4c42f473c6fccf205d17159f23e922a832f0d66ba2611f6451b303fa112e76d3

Sharing

Copy URL Twitter E-mail

General

Target

4c42f473c6fccf205d17159f23e922a832f0d66ba2611f6451b303fa112e76d3
Size

368KB
MD5

189dae292ff1c4888fa12e375026214c
SHA1

b81558760c37cb0a2bada7c5526c5bc372f970dd
SHA256

4c42f473c6fccf205d17159f23e922a832f0d66ba2611f6451b303fa112e76d3
SHA512

9992009949624308bf3d00e0ca75aa943c99018b8921733cd27ebbf0c98ed55bd780ebbc5b1d695b71b4d4181499ce99b1557dce353b645e0a31c66d864c2e75
SSDEEP

6144:vn8XxWToTV1L1L+yCP9pEsvaTB9X2h0FTBqW0EnOAC:vOV15L+1p+Bx2uFTsW

Score

N/A

Malware Config

Signatures

Files

4c42f473c6fccf205d17159f23e922a832f0d66ba2611f6451b303fa112e76d3
.dll regsvr32 windows x86

47d73bd60679253e62fd3c0dfcfaf44c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
GetLastError
lstrcmpiW
WaitForSingleObject
SetEvent
InterlockedIncrement
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
CreateEventW
GetModuleHandleW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
TerminateThread
CopyFileW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
ResetEvent
SetThreadLocale
GetThreadLocale
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileAttributesW
InitializeCriticalSection
GetFileSize
CreateFileW
GetTempFileNameW
GetTempPathW
LoadLibraryW
GetProcAddress
OutputDebugStringW
WideCharToMultiByte
InterlockedDecrement
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
FormatMessageW
lstrlenW
HeapAlloc
GetProcessHeap
HeapFree
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
CloseHandle
lstrlenA
Sleep
GetTickCount
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
RaiseException
ReadFile

user32

SetWindowLongW
GetClassInfoExW
UnregisterClassA
LoadCursorW
PostMessageW
SendMessageW
IsWindow
DefWindowProcW
RegisterClassExW
GetWindowLongW
CallWindowProcW
CreateWindowExW
CharNextW
DestroyWindow
RegisterWindowMessageW
SetWindowTextW
SetTimer
KillTimer
GetClientRect
GetSysColor
MoveWindow
SetWindowPos
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameW
TrackMouseEvent
GetDoubleClickTime
ShowWindow
GetWindowTextLengthW
GetWindowTextW
FindWindowExW
CreateAcceleratorTableW
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
FillRect
ReleaseCapture

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject

advapi32

RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW

ole32

CoLoadLibrary
CoFreeLibrary
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

GetErrorInfo
VariantCopy
OleCreateFontIndirect
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
VarBstrCmp
SysStringLen
SysFreeString

encrypt

?oi_symmetry_decrypt2@@YAHPBEH0PAEPAH@Z
?oi_symmetry_encrypt2@@YAXPBEH0PAEPAH@Z

msvcp80

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z

log

?CreateObjectFromFile2@@YAJAAPAUHINSTANCE__@@PB_WPAUIUnknown@@ABU_GUID@@3PAPAX@Z
?GetUserAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?CreateAllDirectory@@YAHPB_W@Z
?GetExeFolder@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?TraceComError@@YAXAAV_com_error@@@Z
?GetExeFolder2@@YA?AVCComBSTR@ATL@@XZ
?NavigateURL@@YAHPB_WH@Z
?CheckUnadvise@@YAXPB_W@Z
?CheckAdvise@@YAXPB_W@Z
?FormUrlEncode@@YAXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?GetUserGuid@@YAXPADAAH@Z
?GetModulePath2@@YA?AVCComBSTR@ATL@@PAUHINSTANCE__@@@Z
?ConvertTime@@YAI_J@Z
?GetUserAppDataPath2@@YA?AVCComBSTR@ATL@@XZ
?StrToAddr@@YAHAAUsockaddr_in@@PB_WF@Z
?GetRandomNum@@YAKKK@Z
?DOLOG@@YAXPB_WZZ

msvcr80

_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
fputc
ferror
fopen
_localtime32_s
_mktime32
_vsnwprintf_s
_resetstkoflw
calloc
fseek
ftell
fread
fprintf
_wfopen_s
wcsrchr
wcsstr
_initterm
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
vswprintf_s
_vscwprintf
memmove_s
_invalid_parameter_noinfo
memcpy_s
_time32
_recalloc
??_V@YAXPAX@Z
_beginthreadex
memset
__CxxFrameHandler3
??2@YAPAXI@Z
swprintf_s
_CxxThrowException
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
wcstoul
__clean_type_info_names_internal
_wtoi64
malloc
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
strncpy
_errno
fopen_s
fwrite
fclose
srand
rand
wcschr
memcpy
realloc
wcscat_s
wcscpy_s
_purecall
wcsncpy_s
free

wininet

InternetOpenUrlW
InternetCloseHandle
InternetOpenW

urlmon

URLDownloadToCacheFileW

ws2_32

socket
WSAGetLastError
connect
ntohs
setsockopt
select
recv
htons
htonl
closesocket
inet_ntoa
send
ntohl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47d73bd60679253e62fd3c0dfcfaf44c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

encrypt

msvcp80

log

msvcr80

wininet

urlmon

ws2_32

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 221KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 224KB - Virtual size: 221KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 24KB - Virtual size: 22KB