b898bedb8259b2c934d91cb1e159d3868386dc785ace7d24eb33ccd808e53851

Sharing

Copy URL Twitter E-mail

General

Target

b898bedb8259b2c934d91cb1e159d3868386dc785ace7d24eb33ccd808e53851
Size

656KB
MD5

7ccea7186af0df79bdfb8d402e3e99b3
SHA1

ac9b2004a6e428874b8cb209fa6044fddc556c61
SHA256

b898bedb8259b2c934d91cb1e159d3868386dc785ace7d24eb33ccd808e53851
SHA512

8be22e3f7e9fd165ec5237542cd564f87e54e6af22f45c7dff793894d4e416056d7a7e296674ec604011eec99a4368e1b48578b43c7350b2eb5ccd02f06ab99b
SSDEEP

12288:INK7UcZWa6XPgyWcexblU23n7Inp/6kgC2w:y+6XPneZlU2rIdbgC

Score

N/A

Malware Config

Signatures

Files

b898bedb8259b2c934d91cb1e159d3868386dc785ace7d24eb33ccd808e53851
.dll regsvr32 windows x86

8013b024c6870dbd6f19243a282d7ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
_initterm
strchr
atoi
_ftol
_vsnprintf
wcscmp
wcslen
__RTDynamicCast
memmove
_purecall
realloc
__CxxFrameHandler
malloc
??2@YAPAXI@Z
free
??3@YAXPAX@Z
_except_handler3
swprintf

atl

ord30
ord32
ord15
ord23
ord22
ord18
ord16
ord21

ntdll

NtQuerySystemInformation

iphlpapi

GetIpAddrTable
GetIfEntry

msasn1

ASN1PEREncFragmented
ASN1PERDecInteger
ASN1PEREncInteger
ASN1PERDecN16Val
ASN1PERDecS16Val
ASN1char16string_free
ASN1PERDecChar16String
ASN1PEREncChar16String
ASN1PERDecSeqOf_VarSize
ASN1PEREncSeqOf_VarSize
ASN1PERFreeSeqOf
ASN1PERDecSeqOf_NoSize
ASN1PEREncSeqOf_NoSize
ASN1ztcharstring_free
ASN1PERDecFragmentedZeroCharString
ASN1PEREncFragmentedCharString
ASN1PERDecFragmentedLength
ASN1PERDecSkipBits
ASN1PERDecNormallySmallExtension
ASN1PERDecFragmented
ASN1_CreateDecoderEx
ASN1PEREncCheckExtensions
ASN1PEREncNormallySmallBits
ASN1PEREncFlushFragmentedToParent
ASN1_CloseEncoder2
ASN1bitstring_free
ASN1PERDecBits
ASN1octetstring_free
ASN1PERDecOctetString_NoSize
ASN1PEREncOctetString_NoSize
ASN1objectidentifier_free
ASN1PERDecObjectIdentifier
ASN1PEREncSimpleChoiceEx
ASN1PEREncObjectIdentifier
ASN1PERDecZeroTableCharStringNoAlloc
ASN1PEREncTableCharString
ASN1PERDecComplexChoice
ASN1PEREncComplexChoice
ASN1PERDecOctetString_VarSize
ASN1PEREncOctetString_VarSize
ASN1PERDecSkipFragmented
ASN1PERDecZeroCharStringNoAlloc
ASN1PEREncCharString
ASN1PERDecBoolean
ASN1PEREncBoolean
ASN1PERDecExtension
ASN1PEREncBits
ASN1PERDecOctetString_FixedSize
ASN1PEREncOctetString_FixedSize
ASN1uint32_uoctets
ASN1PERDecAlignment
ASN1PEREncAlignment
ASN1PERDecU32Val
ASN1PERDecSimpleChoice
ASN1DecSetError
ASN1PEREncSimpleChoice
ASN1EncSetError
ASN1PERDecUnsignedShort
ASN1PEREncUnsignedShort
ASN1PERDecU16Val
ASN1PERDecSkipNormallySmallExtensionFragmented
ASN1PEREncExtensionBitClear
ASN1PEREncBitVal
ASN1_CreateEncoder
ASN1_CloseModule
ASN1_CreateModule
ASN1PERDecBit
ASN1_FreeDecoded
ASN1_Decode
ASN1_Encode
ASN1_CloseDecoder
ASN1_CreateDecoder
ASN1_CloseEncoder
ASN1PERDecSimpleChoiceEx

kernel32

UnregisterWaitEx
QueueUserWorkItem
CreateThread
WaitForMultipleObjects
WaitForSingleObject
IsBadStringPtrW
HeapFree
SetLastError
GetProcessHeap
HeapAlloc
GetLocalTime
lstrcatA
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
SleepEx
QueryPerformanceFrequency
QueryPerformanceCounter
GetACP
lstrcpynW
lstrcmpW
CreateTimerQueue
DeleteTimerQueueEx
ResetEvent
CreateEventW
RegisterWaitForSingleObject
UnregisterWait
CreateTimerQueueTimer
GetTickCount
DeleteTimerQueueTimer
TryEnterCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
IsBadReadPtr
SetEvent
IsBadWritePtr
GetModuleHandleW
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
CloseHandle
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetLastError
EnterCriticalSection
LeaveCriticalSection
lstrlenW
lstrlenA
WideCharToMultiByte
MultiByteToWideChar

ole32

CoUninitialize
StringFromGUID2
IIDFromString
StringFromIID
CoCreateFreeThreadedMarshaler
CoInitializeEx
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CreateBindCtx
CoCreateInstance

oleaut32

VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString
LoadRegTypeLi
SysStringLen
SetErrorInfo

ws2_32

WSASend
setsockopt
accept
WSAEnumNetworkEvents
htons
inet_addr
WSASocketW
WSAConnect
WSAStartup
WSAEventSelect
WSARecv
shutdown
WSACleanup
closesocket
getsockname
WSAGetLastError
ntohs
inet_ntoa
bind
WSAGetOverlappedResult
listen

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW

user32

DefWindowProcW
GetWindowLongW
SetWindowLongW
DestroyWindow
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterDeviceNotification
MsgWaitForMultipleObjectsEx
RegisterDeviceNotificationW
CreateWindowExW
RegisterClassW
LoadStringW
UnregisterClassW
wsprintfA

winmm

timeGetTime

rtutils

TraceRegisterExW
TraceVprintfExA
TraceDeregisterW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8013b024c6870dbd6f19243a282d7ca0

Headers

File Characteristics

Imports

msvcrt

atl

ntdll

iphlpapi

msasn1

kernel32

ole32

oleaut32

ws2_32

advapi32

user32

winmm

rtutils

Exports

Exports

Sections

.text Size: 508KB - Virtual size: 508KB

.data Size: 72KB - Virtual size: 74KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 46KB - Virtual size: 45KB

.text
Size: 508KB - Virtual size: 508KB

.data
Size: 72KB - Virtual size: 74KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 46KB - Virtual size: 45KB