4bb9f70b80015066bd6e46b5ed70685a0a69a10da1290a42e9bbaa0eabedaa48

Sharing

Copy URL Twitter E-mail

General

Target

4bb9f70b80015066bd6e46b5ed70685a0a69a10da1290a42e9bbaa0eabedaa48
Size

106KB
MD5

fd77f320f470c5912a4bd226e9eb8ee0
SHA1

2e253f45effd0091d6e223b232f3979055504d97
SHA256

4bb9f70b80015066bd6e46b5ed70685a0a69a10da1290a42e9bbaa0eabedaa48
SHA512

575f0602c1d9e2c94d81638fb3534edaa101d6d2940a7f8c39f886f76f4a92a312b6deae3d28fa1ea0cff77ee7942051917643f6751fefa5f02a55bfa868edda
SSDEEP

3072:rQY79xDLMR/on2gegZXwqS8MlskYsxR449:rVq9gegZXwqSz2k7449

Score

N/A

Malware Config

Signatures

Files

4bb9f70b80015066bd6e46b5ed70685a0a69a10da1290a42e9bbaa0eabedaa48
.dll regsvr32 windows x86

08b50c0655c863e71db868fff738eb89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
IsBadWritePtr
TlsAlloc
TlsFree
CreateMutexA
GetModuleFileNameW
lstrcpynA
GetVersionExA
LoadLibraryA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
TlsGetValue
GetFileSize
CreateFileA
OpenMutexA
FreeLibrary
Sleep
DeleteFileA
GetSystemTime
IsDebuggerPresent
LoadLibraryW
GetProcessHeap
HeapAlloc
HeapFree
Process32First
TlsSetValue
GetModuleFileNameA
GetLastError
SetLastError
WideCharToMultiByte
MultiByteToWideChar
OpenProcess
lstrlenW
VirtualAllocEx
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
DeleteCriticalSection
InitializeCriticalSection
VirtualQuery
SystemTimeToFileTime
lstrcmpiA
VirtualProtect
GetCurrentProcess
GetVersion
WriteProcessMemory
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
GetModuleHandleA
GetSystemInfo
GetProcAddress
ReadFile
GetTickCount
DeviceIoControl
WritePrivateProfileSectionA
GetLongPathNameA
MoveFileExA
WriteFile
GetWindowsDirectoryA
GetSystemDirectoryA
GetPrivateProfileStructA
GetTempPathA
GetPrivateProfileIntA
WritePrivateProfileStructA
WritePrivateProfileStringA
InterlockedExchange
InterlockedDecrement
Process32Next
CopyFileA
CreateProcessA
GetShortPathNameA
InterlockedIncrement
GetACP

user32

GetWindowThreadProcessId
IsWindow
FindWindowExA
DispatchMessageA
GetMessageA
TranslateMessage
DefWindowProcA
GetClassNameA
FindWindowA
RegisterWindowMessageA
EnumWindows
KillTimer
SendMessageA
CallNextHookEx
UnhookWindowsHookEx
DestroyWindow
PostQuitMessage
SetTimer
GetClassInfoExA
RegisterClassExA
CreateWindowExA
SetWindowLongA
GetWindowLongA

gdi32

GetStockObject

advapi32

RegOpenKeyA
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegCreateKeyA
RegCloseKey
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
CreateServiceA
OpenSCManagerA
DeleteService
OpenServiceA
ControlService
QueryServiceStatus
StartServiceA
FreeSid

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathRemoveBlanksA
PathRemoveBackslashA
PathRemoveFileSpecA
PathAppendA
PathFileExistsA
SHGetValueA
SHDeleteKeyA
SHDeleteValueA
SHSetValueA
StrStrIA

imagehlp

ImageDirectoryEntryToData

msvcrt

_CxxThrowException
_mbsicmp
wcscpy
sprintf
rand
srand
time
_mbsnbcpy
_mbsnbicmp
_mbschr
_mbscmp
sscanf
_snprintf
fclose
fwrite
fopen
tmpnam
fread
malloc
fseek
ftell
fputs
strstr
fgets
rewind
wcsstr
wcslen
strrchr
strchr
_wcsicmp
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
realloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_stricmp
_itoa
_ltoa
_strlwr
_wcsset
_strnset
_strnicmp
memmove

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Rundll32
Rundll32_

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared_T
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared_H
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08b50c0655c863e71db868fff738eb89

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

imagehlp

msvcrt

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 2KB - Virtual size: 6KB

Shared_T Size: 512B - Virtual size: 16B

Shared_H Size: 512B - Virtual size: 24B

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 2KB - Virtual size: 6KB

Shared_T
Size: 512B - Virtual size: 16B

Shared_H
Size: 512B - Virtual size: 24B

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 6KB - Virtual size: 6KB