1f215fba541801d502eecab3c3a789f6df8e15a07864b21b8523e1cd70dbe70e

Sharing

Copy URL Twitter E-mail

General

Target

1f215fba541801d502eecab3c3a789f6df8e15a07864b21b8523e1cd70dbe70e
Size

311KB
MD5

09fa499649f337f055d93e867c983c70
SHA1

cfd90f4d323356f995c1cddc3f77de595f34491b
SHA256

1f215fba541801d502eecab3c3a789f6df8e15a07864b21b8523e1cd70dbe70e
SHA512

9a9a3654c30d19ad09895c1147f32730c92e256029fa4572ec492861d056ad2e7ed8b12306a2afe8f2923b0b5ef0f344d5dfcd930d3d573681c22759dc102e0e
SSDEEP

6144:UeU+VePnSM2+nXSFAy5FstrHmi9DGUYTwO/sOBLsz:UeBVel+AyrerHtDGUow6TB4z

Score

N/A

Malware Config

Signatures

Files

1f215fba541801d502eecab3c3a789f6df8e15a07864b21b8523e1cd70dbe70e
.dll regsvr32 windows x86

272a90121186ee5f29bdf37cd2695757

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
EnterCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
LeaveCriticalSection
lstrlenA
FormatMessageW
GetModuleHandleW
GetDateFormatW
GetThreadLocale
GetTimeFormatW
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
FreeLibrary
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetVersionExA
LoadLibraryW
GetModuleFileNameW
lstrlenW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
GetCurrentProcess
RaiseException
InterlockedDecrement
InterlockedIncrement
GetTickCount
lstrcmpW

msvcr80

_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
memcpy
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
swprintf_s
wcspbrk
_recalloc
iswspace
isalpha
free
malloc
_gcvt_s
_ui64tow_s
_vsnwprintf_s
_ltow_s
memset
_i64tow_s
wcsncat_s
atof
setlocale
wcstod
wcsstr
_vswprintf_c_l
wcscat_s
wcscpy_s
wcschr
??2@YAPAXI@Z
vswprintf_s
_vscwprintf
memcpy_s
memmove_s
wcsncmp
_purecall
??_V@YAXPAX@Z
wcsncpy_s
??_U@YAPAXI@Z
??3@YAXPAX@Z
_encode_pointer
_CIfmod

user32

UnregisterClassA
LoadStringW

advapi32

RegEnumKeyExW
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW

ole32

StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoLockObjectExternal

oleaut32

VariantCopy
VariantInit
SysFreeString
VarR8FromStr
VariantTimeToSystemTime
VariantChangeType
SysAllocStringLen
VariantClear
SysStringLen
SysAllocString
VarR4FromStr

shlwapi

StrToInt64ExW
PathAddBackslashW
PathAppendW
StrToIntExW
PathRemoveFileSpecW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

272a90121186ee5f29bdf37cd2695757

Headers

File Characteristics

Imports

kernel32

msvcr80

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 182KB - Virtual size: 182KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 11KB - Virtual size: 10KB

.text Size: 108KB - Virtual size: 112KB

.text
Size: 182KB - Virtual size: 182KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 11KB - Virtual size: 10KB

.text
Size: 108KB - Virtual size: 112KB