c126843004c6f0aa5b7f695d4f2f089665ac440
SHA512

cb6dd906e915a72d7b47df0b01b88118a7ab4b592b70626cec0b3c2ae9c2f590cff9468fbf2bfb76bf2e1a91d7065a380ccd7b50f56201b34d5b892001a5a37b
SSDEEP

1536:QRE3Idc2ZZ8rTIux3Hsn1i6RbaqZa+zRusFLWLYYsnQwm5ykry1sczLshlDc976J:N3hprTIEIiZq/QuWLYD4ybzLolDyk

Score

N/A

Malware Config

Signatures

Files

cb8cef0b49ba1dc7ab7203931c126843004c6f0aa5b7f695d4f2f089665ac440
.dll regsvr32 windows x86

7a5fb5eafa858b065c6ba5259e864ad0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_lock
__dllonexit
_unlock
_errno
realloc
_except_handler4_common
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_onexit
_callnewh
wcsrchr
memcpy
_beginthreadex
??0exception@@QAE@XZ
memset
_purecall
??0exception@@QAE@ABQBD@Z
wcscat_s
wcsncpy_s
wcscpy_s
_CxxThrowException
free
malloc
memcpy_s
memmove_s
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_XcptFilter
__CxxFrameHandler3

ntdll

EtwEventUnregister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwTraceMessage
EtwEventRegister
EtwEventWrite

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
OutputDebugStringA
Sleep
GetVersionExA
GetSystemInfo
GetVersionExW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
WaitForSingleObject
SetEvent
GetModuleFileNameW
DisableThreadLibraryCalls
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
WaitForMultipleObjects
FormatMessageW
InterlockedExchange
InterlockedCompareExchange
LocalFree
LocalAlloc
CloseHandle
WaitForSingleObjectEx
CreateThread
CreateEventW
GetModuleHandleExW

advapi32

NotifyServiceStatusChangeW
RegCloseKey
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
RegDeleteValueW
CloseServiceHandle
RegisterEventSourceW
DeregisterEventSource
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CLSIDFromString
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysStringLen
RegisterTypeLi
VarUI4FromStr

user32

UnregisterClassA
CharNextW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InitializeQec
UninitializeQec

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a5fb5eafa858b065c6ba5259e864ad0

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

ole32

oleaut32

user32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 69KB - Virtual size: 72KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 69KB - Virtual size: 72KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 5KB