a4b20735be317a924d2e36707baaf911fbae890ca53c5044fb506f15d33bcb6d

Sharing

Copy URL Twitter E-mail

General

Target

a4b20735be317a924d2e36707baaf911fbae890ca53c5044fb506f15d33bcb6d
Size

556KB
MD5

8888bdbd4e118d915d40a11748282bca
SHA1

4e8822d2242d175cc3d708843e2cd71b7ee7033d
SHA256

a4b20735be317a924d2e36707baaf911fbae890ca53c5044fb506f15d33bcb6d
SHA512

a96f5e72905571de84f515dd8a19c87d5143ead532bf01f0132da8262974bfaf910f24b466d49cd4ee83845fc65f02c273a550786854aec3e0f4fa713929b562
SSDEEP

6144:lO4zReIcAtVXrPsS3Syvqe4v2QeD8yCaDSCwBwAlvz6Bm2hf9QdHHtMMeOh4J7Wu:lO4zRe7AvBiyvqe4pe7wHlv1tO7VYFk

Score

N/A

Malware Config

Signatures

Files

a4b20735be317a924d2e36707baaf911fbae890ca53c5044fb506f15d33bcb6d
.dll regsvr32 windows x86

d249124e9bb3cd7ad1eff43913414080

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt40

atol
_stricmp
atoi
_ultoa
wcslen
malloc
free
strncmp
wcscpy
??3@YAXPAX@Z
_ftol
_purecall
strtod
_strnicmp
??2@YAPAXI@Z
memmove
toupper
sprintf

kernel32

DeleteCriticalSection
TlsGetValue
InitializeCriticalSection
lstrcmpW
lstrlenA
GlobalUnlock
lstrcpynA
GlobalReAlloc
GlobalFree
GlobalLock
IsDBCSLeadByte
Sleep
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetModuleFileNameA
GetModuleHandleA
TlsFree
TlsAlloc
WideCharToMultiByte
GlobalAlloc
lstrcatA
lstrcpyA
CompareStringA
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
GetCurrentProcessId
CompareStringW
TlsSetValue

user32

GetWindow
DispatchMessageA
PeekMessageA
GetWindowLongA
GetWindowThreadProcessId
IsWindowVisible
wsprintfA
GetDesktopWindow
TranslateMessage

advapi32

RegQueryValueA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantClear
DispGetParam
SafeArrayGetElement
SafeArrayPutElement
CreateErrorInfo
SafeArrayGetUBound
SafeArrayAccessData
SysAllocStringLen
SysStringLen
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
DispGetIDsOfNames
DispInvoke
SysStringByteLen
VariantInit
SetErrorInfo
GetErrorInfo
VariantChangeTypeEx
SafeArrayUnaccessData
SysFreeString
SysAllocStringByteLen
VariantCopy
VariantChangeType
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SafeArrayDestroy
SafeArrayRedim

ole32

CoInitialize
CoGetClassObject
CoGetMalloc
CoUninitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer

Sections

.text
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d249124e9bb3cd7ad1eff43913414080

Headers

File Characteristics

Imports

msvcrt40

kernel32

user32

advapi32

oleaut32

ole32

Exports

Exports

Sections

.text Size: 458KB - Virtual size: 457KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 72KB - Virtual size: 71KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 458KB - Virtual size: 457KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 72KB - Virtual size: 71KB

.reloc
Size: 20KB - Virtual size: 20KB