a3650a61c71c582fdfeb434fd7ae7b78eefcc68a715060a1b27e85de32c27fe4

Sharing

Copy URL

Twitter E-mail

General

Target

a3650a61c71c582fdfeb434fd7ae7b78eefcc68a715060a1b27e85de32c27fe4
Size

332KB
MD5

a932945fe37d59cc1c1eadbbc081a1f6
SHA1

ae4ac3ac94c8f65d02fe1ad886e13d996c36c79e
SHA256

a3650a61c71c582fdfeb434fd7ae7b78eefcc68a715060a1b27e85de32c27fe4
SHA512

c867e6dc24811607ec94d095e04084068eab0a151d144f13d8ce1165a3654520fd655f8f32c0b1225bbb148731b0f556e739ca1ac7034d78a9952a3507eb4587
SSDEEP

3072:Keu+BWYzeydczWGtwAw7JazSjcU342U6LiBQLHp4sCsluf8p9AmHBHFladZ6fCVb:5rWYldVtcUFGfHmsdZACVzPZbV5+

Score

N/A

Malware Config

Signatures

Files

a3650a61c71c582fdfeb434fd7ae7b78eefcc68a715060a1b27e85de32c27fe4
.dll regsvr32 windows x86

b34d49ed2a025cd2fd034422c4f4839e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
CloseHandle
lstrcmpiW
CreateFileW
WriteFile
GetModuleFileNameA
VirtualQuery
FlushFileBuffers
FreeLibrary
LoadLibraryExW
GetModuleHandleW
MapViewOfFile
GetSystemDirectoryW
GetFileAttributesW
GetCurrentProcessId
DeleteFileA
GetTempPathA
GetTempFileNameW
lstrcpyA
lstrlenA
OpenMutexW
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
CreateFileA
InterlockedExchangeAdd
DuplicateHandle
GetCurrentProcess
OpenProcess
lstrcmpW
GlobalUnlock
GetProcAddress
Sleep
CreateMutexW
SetFilePointer
ReadFile
FindClose
FindNextFileW
FindFirstFileW
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LoadLibraryA
SetConsoleCtrlHandler
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetLastError
WideCharToMultiByte
GetModuleFileNameW
InterlockedDecrement
lstrlenW
InterlockedIncrement
GetVersionExW
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GlobalLock
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetFileType
GetCommandLineA
GetCurrentThreadId
GetSystemInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
GetStdHandle
HeapCreate
VirtualFree
FatalAppExitA
ExitProcess
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue

user32

SetWindowLongW
GetParent
GetClassNameW
SetTimer
GetWindowLongW
EnumWindows
CharNextW
FindWindowExW
GetWindowThreadProcessId
KillTimer
GetWindow
GetTopWindow
CallWindowProcW
RegisterWindowMessageW
SendMessageW
UnhookWindowsHookEx
PtInRect
UnregisterClassA
GetKeyboardLayout
OpenClipboard
GetClipboardData
CloseClipboard

gdi32

CreateDIBSection
DeleteObject
GetDIBColorTable
StretchBlt
SelectObject
DeleteDC
CreateCompatibleDC
GetObjectW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocString
DispCallFunc
VariantChangeType
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SafeArrayDestroy
SysStringByteLen
SysAllocStringByteLen
SysReAllocStringLen
SafeArrayLock
VariantCopy
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VarBstrCmp
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen
SafeArrayGetVartype
SafeArrayUnlock

shlwapi

PathFindExtensionW

gdiplus

GdipSaveImageToFile
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b34d49ed2a025cd2fd034422c4f4839e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

msimg32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 245KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 248KB - Virtual size: 245KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 16KB - Virtual size: 12KB