ef70d5cfec04f7d3567c6a1ad2783efca9031aa98e4552d783143f198fbf0101

Sharing

Copy URL

Twitter E-mail

General

Target

ef70d5cfec04f7d3567c6a1ad2783efca9031aa98e4552d783143f198fbf0101
Size

378KB
MD5

c4c293e8f413bb2d6cce594d81e7e8d3
SHA1

7f6dbd6e86b9ee45e96940c03d265f840a8536f6
SHA256

ef70d5cfec04f7d3567c6a1ad2783efca9031aa98e4552d783143f198fbf0101
SHA512

befcee93310f22dabfe2db99988f675ab4a6d810cb8b0e71232698f0e509bd0436046463076dfe2c0b265dbd8fb42f8118f1455ade8c163ace1c19a5022aa791
SSDEEP

6144:M+ogKntpoeao8cJB9i0mkvrZkQEYuCn2/LJ60NCL3GmA6uGZpUiZe:MFgKtpoplR0mkjZ1ymPFpde

Score

N/A

Malware Config

Signatures

Files

ef70d5cfec04f7d3567c6a1ad2783efca9031aa98e4552d783143f198fbf0101
.dll regsvr32 windows x86

2e9bfb853df6286d701179093a09294f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bvrpctln

?GetZipItemW@@YGKPAUHZIP__@@_KPAUZIPENTRYW@@@Z
?UnzipItemMemory@@YGKPAUHZIP__@@_KPAXI@Z
?SetUnzipBaseDirW@@YGKPAUHZIP__@@PB_W@Z
?UnzipItemW@@YGKPAUHZIP__@@_KPB_W@Z
?OpenZipW@@YGPAUHZIP__@@PB_WPBD@Z
?FindZipItemW@@YGKPAUHZIP__@@PB_W_NPA_KPAUZIPENTRYW@@@Z
?CloseZip@@YGKPAUHZIP__@@@Z

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
CreateDirectoryW
lstrcpynW
lstrcpyW
lstrcatW
GetTempPathW
LockResource
FindResourceExW
FindClose
GetLastError
FindFirstFileW
GetCurrentProcess
lstrlenA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
GetVersionExW
GetCurrentProcessId
GetFileAttributesExW
DeleteFileW
ReadFile
GetFileSize
CreateFileW
GetLocaleInfoW
SetDllDirectoryW
GetDllDirectoryW
CopyFileW
MoveFileW
WideCharToMultiByte
SetStdHandle
SetFilePointer
GetStringTypeW
RaiseException
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleW
RtlUnwind
VirtualProtect
GetSystemInfo
VirtualAlloc
FindNextFileW
LCMapStringW
LoadLibraryW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
DecodePointer
EncodePointer
LocalFree
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
VirtualQuery
GetCurrentThreadId
GetCommandLineA
Sleep
ExitProcess
WriteFile
GetStdHandle
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetACP
GetCPInfo
IsProcessorFeaturePresent
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc

user32

CharUpperBuffW
CharNextW
wsprintfW
MessageBoxW
GetActiveWindow
CharLowerBuffW

advapi32

RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHFileOperationW
SHGetFolderPathW
ord680

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoGetObject
StringFromIID
CoCreateFreeThreadedMarshaler
CLSIDFromProgID
StringFromGUID2

oleaut32

LoadRegTypeLi
VariantCopy
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
SystemTimeToVariantTime
SysStringByteLen
SysAllocStringByteLen
VariantClear
VarBstrCmp
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
VarBstrCat

tmonitorapi

?tmPrintf@@YAXHKPBD0ZZ
?tmGetPrefixFormat@@YGHPAUHINSTANCE__@@QADPBD@Z

shlwapi

StrStrIW
PathAddExtensionW
StrNCatW
PathIsURLW
PathIsRelativeW
PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW
StrCmpNIW
StrChrW
PathFileExistsW
StrRChrW
PathRemoveArgsW
PathGetArgsW
PathFindExtensionW
SHCreateStreamOnFileW
StrStrW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e9bfb853df6286d701179093a09294f

Headers

DLL Characteristics

File Characteristics

Imports

bvrpctln

kernel32

user32

advapi32

shell32

ole32

oleaut32

tmonitorapi

shlwapi

Exports

Exports

Sections

.text Size: 161KB - Virtual size: 161KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 15KB - Virtual size: 22KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 18KB - Virtual size: 17KB

.text Size: 97KB - Virtual size: 100KB

.text
Size: 161KB - Virtual size: 161KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 15KB - Virtual size: 22KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 18KB - Virtual size: 17KB

.text
Size: 97KB - Virtual size: 100KB