ad9c32497375db3f061c865bcb33136f9528e10f202153ced3080cf3ec4e16da

Sharing

Copy URL Twitter E-mail

General

Target

ad9c32497375db3f061c865bcb33136f9528e10f202153ced3080cf3ec4e16da
Size

711KB
MD5

073d5292d76e43e813a34e2cb23ac21a
SHA1

a1aca0c75119cb478adc93d3b7274c0ef70d2179
SHA256

ad9c32497375db3f061c865bcb33136f9528e10f202153ced3080cf3ec4e16da
SHA512

7f75d1f773796d6cca5c1819aaf7ce267b6b46a8e2bc9d6d87dee9a068180be4e4d522b3f4cc6c39d98b33036a245dc882c94315b79570963dacd627661590ba
SSDEEP

12288:eG0zYjrx3pxcPAv+3RWeME6KKQSbAwzzPZXk5ppIXRYv4pgBu42rLpAsEB:L0s3xMPAv+h+f0wzzPFEpOu

Score

N/A

Malware Config

Signatures

Files

ad9c32497375db3f061c865bcb33136f9528e10f202153ced3080cf3ec4e16da
.dll regsvr32 windows x86

fc3a18326622c483e5453b42f7abc1f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
ContinueDebugEvent
CreateEventA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateThread
DebugActiveProcess
DebugBreak
DeleteCriticalSection
DeleteFileA
DisableThreadLibraryCalls
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FlushFileBuffers
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetThreadContext
GetThreadLocale
GetThreadSelectorEntry
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
MapViewOfFile
MultiByteToWideChar
OpenEventA
OpenProcess
RaiseException
ReadFile
ReadProcessMemory
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadContext
SetThreadLocale
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForDebugEvent
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
WriteProcessMemory

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSAAsyncSelect
WSAGetLastError
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
getsockopt
htons
ntohl
recv
select
send
setsockopt
shutdown
socket

user32

CallNextHookEx
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EnumThreadWindows
FindWindowA
GetClassInfoA
GetMessageA
LoadStringA
MessageBeep
MessageBoxA
PeekMessageA
PostMessageA
RegisterClassA
SendMessageA
SetTimer
SetWindowsHookExA
UnhookWindowsHookEx
WaitMessage
wsprintfA

ole32

CoTaskMemFree
StringFromCLSID

Exports

Exports

@isDbkLoggingOn$qv
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
POSTEDHOOKPROC
SENTHOOKPROC
___CPPdebugHook

Sections

.text
Size: 515KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc3a18326622c483e5453b42f7abc1f6

Headers

File Characteristics

Imports

advapi32

kernel32

version

wsock32

user32

ole32

Exports

Exports

Sections

.text Size: 515KB - Virtual size: 516KB

.data Size: 157KB - Virtual size: 180KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 30KB - Virtual size: 32KB

.text
Size: 515KB - Virtual size: 516KB

.data
Size: 157KB - Virtual size: 180KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 30KB - Virtual size: 32KB