27e393fb45a259ef3d0ba60ee033e1037a1e22d26c9846776460bddb245ecd43

Sharing

Copy URL Twitter E-mail

General

Target

27e393fb45a259ef3d0ba60ee033e1037a1e22d26c9846776460bddb245ecd43
Size

276KB
MD5

f1d7546fbfa37271ce1d25af429c4bb6
SHA1

b37366978023f93aeaf30609a2525d6ac12e1bf7
SHA256

27e393fb45a259ef3d0ba60ee033e1037a1e22d26c9846776460bddb245ecd43
SHA512

a8bfd15ba2728b33215de8a30f0d3ffa9caaba77c3afff6d6cd07c23ab66ddc94273b29e4f6956387c0ef3c4c020a53d082b431921f6383db6327411d55e9b13
SSDEEP

3072:RAVcs2Fv92Q75ydC0jYOHztp7wwNtt9mOEe1h4DuUaqe1J7usmQ3B9uv1PG6dOAI:RAVcJ1pOtzEeADlCz7bmQD6dOAVZo

Score

N/A

Malware Config

Signatures

Files

27e393fb45a259ef3d0ba60ee033e1037a1e22d26c9846776460bddb245ecd43
.dll regsvr32 windows x86

1c9564457c897c4f5d401b35ad051f4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
MultiByteToWideChar
WriteFile
ReadFile
GetFileSize
CreateFileW
RaiseException
lstrlenA
GetModuleHandleW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
LoadLibraryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
GetLocaleInfoA
OutputDebugStringW
GetFileAttributesW
GetProcAddress
WideCharToMultiByte
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
GetVersionExA
FormatMessageW
GetProcessHeap
HeapAlloc
GetLastError
InitializeCriticalSection
GetThreadLocale
SetThreadLocale
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
FreeLibrary
lstrlenW
ResetEvent
SetFileAttributesW
DeleteFileW
CopyFileW
TerminateThread
CreateEventW
SetEvent
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WaitForSingleObject
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
IsDebuggerPresent

user32

RegisterClassW
CreateWindowExW
GetWindowLongW
DefWindowProcW
SetWindowLongW
DestroyWindow
UnregisterClassW
IsWindow
PostMessageW
UnregisterClassA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoLoadLibrary
CoCreateInstance

oleaut32

SafeArrayGetLBound
SysFreeString
SysStringLen
SysAllocStringLen
SafeArrayCreate
SafeArrayCopy
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
DispCallFunc
LoadRegTypeLi
LoadTypeLi
VarBstrCat
VariantCopy
SafeArrayGetVartype
SafeArrayGetUBound
VarBstrCmp
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy

log

?CreateAllDirectory@@YAHPB_W@Z
?CheckAdvise@@YAXPB_W@Z
?HexStringToBits@@YA_NPBDPAEAAH@Z
?BitsToHexString2@@YA?AVCComBSTR@ATL@@PBEH@Z
?GetUserAppDataPath2@@YA?AVCComBSTR@ATL@@XZ
?CheckFileExist@@YAHPB_W@Z
?DOLOG@@YAXPB_WZZ
?GetUserAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetExeFolder@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?CheckUnadvise@@YAXPB_W@Z

httpdownload

?SetRequestMethod@CHttpDowndExports@@QAEXH@Z
?AddInfo@CHttpDowndExports@@QAEHPB_W0@Z
?AddInfo@CHttpDowndExports@@QAEHPB_WK@Z
?AddContent@CHttpDowndExports@@QAEHPBEH@Z
?SetUIInterface@CHttpDowndExports@@QAEXPAVCHttpDownloadUIInterface@@@Z
?Download@CHttpDowndExports@@QAEIPB_W0@Z
?CancelDownload@CHttpDowndExports@@QAEXXZ
?OnRedirected@CHttpDownloadUIInterface@@UAEXPB_W@Z
?OnProgress@CHttpDownloadUIInterface@@UAEXKK@Z
?OnDownloadStart@CHttpDownloadUIInterface@@UAEXKK@Z
?OnConnected@CHttpDownloadUIInterface@@UAEXXZ
?OnConnecting@CHttpDownloadUIInterface@@UAEXPB_W@Z
??0CHttpDowndExports@@QAE@XZ
??1CHttpDowndExports@@QAE@XZ
??_7CHttpDownloadUIInterface@@6B@
??1CHttpDownloadUIInterface@@UAE@XZ

atl80

ord11
ord10
ord64
ord18
ord15
ord31
ord61
ord23
ord30
ord32
ord58
ord22

shlwapi

StrCmpW

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

wininet

InternetSetCookieW

urlmon

URLDownloadToCacheFileW

msvcr80

memcpy
_wfopen_s
fseek
_wtol
fread
wcsnlen
_localtime64_s
wcsftime
rand
_vsnprintf
srand
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
ftell
free
_time64
_wcsupr_s
wcsstr
wcstoul
??3@YAXPAX@Z
memcpy_s
_CxxThrowException
__CxxFrameHandler3
_invalid_parameter_noinfo
memmove_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_beginthreadex
fopen_s
??_V@YAXPAX@Z
_purecall
_recalloc
calloc
memset
malloc
_resetstkoflw
wcschr
_vscwprintf
vswprintf_s
swprintf_s
fclose
fwrite

ws2_32

ntohs
htonl
ntohl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c9564457c897c4f5d401b35ad051f4c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

log

httpdownload

atl80

shlwapi

msvcp80

wininet

urlmon

msvcr80

ws2_32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 20KB - Virtual size: 19KB