e2972b28c38205283f59bab9ef44fe87808aaa7fa9732b2f8b22f134660938e5

Sharing

Copy URL Twitter E-mail

General

Target

e2972b28c38205283f59bab9ef44fe87808aaa7fa9732b2f8b22f134660938e5
Size

172KB
MD5

89ae196d104fe2d592a42eb77e30db08
SHA1

51f5d7f478742c7eef667ecce8de4849b410b73e
SHA256

e2972b28c38205283f59bab9ef44fe87808aaa7fa9732b2f8b22f134660938e5
SHA512

2b2ee6dedf23a92f44cea02725005ee3301cebf0dcfa43427d1599bbee6301438aa212780dea74013e322d077ce209c08ac2c14589a1fa098d100794460d0bbe
SSDEEP

3072:BsdGDSF7vbtkzwG0VOOAiToMdQGdZLniCwmMi/+naTCD5LWkFmRXkP56Sf:BMU07h+wdVOOAiUAdZDi9mynakIkcRUQ

Score

N/A

Malware Config

Signatures

Files

e2972b28c38205283f59bab9ef44fe87808aaa7fa9732b2f8b22f134660938e5
.dll regsvr32 windows x86

6ce5172f3dbfbd6c7db14a3b702ea656

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
lstrcmpiW
GetEnvironmentVariableW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
LoadResource
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
SetEnvironmentVariableW
lstrlenA
GetSystemTimeAsFileTime
GetCurrentProcessId
lstrlenW
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

UnregisterClassA
CharNextW

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

shell32

ord92

ole32

StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CLSIDFromProgID

oleaut32

GetErrorInfo
LoadRegTypeLi
VariantChangeType
VariantClear
VariantInit
VariantCopy
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

shlwapi

PathRemoveFileSpecW

msvcr80

__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??3@YAXPAX@Z
memcpy_s
memmove_s
malloc
free
_CxxThrowException
wcscpy_s
wcsncpy_s
wcscat_s
__CxxFrameHandler3
??_V@YAXPAX@Z
_recalloc
??_U@YAPAXI@Z
memset
_resetstkoflw
_purecall
_waccess
??2@YAPAXI@Z
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ce5172f3dbfbd6c7db14a3b702ea656

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcr80

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 108KB - Virtual size: 104KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 108KB - Virtual size: 104KB

.reloc
Size: 4KB - Virtual size: 3KB