General

Malware Config

Signatures

Files

• 174d303881482e038c04f95484d15088eb4160cf5bd3f21aba0c12c9b50a3637

  .dll regsvr32 windows x86

  4281b231a4746ce57ca0faf292ed80da

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  GetModuleHandleA

  lstrcmpA

  WriteFile

  GetFileSize

  CreateFileMappingA

  MapViewOfFile

  GetFileType

  CloseHandle

  GetLocalTime

  SystemTimeToFileTime

  LocalFileTimeToFileTime

  UnmapViewOfFile

  FileTimeToLocalFileTime

  SetLastError

  FileTimeToSystemTime

  FormatMessageA

  LocalAlloc

  LocalFree

  LoadLibraryExA

  FindResourceA

  LoadResource

  SizeofResource

  LoadLibraryA

  GetProcAddress

  FreeLibrary

  GetModuleFileNameA

  lstrcpyA

  lstrcpynA

  lstrcatA

  DisableThreadLibraryCalls

  HeapDestroy

  EnterCriticalSection

  LeaveCriticalSection

  lstrcmpiA

  IsDBCSLeadByte

  lstrlenA

  InterlockedDecrement

  InterlockedIncrement

  DeleteCriticalSection

  InitializeCriticalSection

  GetLastError

  lstrlenW

  GetVersionExA

  WideCharToMultiByte

  MultiByteToWideChar

  VirtualQuery

  GetSystemInfo

  VirtualAlloc

  VirtualProtect

  ExpandEnvironmentStringsW

  ExpandEnvironmentStringsA

  CreateFileW

  CreateFileA

  FlushFileBuffers

  SetStdHandle

  SetFilePointer

  GetStringTypeW

  GetStringTypeA

  GetLocaleInfoA

  LCMapStringW

  LCMapStringA

  IsBadCodePtr

  IsBadReadPtr

  RaiseException

  GetCPInfo

  GetOEMCP

  HeapSize

  IsBadWritePtr

  VirtualFree

  GetACP

  InterlockedExchange

  Sleep

  GetCommandLineA

  HeapFree

  HeapAlloc

  GetProcessHeap

  HeapReAlloc

  ExitProcess

  TlsAlloc

  TlsFree

  TlsSetValue

  TlsGetValue

  SetHandleCount

  GetStdHandle

  GetStartupInfoA

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  HeapCreate

  ntdll

  RtlUnwind

  mssign32

  SignerTimeStamp

  advapi32

  CryptDeriveKey

  CryptGetUserKey

  CryptGetHashParam

  CryptDecrypt

  CryptEncrypt

  CryptGenRandom

  CryptCreateHash

  CryptHashData

  CryptSetKeyParam

  CryptDestroyKey

  CryptAcquireContextA

  CryptGetProvParam

  CryptGetKeyParam

  RegEnumKeyExA

  CryptDestroyHash

  CryptReleaseContext

  RegEnumValueA

  RegQueryInfoKeyA

  RegSetValueExA

  RegOpenKeyExA

  RegCreateKeyExA

  RegCloseKey

  RegDeleteValueA

  RegDeleteKeyA

  crypt32

  CertFreeCertificateChain

  CertCloseStore

  CertAddEncodedCertificateToStore

  CertFindExtension

  CertGetEnhancedKeyUsage

  CertGetCertificateChain

  CertVerifyCertificateChainPolicy

  CertEnumCertificatesInStore

  CertDuplicateCertificateContext

  CertOpenStore

  CertDuplicateStore

  CertComparePublicKeyInfo

  CryptExportPublicKeyInfo

  CertGetNameStringW

  CertAddCertificateContextToStore

  CertGetCertificateContextProperty

  PFXImportCertStore

  CryptQueryObject

  CertSetCertificateContextProperty

  CertVerifyTimeValidity

  CertFindCertificateInStore

  CertGetValidUsages

  CertGetIntendedKeyUsage

  CryptFindOIDInfo

  CertFindChainInStore

  CertSaveStore

  CertCreateCertificateContext

  CryptMsgGetParam

  CertDuplicateCertificateChain

  CryptEncodeObject

  CryptDecodeObject

  CryptAcquireCertificatePrivateKey

  CertCompareIntegerBlob

  CryptFormatObject

  CryptMsgOpenToEncode

  CryptMsgClose

  CryptMsgUpdate

  CryptMsgOpenToDecode

  CryptMsgControl

  CertGetSubjectCertificateFromStore

  CertEnumCertificateContextProperties

  CertCompareCertificateName

  PFXExportCertStoreEx

  CertGetPublicKeyLength

  CertFindAttribute

  CertControlStore

  CertDeleteCertificateFromStore

  CertFreeCertificateContext

  ole32

  CoTaskMemFree

  ProgIDFromCLSID

  CoCreateInstance

  CoTaskMemRealloc

  CoCreateFreeThreadedMarshaler

  CoTaskMemAlloc

  oleaut32

  SysAllocString

  SysFreeString

  SysStringLen

  VariantClear

  VarUI4FromStr

  LoadTypeLi

  RegisterTypeLi

  LoadRegTypeLi

  VariantCopy

  SysAllocStringLen

  SetErrorInfo

  CreateErrorInfo

  VariantChangeType

  SystemTimeToVariantTime

  SysStringByteLen

  VariantTimeToSystemTime

  SysAllocStringByteLen

  VariantInit

  SafeArrayDestroy

  SafeArrayUnaccessData

  SafeArrayAccessData

  SafeArrayGetDim

  SafeArrayGetLBound

  SafeArrayGetUBound

  SafeArrayCreate

  user32

  CharNextA

  CharPrevA

  LoadStringA

  wsprintfA

  SetWindowPos

  GetSystemMetrics

  GetWindowRect

  SetFocus

  GetDlgItem

  SetWindowLongA

  EndDialog

  IsDlgButtonChecked

  GetWindowLongA

  DialogBoxParamA

  wininet

  InternetCrackUrlW

  InternetCanonicalizeUrlW

  wintrust

  WTHelperGetProvSignerFromChain

  WTHelperProvDataFromStateData

  WTHelperGetProvCertFromChain

  WinVerifyTrust

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnregisterServer

  Sections

  .text

  Size: 259KB - Virtual size: 259KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 45KB - Virtual size: 52KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 126KB - Virtual size: 126KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 24KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .text

  Size: 178KB - Virtual size: 180KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE