a31167566418b2441efeff9856c7b5b5bc311e1b4d33b1603c370df012ef2dd6

Sharing

Copy URL Twitter E-mail

General

Target

a31167566418b2441efeff9856c7b5b5bc311e1b4d33b1603c370df012ef2dd6
Size

516KB
MD5

0074a6ac84096e48f7b1ad4536acd222
SHA1

24d95becc52c7dc809dfc809ba568ee83edc5099
SHA256

a31167566418b2441efeff9856c7b5b5bc311e1b4d33b1603c370df012ef2dd6
SHA512

c4d30d0aff8ac836dd3990d693a7d980b8558e0f030e6a8422e1890f35939fc901ac4b24c0c7c70636c9ce119546503cddbd34bd558258cabbfe1d385f3e9bbf
SSDEEP

12288:h0eDUFxAQBtdznrVqJh2LLVX2NjqV3uY2z0:PUT1BXz8h2LhX2N24Y2z

Score

N/A

Malware Config

Signatures

Files

a31167566418b2441efeff9856c7b5b5bc311e1b4d33b1603c370df012ef2dd6
.dll regsvr32 windows x86

cd0f1074263bba9cbb1e9b5ff58d3b97

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

shfolder

SHGetFolderPathW

kernel32

SetThreadLocale
GetThreadLocale
GetSystemDirectoryW
GetWindowsDirectoryW
GetTickCount
lstrcpyA
CreateFileA
FormatMessageA
LoadLibraryA
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
SetEvent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoA
GetACP
CreateEventA
CreateThread
GetModuleHandleA
GetVersion
WaitForSingleObject
CloseHandle
Sleep
lstrcmpiA
FindResourceExA
GetLastError
InterlockedExchange
GetComputerNameA
GlobalDeleteAtom
GlobalAddAtomA
LocalAlloc
GetPrivateProfileStringA
GetPrivateProfileIntA
LocalFree
WritePrivateProfileStringA
SetLastError
GetModuleFileNameA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalGetAtomNameA
GetCurrentThreadId
MultiByteToWideChar
GetCurrentProcess
FlushInstructionCache
FindResourceA
LoadResource
GetSystemTimeAsFileTime
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExA
FreeLibrary
IsDBCSLeadByte
IsProcessorFeaturePresent
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId

user32

SetWindowLongA
IsWindow
GetClassInfoExA
LoadCursorA
DestroyWindow
DefWindowProcA
RegisterClassExA
CreateWindowExA
GetWindowLongA
CallWindowProcA
RegisterWindowMessageA
PostMessageA
UnregisterClassA
CharNextA
GetMessageA
PostThreadMessageA
LoadStringA
MessageBoxA
wsprintfA
TranslateMessage
DispatchMessageA

advapi32

GetSecurityDescriptorDacl
AddAce
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetAclInformation
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
QueryServiceStatus
ControlService
GetLengthSid
IsValidSid
CopySid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegEnumKeyExA
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
CreateServiceA
DeleteService
RegisterServiceCtrlHandlerA
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
InitializeAcl

ole32

CoCreateInstance
CLSIDFromString
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoInitialize
CoUninitialize
CoInitializeSecurity
ProgIDFromCLSID

oleaut32

CreateErrorInfo
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
VariantInit
VariantCopy
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
SetErrorInfo
SysAllocStringByteLen
SysAllocString
VariantClear
VarBstrCmp
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
?terminate@@YAXXZ
_except_handler4_common
isxdigit
iswctype
_mbschr
atoi
_wtoi
wcschr
wcslen
_wcsicmp
_vscprintf
_vsnprintf_s
puts
wcscmp
strcat_s
wcsncpy_s
strcpy_s
memmove_s
_mbsicmp
strlen
_ltoa_s
_mbsnbcpy_s
_invalid_parameter_noinfo
memcmp
_resetstkoflw
malloc
_itoa_s
atol
calloc
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
sprintf_s
memcpy_s
_CxxThrowException
free
??3@YAXPAX@Z
??_V@YAXPAX@Z
_purecall
vsprintf_s
memset
_recalloc

Exports

Exports

?COMWndProc@@YGJPAUHWND__@@IIJ@Z
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd0f1074263bba9cbb1e9b5ff58d3b97

Headers

File Characteristics

Imports

shlwapi

shfolder

kernel32

user32

advapi32

ole32

oleaut32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 108KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 24KB - Virtual size: 22KB

.reloc Size: 16KB - Virtual size: 14KB

.rmnet Size: 304KB - Virtual size: 304KB

.text
Size: 112KB - Virtual size: 108KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 24KB - Virtual size: 22KB

.reloc
Size: 16KB - Virtual size: 14KB

.rmnet
Size: 304KB - Virtual size: 304KB