8a7c7b1bb596421ce1e3af95eca22b9479324838d70ded66acb67b01919fb999

Sharing

Copy URL Twitter E-mail

General

Target

8a7c7b1bb596421ce1e3af95eca22b9479324838d70ded66acb67b01919fb999
Size

823KB
MD5

213cfa1fafc8f4c12c584b29f815fe60
SHA1

75bbca36fbce9ca590fd18bbecbf04a0118d960a
SHA256

8a7c7b1bb596421ce1e3af95eca22b9479324838d70ded66acb67b01919fb999
SHA512

b5ad50067a74a118d86aa2ec2279cff72103048e7027fb1a47cb835c2cfd8d9608047b77663bf4bfa1d1491c0d7451e3a554f8da43273d1aecf32378e5806811
SSDEEP

12288:0wgILM0tAdHvjuzmNyMsjANDlMU/9udc9udCESkV:PvLidHsSk

Score

N/A

Malware Config

Signatures

Files

8a7c7b1bb596421ce1e3af95eca22b9479324838d70ded66acb67b01919fb999
.dll regsvr32 windows x86

8ec452cab3387d16312737ab504be626

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memmove
mbtowc
__mb_cur_max
isleadbyte
_snprintf
_itoa
_isatty
_write
_lseeki64
_fileno
_onexit
__pioinfo
__badioinfo
ferror
malloc
free
_CxxThrowException
memset
_purecall
realloc
wcsstr
wcschr
_vscwprintf
calloc
_resetstkoflw
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
_XcptFilter
fprintf
_iob
__CxxFrameHandler
strncmp
_vsnwprintf
_vsnprintf
memcpy
_wcsicmp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
iswspace
_adjust_fdiv
_wcsnicmp
wcsncmp
bsearch
_wcslwr
_errno

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
GetSecurityDescriptorLength
ConvertStringSecurityDescriptorToSecurityDescriptorA
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
RegDeleteKeyW

gdi32

DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
GetStockObject
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileW
CreateDCW
SetViewportOrgEx
SetMapMode
LPtoDP
TextOutW
SetTextAlign
SetTextColor
SetBkColor
LineTo
MoveToEx
CreatePen
Polygon
GetTextMetricsW
CreateFontIndirectW
DeleteDC

kernel32

InterlockedCompareExchange
VirtualAlloc
RtlUnwind
LoadLibraryA
GetCurrentThread
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CompareStringW
LocalFree
CloseHandle
MapViewOfFile
ReleaseMutex
GetTickCount
WaitForSingleObject
UnmapViewOfFile
GetCurrentProcessId
LocalAlloc
FormatMessageW
OutputDebugStringA
OutputDebugStringW
CreateFileA
GetLocalTime
FlushViewOfFile
DeleteFileA
CopyFileA
LoadLibraryW
GetUserDefaultUILanguage
FindNextFileW
FindFirstFileW
CreateFileMappingW
CreateFileW
GetLocaleInfoW
GetSystemDefaultUILanguage
SearchPathW
VerifyVersionInfoW
VerSetConditionMask
FindClose
VirtualFree
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
FlushInstructionCache
GetCurrentProcess
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
SetLastError
LockResource
FindResourceExW
GetVersionExW
Sleep
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange

ole32

StringFromGUID2
CoTreatAsClass
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
OleLoadFromStream
CreateOleAdviseHolder
OleRegEnumVerbs
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
WriteClassStm
OleSaveToStream
CoGetTreatAsClass
CoInitialize

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
OleCreatePropertyFrame
DispCallFunc
VariantChangeType
SysAllocStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VarBstrCmp
SysStringByteLen
VariantInit
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SafeArrayDestroy
SysStringLen

shell32

SHGetPathFromIDListW
ShellExecuteW
ord155
SHBrowseForFolderW
SHGetDesktopFolder
ShellExecuteExW
SHGetMalloc
ord90
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHBindToParent

shlwapi

PathFindExtensionW
PathIsFileSpecW
PathIsUNCW
PathAppendW
StrCmpIW
ord388
PathIsNetworkPathW
UrlIsW
PathCreateFromUrlW
PathRemoveExtensionW
PathRemoveFileSpecW
StrRetToBufW
PathIsDirectoryW
PathFindFileNameW
PathGetDriveNumberW
PathIsDirectoryEmptyW

user32

GetWindowRect
SystemParametersInfoW
PostMessageW
DrawTextW
UnionRect
PtInRect
ShowWindow
GetKeyState
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
IsWindowVisible
IsWindow
GetFocus
GetWindow
GetSysColorBrush
InflateRect
FrameRect
GetCapture
SendInput
GetMessageExtraInfo
SetLayeredWindowAttributes
UnregisterClassA
LoadMenuW
WindowFromPoint
LoadStringW
LoadImageW
SetParent
GetClassInfoExW
CharNextW
SetWindowLongW
GetWindowLongW
CreateWindowExW
SendMessageW
DestroyWindow
DefWindowProcW
GetSysColor
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameW
ReleaseCapture
FillRect
CallWindowProcW
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
SetFocus

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetGetUniversalNameW
WNetCloseEnum

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 527KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8ec452cab3387d16312737ab504be626

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

gdi32

kernel32

ole32

oleaut32

shell32

shlwapi

user32

mpr

Exports

Exports

Sections

.text Size: 210KB - Virtual size: 210KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 527KB - Virtual size: 526KB

.reloc Size: 24KB - Virtual size: 24KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 210KB - Virtual size: 210KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 527KB - Virtual size: 526KB

.reloc
Size: 24KB - Virtual size: 24KB

.rmnet
Size: 56KB - Virtual size: 60KB