3d58d92d34cc3ada7e15a02816cd2388b10591618d2c29ed35e1786526265926

Sharing

Copy URL

Twitter E-mail

General

Target

3d58d92d34cc3ada7e15a02816cd2388b10591618d2c29ed35e1786526265926
Size

143KB
MD5

27578daec66f4cc4891ce4a029207300
SHA1

9c361704568c671949f41580845d21b2e67ea9db
SHA256

3d58d92d34cc3ada7e15a02816cd2388b10591618d2c29ed35e1786526265926
SHA512

e25f6db75cc05ea5f7a5a3c51c1bf325a68ecb9c47852ba717871653a22122606fc8f8cd0332d4acdce967f1fd04d44ab4b8c7e017f256bb688a89e8d6dff820
SSDEEP

3072:NMQehZRwDur+suLi/SjHY4gV8BcHem/hSfr57PmwnOinC:NMnZRwarqOSDY4gOBcHem/QfNPmwnOiC

Score

N/A

Malware Config

Signatures

Files

3d58d92d34cc3ada7e15a02816cd2388b10591618d2c29ed35e1786526265926
.dll regsvr32 windows x86

c204d250b573c53639a800e7d5d3f4f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
_vsnwprintf
calloc
??3@YAXPAX@Z
_XcptFilter
_initterm
_amsg_exit
?terminate@@YAXXZ
_except_handler4_common
_errno
memcpy
_unlock
__dllonexit
_lock
_onexit
realloc
_CxxThrowException
tolower
??_U@YAPAXI@Z
memset
??2@YAPAXI@Z
_wcsicmp
_purecall
__CxxFrameHandler3
wcsncmp
memmove_s
wcscat_s
wcsncpy_s
wcscpy_s
free
??_V@YAXPAX@Z

kernel32

lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
SetLastError
WaitForSingleObject
CreateThread
CloseHandle
CreateEventW
SetEvent
LocalAlloc
WriteFile
CreateDirectoryW
ExpandEnvironmentStringsW
CreateFileW
ReadFile
OpenProcess
GetVersionExA
InterlockedExchange
CompareStringW
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
LocalFree

ole32

CoInitializeEx
StringFromGUID2
StringFromCLSID
PropVariantClear
CoCreateInstance
CoUninitialize
CoTaskMemFree

oleaut32

SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SysFreeString

user32

CharNextW
UnregisterClassA

advapi32

GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
TraceMessage
GetTraceEnableFlags
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegRestoreKeyW
RegSaveKeyW
GetLengthSid
CopySid
EventRegister
ConvertStringSidToSidW
IsWellKnownSid
EventUnregister
TraceEvent
IsValidSid
EqualSid

setupapi

SetupDiCreateDeviceInfoList
SetupDiCreateDevRegKeyW
SetupDiGetClassDevsExW
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoListExW
SetupDiGetDeviceInfoListDetailW
SetupDiOpenDeviceInfoW
CM_Get_DevNode_Registry_Property_ExW
SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExW
CM_Get_Parent_Ex

wdscore

ConstructPartialMsgVW
WdsSetupLogMessageW
CurrentIP
WdsSetupLogDestroy
WdsSetupLogInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Microsoft_WDF_UMDF_Version

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c204d250b573c53639a800e7d5d3f4f9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

ole32

oleaut32

user32

advapi32

setupapi

wdscore

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 70KB

.data Size: 64KB - Virtual size: 65KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 71KB - Virtual size: 70KB

.data
Size: 64KB - Virtual size: 65KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB