c3cd41309bf0725c752b898a2a12f74d7e92edbefda145831ce878000cb6ed10

Sharing

Copy URL Twitter E-mail

General

Target

c3cd41309bf0725c752b898a2a12f74d7e92edbefda145831ce878000cb6ed10
Size

720KB
MD5

1e14169bb4e977edcc8341a980a09a0d
SHA1

cd1668c9a546718b958e5cbf49a3c8557f64adef
SHA256

c3cd41309bf0725c752b898a2a12f74d7e92edbefda145831ce878000cb6ed10
SHA512

ef1a1b2d34a335b69a9539f524905639efd74e66b8a7a41c05fdcd57ff94f4e3a9b96288579804fa8b5a8142f67660ba6eef4401b2b982865e467dcce3448e3f
SSDEEP

12288:3Q6HLPSW6Ciu9BpTD9TSS80ljz7RiXhaSBUy6OmoiXq5X/+SXVvo1RZoYp+JxSv/:3Q6HLPSW6Ciu9BpTDJSS80ljz7RiXcSI

Score

N/A

Malware Config

Signatures

Files

c3cd41309bf0725c752b898a2a12f74d7e92edbefda145831ce878000cb6ed10
.dll regsvr32 windows x86

cb76e6e1be8849a6c22c22ee43d530d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ltdis13n

ord110
ord117
ord146
ord116
ord102
ord201
ord104
ord195
ord194
ord197
ord196
ord139
ord137
ord200
ord160
ord164
ord205
ord204
ord202
ord161
ord140
ord142
ord144
ord143
ord141
ord151
ord107
ord188
ord114
ord108
ord105
ord106
ord119
ord187
ord113
ord109
ord115
ord163
ord128
ord123
ord126
ord133
ord149
ord150
ord198
ord124
ord125
ord203
ord192
ord191
ord199
ord132
ord118
ord122
ord186
ord193
ord154
ord129
ord138
ord103
ord156
ord190
ord152
ord162

ltefx13n

ord102
ord100
ord101
ord107
ord103
ord108

ltfil13n

ord195
ord194
ord198
ord110
ord109
ord189
ord140
ord171
ord108
ord172
ord156
ord138
ord149
ord197
ord205
ord192
ord152
ord193
ord113
ord135
ord151
ord134
ord117
ord136
ord116
ord121
ord119
ord120
ord183
ord122
ord163
ord191
ord161
ord100
ord114
ord145
ord112
ord133
ord102
ord199
ord105
ord103
ord131
ord184
ord115
ord162
ord107
ord160
ord139
ord159
ord106
ord104
ord190

ltimg13n

ord166
ord167
ord164
ord170
ord169
ord106
ord122
ord117
ord105
ord165
ord159
ord158
ord157
ord163
ord156
ord155
ord150
ord162
ord161
ord154
ord152
ord153
ord148
ord151
ord149
ord132
ord134
ord133
ord141
ord135
ord142
ord138
ord140
ord139
ord131
ord137
ord129
ord128
ord130
ord127
ord108
ord125
ord107
ord121
ord113
ord147
ord112
ord114
ord168
ord124
ord146
ord109
ord111
ord116
ord100
ord123
ord120
ord102
ord104
ord119
ord172
ord115
ord171
ord160
ord101
ord110
ord103
ord136
ord118

ltkrn13n

ord175
ord174
ord183
ord100
ord179
ord288
ord110
ord104
ord256
ord125
ord148
ord241
ord257
ord111
ord238
ord236
ord239
ord237
ord128
ord234
ord232
ord235
ord116
ord240
ord269
ord124
ord133
ord144
ord129
ord233
ord188
ord189
ord141
ord281
ord196
ord145
ord123
ord150
ord117
ord120
ord151
ord140
ord204
ord278
ord157
ord115
ord219
ord131
ord136
ord108
ord283
ord135
ord197
ord217
ord205
ord112
ord258
ord220
ord206
ord207
ord132
ord139
ord221
ord244
ord134
ord254
ord284
ord282
ord285

lttwn13n

ord107
ord108
ord103
ord102
ord101
ord104
ord106
ord105

mfc42

ord3670
ord815
ord3262
ord1168
ord599
ord5714
ord3952
ord3401
ord561
ord1216
ord1656
ord434
ord5575
ord2911
ord2889
ord3549
ord6354
ord1243
ord5959
ord3119
ord5868
ord1227
ord3230
ord5984
ord1877
ord4249
ord2687
ord6119
ord4023
ord613
ord289
ord3797
ord3003
ord6128
ord6129
ord5917
ord2795
ord3203
ord2901
ord5289
ord2864
ord3626
ord3663
ord3692
ord1641
ord5492
ord4025
ord6042
ord2414
ord3571
ord5307
ord5791
ord2405
ord5785
ord1640
ord323
ord283
ord6281
ord3573
ord3706
ord4949
ord641
ord2514
ord324
ord5261
ord3457
ord1614
ord6030
ord4459
ord5033
ord4027
ord5767
ord5979
ord3199
ord758
ord3502
ord2158
ord2150
ord475
ord5647
ord6084
ord3815
ord4083
ord3057
ord2450
ord4317
ord5858
ord5861
ord4660
ord535
ord4661
ord4650
ord4502
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4079
ord2724
ord640
ord4856
ord4920
ord6002
ord2137
ord3820
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4689
ord5023
ord4654
ord4643
ord4780
ord4649
ord4637
ord5060
ord4584
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord2488
ord3404
ord2954
ord6055
ord4078
ord1776
ord4407
ord5241
ord2384
ord5163
ord4353
ord3798
ord4837
ord4441
ord5302
ord2055
ord6376
ord3749
ord5065
ord1727
ord5574
ord5184
ord5277
ord2983
ord3148
ord3260
ord4466
ord2986
ord3080
ord4624
ord5825
ord3693
ord5668
ord5183
ord5185
ord5182
ord5050
ord4902
ord5048
ord4767
ord4481
ord3519
ord2904
ord6422
ord5170
ord5166
ord5167
ord5168
ord5171
ord5172
ord5229
ord4698
ord5169
ord5189
ord5188
ord3794
ord2917
ord1970
ord6425
ord962
ord6315
ord4180
ord6390
ord6427
ord3322
ord6013
ord5776
ord2604
ord5186
ord3180
ord3183
ord3176
ord3509
ord3594
ord723
ord541
ord2614
ord2636
ord604
ord540
ord276
ord3946
ord423
ord1114
ord1685
ord3138
ord6040
ord1686
ord6261
ord4371
ord4982
ord5314
ord268
ord5332
ord5328
ord5334
ord5316
ord5337
ord5329
ord5333
ord5324
ord5339
ord5319
ord2541
ord1567
ord1113
ord5327
ord3525
ord6093
ord5678
ord6194
ord5794
ord5736
ord5888
ord4760
ord4743
ord2379
ord4788
ord5573
ord4765
ord4328
ord5786
ord2452
ord6370
ord5572
ord2915
ord4903
ord858
ord4137
ord5875
ord5787
ord5788
ord6170
ord2860
ord4979
ord4299
ord6115
ord4791
ord2727
ord2730
ord2729
ord5290
ord6143
ord4636
ord4018
ord3945
ord4756
ord4913
ord4914
ord4915
ord1574
ord539
ord3237
ord4099
ord6019
ord5968
ord5970
ord4006
ord1177
ord1210
ord956
ord665
ord1979
ord5442
ord5773
ord353
ord1099
ord1911
ord3316
ord3314
ord5242
ord6121
ord1774
ord2490
ord5010
ord5658
ord2395
ord6322
ord2609
ord1006
ord6123
ord4291
ord1994
ord5192
ord775
ord695
ord393
ord503
ord5705
ord638
ord2764
ord1688
ord321
ord1261
ord3752
ord2385
ord6374
ord818
ord567
ord1949
ord4627
ord4275
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord537
ord860
ord1601
ord800
ord3258
ord446
ord743
ord3681
ord3353
ord3081
ord3278
ord5498
ord4472
ord6365
ord3326
ord6364
ord4003
ord2486
ord4226
ord1214
ord1226
ord4622
ord1223
ord825
ord1799
ord823
ord290
ord2623
ord1206
ord614
ord4424
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord2985
ord3136
ord4465
ord3259
ord3147
ord2982
ord6041
ord2446
ord2124
ord2648
ord2156
ord4639
ord5674
ord6262
ord2794
ord1963
ord1176
ord1131
ord1132
ord1116
ord6412
ord1575
ord1182
ord342
ord600
ord1577
ord1253
ord1197
ord1570
ord1255
ord1578
ord826
ord269

msvcrt

_initterm
wcscpy
memmove
__CxxFrameHandler
wcsncpy
wcslen
_except_handler3
_chdir
_getcwd
strrchr
_ftol
ceil
strtok
_mbsrchr
_EH_prolog
__dllonexit
_onexit
??1type_info@@UAE@XZ
free
malloc
_adjust_fdiv

kernel32

GetProcAddress
GetVersionExA
LoadLibraryA
GlobalUnlock
GlobalHandle
GlobalFree
GlobalLock
GlobalAlloc
GetVersion
OpenFile
lstrcpyA
lstrlenA
GetModuleFileNameA
MulDiv
Sleep
lstrcmpA
IsBadReadPtr
GlobalReAlloc
lstrcpynA
CloseHandle
CreateFileA
lstrcmpiA
GetProfileStringA
LocalFree
LocalAlloc
FreeLibrary

user32

DeleteMenu
InsertMenuItemA
CopyRect
ValidateRect
GetMenuStringA
SetTimer
GetWindowRect
PtInRect
GetKeyState
KillTimer
GetMenuItemID
IsWindowVisible
SetMenuItemInfoA
PostMessageA
DefWindowProcA
EnumChildWindows
GetMenuItemInfoA
EnableWindow
RegisterClipboardFormatA
CreateWindowExA
DestroyWindow
GetCursorPos
SetWindowLongA
FillRect
MapWindowPoints
CreateMenu
DestroyCursor
GetSubMenu
RegisterClassA
LoadCursorA
UnregisterClassA
OffsetRect
GetSystemMetrics
GetClassNameA
ShowWindow
BeginPaint
SetCapture
ReleaseCapture
DispatchMessageA
EndPaint
TranslateMessage
SetCursor
EqualRect
SetWindowPos
IsMenu
GetMenuItemCount
GetParent
IntersectRect
GetWindow
IsWindow
InflateRect
SetRect
ReleaseDC
GetDC
IsRectEmpty
SetRectEmpty
ClientToScreen
ScreenToClient
RedrawWindow
UpdateWindow
GetWindowLongA
SendMessageA
wsprintfA
InvalidateRect

gdi32

Rectangle
GetDeviceCaps
GetStockObject
CreateDCA
GetDIBits
GetSystemPaletteEntries
CreatePalette
SelectPalette
GetTextExtentPointA
CreatePen
SetROP2
BitBlt
RoundRect
CreateBrushIndirect
Polyline
EndDoc
Ellipse
StartDocA
DeleteDC
EndPage
GetObjectA
GetPaletteEntries
StartPage
FillRgn
RestoreDC
CreateRectRgn
OffsetRgn
CreateRectRgnIndirect
CombineRgn
SaveDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
RealizePalette
StretchDIBits
DeleteObject

shell32

DragQueryFileA

ole32

CoCreateInstance
RegisterDragDrop
CoTaskMemAlloc
RevokeDragDrop
ReleaseStgMedium
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoGetMalloc

olepro32

ord248

oleaut32

VariantCopy
VariantClear
SysAllocString
SafeArrayAccessData
SafeArrayCreate
SafeArrayLock
VariantInit
SafeArrayGetDim
VariantChangeType
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayGetElemsize
LoadRegTypeLi
SafeArrayUnlock
SafeArrayDestroy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
L_GetControlBitmap
L_SetControlBitmap

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb76e6e1be8849a6c22c22ee43d530d3

Headers

File Characteristics

Imports

ltdis13n

ltefx13n

ltfil13n

ltimg13n

ltkrn13n

lttwn13n

mfc42

msvcrt

kernel32

user32

gdi32

shell32

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 292KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 133KB - Virtual size: 138KB

.idata Size: 10KB - Virtual size: 9KB

.rsrc Size: 212KB - Virtual size: 211KB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 292KB - Virtual size: 292KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 133KB - Virtual size: 138KB

.idata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 212KB - Virtual size: 211KB

.reloc
Size: 27KB - Virtual size: 26KB