1e956ec5f6c21e693af3ce31ef69df01c2804ae204cb79be82ee86f1b68a202b

Sharing

Copy URL Twitter E-mail

General

Target

1e956ec5f6c21e693af3ce31ef69df01c2804ae204cb79be82ee86f1b68a202b
Size

306KB
MD5

df4e8aef5848273213c39439e5f8485f
SHA1

61cfec2cc1b302099e945ee9cc740296c23deae1
SHA256

1e956ec5f6c21e693af3ce31ef69df01c2804ae204cb79be82ee86f1b68a202b
SHA512

c47856266a8b834fc0482e17447361eb9246ab028cf582ef603118d4af31c1ab8443cc0a98a61b07e1eddb134e9ddfdabc6df34489235912273c420b9a1bc279
SSDEEP

3072:gm1zdFaIEnJdsHhjfbPzU/XO0m3NWbVQqxob6uTDBzVU:gQzv7EnJ8NzzQONWZQqxob62BzVU

Score

N/A

Malware Config

Signatures

Files

1e956ec5f6c21e693af3ce31ef69df01c2804ae204cb79be82ee86f1b68a202b
.dll regsvr32 windows x86

c35253398f83bb4995c4e238df4f9327

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
__pioinfo
memmove
memcpy
_onexit
_lock
__dllonexit
_fileno
_lseeki64
_write
_isatty
mbtowc
_unlock
realloc
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
??_V@YAXPAX@Z
malloc
free
_CxxThrowException
??2@YAPAXI@Z
??_U@YAPAXI@Z
memset
_wcsicmp
_vscwprintf
_errno
__CxxFrameHandler
??3@YAXPAX@Z

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityInfo

kernel32

lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetModuleFileNameW
DisableThreadLibraryCalls
FreeLibrary
SizeofResource
LoadResource
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
FindResourceW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
LoadLibraryExW
GetModuleHandleW
CloseHandle
WaitForSingleObject
SetEvent
LocalFree
OpenEventW
WaitForMultipleObjects
CreateThread
CreateEventW
GetVersionExA
TerminateProcess
MultiByteToWideChar
HeapDestroy

user32

UnregisterClassA
CharNextW

oleaut32

SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysFreeString

ole32

CLSIDFromString
PropVariantClear
StringFromGUID2
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
IUnknown_Release_Proxy

setupapi

SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Microsoft_WDF_UMDF_Version

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 207KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c35253398f83bb4995c4e238df4f9327

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

oleaut32

ole32

rpcrt4

setupapi

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.orpc Size: 512B - Virtual size: 51B

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 3KB - Virtual size: 3KB

.text Size: 207KB - Virtual size: 208KB

.text
Size: 46KB - Virtual size: 45KB

.orpc
Size: 512B - Virtual size: 51B

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 207KB - Virtual size: 208KB