740bcc5b2a284707b0a6dc4a742213b9cae42958ae0721b3a1d3dcc97cbcd60d

Sharing

Copy URL Twitter E-mail

General

Target

740bcc5b2a284707b0a6dc4a742213b9cae42958ae0721b3a1d3dcc97cbcd60d
Size

1.2MB
MD5

42b590b209bc6e78fb8da75218e90650
SHA1

9853cdf44d8b0c4c3ee1150f04aa0a6536884f01
SHA256

740bcc5b2a284707b0a6dc4a742213b9cae42958ae0721b3a1d3dcc97cbcd60d
SHA512

785641ba6692f37d28ab5b27fe856838e3b57bb37bc87cd2684b2216468f2ca418c267ce4d50506aa4d3bb983d2ea245ef18f9fe05122388cd1d168e50ba21cb
SSDEEP

6144:w9I1Hh+5fRPjlKO1xHvvxTIr6FODyv8Kd/DxXc:A5JFIfKvX

Score

N/A

Malware Config

Signatures

Files

740bcc5b2a284707b0a6dc4a742213b9cae42958ae0721b3a1d3dcc97cbcd60d
.dll regsvr32 windows x86

091e885f9ed987b6bcdc688d2e45286e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

audiocapture

??0CAudioCapture@@QAE@XZ
?PushParameter@CAudioCapture@@QAEXPBDI@Z
?StartAudio@CAudioCapture@@QAEHXZ
?StopAudio@CAudioCapture@@QAEHXZ
??1CAudioCapture@@QAE@XZ

kernel32

QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetModuleHandleW
SetThreadLocale
GetThreadLocale
SetLastError
GetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryW
GetProcAddress
VirtualAlloc
VirtualFree
GetCurrentThreadId
GetLocalTime
MultiByteToWideChar
OutputDebugStringW
lstrlenA
GlobalSize
GetModuleFileNameW
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
InterlockedCompareExchange
WideCharToMultiByte
lstrlenW
FlushInstructionCache

user32

CharNextW
SetWindowLongW
GetWindowLongW
UnregisterClassA
CallWindowProcW
GetClassInfoExW
LoadCursorW
IsWindow
GetKeyState
GetFocus
IsChild
SetFocus
UnionRect
PtInRect
CreateWindowExW
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
ShowWindow
DefWindowProcW
InvalidateRect
DestroyWindow
LoadImageW
RegisterClassExW

gdi32

GetDeviceCaps
LPtoDP
SetMapMode
SetViewportOrgEx
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
StretchBlt
DeleteObject
GetDIBColorTable
GetObjectW
SelectObject
DeleteDC
CreateCompatibleDC

ole32

CreateOleAdviseHolder
OleRegEnumVerbs
OleRegGetUserType
CoTaskMemAlloc
CreateDataAdviseHolder
CoTaskMemFree
CLSIDFromString
OleRegGetMiscStatus
CoCreateInstance

oleaut32

OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
VariantChangeType
VariantInit
SysStringByteLen
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysStringLen
SysAllocString
VariantClear

atl90

ord27
ord23
ord61
ord68
ord56
ord49
ord30
ord51
ord50
ord31
ord26
ord15
ord58
ord44
ord43
ord32
ord64
ord67

rpcrt4

NdrOleFree
NdrStubForwardingFunction
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubCall2

gdiplus

GdiplusShutdown

msimg32

AlphaBlend
TransparentBlt

msvcr90

_free_locale
vsprintf_s
vsprintf
memcpy
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
fclose
fsetpos
fseek
fgetpos
??0exception@std@@QAE@XZ
fwrite
setvbuf
fflush
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_encoded_null
_malloc_crt
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
strcat_s
memchr
atoi
__uncaught_exception
mbstowcs_s
_wfsopen
islower
ungetc
setlocale
abort
_calloc_crt
___lc_handle_func
___lc_codepage_func
isupper
__pctype_func
__crtLCMapStringA
malloc
_except_handler4_common
_initterm
?terminate@@YAXXZ
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
memcpy_s
memmove_s
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
wcsncpy_s
_wcsnicmp
swprintf_s
free
??_V@YAXPAX@Z
_recalloc
_itow_s
memset
_invalid_parameter_noinfo
wcscpy_s
wcscat_s
fgetc
fputc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

091e885f9ed987b6bcdc688d2e45286e

Headers

DLL Characteristics

File Characteristics

Imports

audiocapture

kernel32

user32

gdi32

ole32

oleaut32

atl90

rpcrt4

gdiplus

msimg32

msvcr90

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 77KB

.orpc Size: 512B - Virtual size: 51B

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 12KB - Virtual size: 11KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 78KB - Virtual size: 77KB

.orpc
Size: 512B - Virtual size: 51B

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 12KB - Virtual size: 11KB

.rmnet
Size: 56KB - Virtual size: 60KB