71e052ef6a501001994eadd4aed90d1b2e50993660e8b00dc79c00ecf03539e6

Sharing

Copy URL Twitter E-mail

General

Target

71e052ef6a501001994eadd4aed90d1b2e50993660e8b00dc79c00ecf03539e6
Size

273KB
MD5

186a19b9452ad1129125c32ff6ea40e0
SHA1

5fd379a68fb0075460bad2a33aab7001bd01433b
SHA256

71e052ef6a501001994eadd4aed90d1b2e50993660e8b00dc79c00ecf03539e6
SHA512

4cb295f955a9b1c0eb1ec1861314a82667e9b014644b45c051c85f6c8cf212faba329a7f6f3e4bc02d40da2f07fa9c58d9857da562476d6ec389f1cb0d5dd74e
SSDEEP

6144:GY2isCRuQtddhkDnJb79zNnk9ktNBhUZXG82qh9V/Qv1DnYqCVn:z4CYkddhkDnJb79zN3nkZXGbWI1Y5V

Score

N/A

Malware Config

Signatures

Files

71e052ef6a501001994eadd4aed90d1b2e50993660e8b00dc79c00ecf03539e6
.dll regsvr32 windows x86

6d5047d40b08a59beb4c784e842b1176

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
lstrlenA
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetVersionExA
VirtualFree
HeapAlloc
GetProcessHeap
InterlockedDecrement
IsBadReadPtr
HeapFree
GetLongPathNameA
InterlockedIncrement
DisableThreadLibraryCalls
FindFirstFileA
FileTimeToLocalFileTime
GetLastError
FileTimeToSystemTime
GetLocalTime
GetTempPathA
GetModuleFileNameA
GetModuleHandleA
MultiByteToWideChar
GetFileAttributesA
LocalAlloc
SetLastError
LocalFree

user32

FindWindowA
SystemParametersInfoA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoGetClassObject
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromProgID

oleaut32

SysFreeString
LoadRegTypeLi
SysStringLen
VariantInit
SysAllocString
SysAllocStringLen
VariantClear

atl

ord57
ord16
ord58
ord30
ord21
ord15
ord32
ord23
ord18

msvcp60

?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXIG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z

shlwapi

PathFileExistsA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

msvcrt

isspace
_CxxThrowException
wcslen
_adjust_fdiv
_initterm
_onexit
__dllonexit
_stricmp
rand
srand
time
strncpy
calloc
strstr
strlen
strcat
free
memset
strcpy
isalnum
strcmp
malloc
strrchr
sprintf
??2@YAPAXI@Z
atol
__CxxFrameHandler
fclose
fread
rewind
ftell
fseek
fopen
fflush
fwrite
memcpy
_except_handler3
_purecall
memcmp
_strlwr
strtol
atoi
realloc
toupper
tolower
??1type_info@@UAE@XZ
islower
isupper
isxdigit
ispunct
isprint
isgraph
isdigit
iscntrl
__isascii
isalpha
strncmp
bsearch
memmove

urlmon

FindMimeFromData
CoInternetGetSession
CreateURLMoniker

shell32

ShellExecuteA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d5047d40b08a59beb4c784e842b1176

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

atl

msvcp60

shlwapi

version

msvcrt

urlmon

shell32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 125KB - Virtual size: 131KB

.share Size: 10KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 7KB - Virtual size: 6KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 125KB - Virtual size: 131KB

.share
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 7KB - Virtual size: 6KB

.rmnet
Size: 56KB - Virtual size: 60KB