a2724afd9ad011809b16f545c62fe76b0c06ba04c77d61538882fed39161b496

Sharing

Copy URL Twitter E-mail

General

Target

a2724afd9ad011809b16f545c62fe76b0c06ba04c77d61538882fed39161b496
Size

485KB
MD5

6fdce47c90fa717a17ca02bf23a8bb0c
SHA1

c95156cacc4d591b09882dc9786d2d8f2523c6c4
SHA256

a2724afd9ad011809b16f545c62fe76b0c06ba04c77d61538882fed39161b496
SHA512

ac27c8be73bacdd9153903d4bd1c500f027eaf479711d8621ee55b043f1b40f4d972d1b34f9885e8c820cf47dcbdb572f89033346ba42f74b55219e9638f287a
SSDEEP

12288:93vtmTsh6CPWlShGyR6ZwQbsRpZYCfouU3qttW:5tksh6yWlShG26bbsRpbfo8t

Score

N/A

Malware Config

Signatures

Files

a2724afd9ad011809b16f545c62fe76b0c06ba04c77d61538882fed39161b496
.dll regsvr32 windows x86

44a604ad30f52d2efdf5766cdcf3c237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscat
bsearch
_itow
wcscmp
wcscpy
wcsncpy
_adjust_fdiv
malloc
__dllonexit
free
_except_handler3
memmove
ceil
floor
_ftol
_wtoi
_HUGE
_onexit
_initterm
wcslen

kernel32

GetVersionExA
WaitForSingleObjectEx
GlobalFree
GlobalHandle
GlobalSize
GlobalReAlloc
IsBadReadPtr
SetFilePointer
WriteFile
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
IsBadWritePtr
InterlockedExchange
ReadFile
GetLocalTime
DisableThreadLibraryCalls
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
lstrlenA
GetLastError
HeapAlloc
GetProcessHeap
GetProcAddress
CreateThread
WaitForMultipleObjectsEx
SetEvent
FreeLibraryAndExitThread
VirtualFree
VirtualAlloc
HeapReAlloc
HeapFree
GetUserDefaultLCID
InterlockedDecrement
InterlockedIncrement
GetFileSize
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcatW
HeapDestroy
CloseHandle

user32

EqualRect
SetRect
wsprintfA
ReleaseCapture
SetRectEmpty
FillRect
SetTimer
KillTimer
TranslateMessage
GetSystemMetrics
DestroyWindow
wsprintfW
MapWindowPoints
GetDC
ReleaseDC
IntersectRect
CopyRect
MsgWaitForMultipleObjects

gdi32

CreateSolidBrush
StretchBlt
SetTextColor
SetBkColor
GetPaletteEntries
CreateCompatibleBitmap
SelectObject
SetPixel
GetPixel
SetStretchBltMode
CreateCompatibleDC
CreateDIBSection
BitBlt
DeleteObject
DeleteDC
GetDeviceCaps

advapi32

RegCloseKey

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
StringFromCLSID
CoCreateInstance
ProgIDFromCLSID
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
OleRun
StringFromGUID2

oleaut32

SysStringByteLen
VariantClear
VariantInit
GetErrorInfo
VariantChangeTypeEx
CreateErrorInfo
LoadTypeLi
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
RegisterTypeLi
SetErrorInfo
LoadRegTypeLi
VariantChangeType
VariantCopy
SafeArrayCreateVector

urlmon

CoInternetCombineUrl
URLDownloadToCacheFileW
CoGetClassObjectFromURL
CreateAsyncBindCtx
FindMimeFromData

wininet

InternetCombineUrlW
InternetGetConnectedStateExW
InternetCrackUrlW

ddraw

DirectDrawCreate

shlwapi

ord83
ord45
ord29
ord104
ord84
ord117
ord436
ord28
ord25
ord43
ord309
ord51
ord107
ord123
ord56
ord52
ord131
StrCmpIW
StrCpyW
StrCpyNW
PathAppendW
StrCmpNIW
StrCatW
PathFindExtensionW
PathFindFileNameW
StrStrIW
StrCSpnIW
PathFileExistsW
StrCmpW
wvnsprintfW
StrSpnW
StrStrW
StrNCatW
StrRChrW
StrCmpNW
StrCatBuffW
ord40
ord121
ord94
ord120
ord125
ord128
ord130
ord116
ord60
ord80
ord145
ord141
ord314
ord55

rpcrt4

NdrDllRegisterProxy
CStdStubBuffer_Disconnect
NdrDllUnregisterProxy
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleAllocate
NdrCStdStubBuffer_Release

Exports

Exports

DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 99B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44a604ad30f52d2efdf5766cdcf3c237

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

oleaut32

urlmon

wininet

ddraw

shlwapi

rpcrt4

Exports

Exports

Sections

.text Size: 408KB - Virtual size: 408KB

.orpc Size: 512B - Virtual size: 99B

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 36KB - Virtual size: 40KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 408KB - Virtual size: 408KB

.orpc
Size: 512B - Virtual size: 99B

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 36KB - Virtual size: 40KB

.reloc
Size: 32KB - Virtual size: 31KB