89acb0ce46e83e1215f15154cde67b54325aaa20af3d1ebea5692f5c75643361

Sharing

Copy URL

Twitter E-mail

General

Target

89acb0ce46e83e1215f15154cde67b54325aaa20af3d1ebea5692f5c75643361
Size

232KB
MD5

eb826b6a39f4ea59fc9222c9f0baea97
SHA1

9e7fc2a892e47cc0b6503dbb1bb71d52ee5a1dfb
SHA256

89acb0ce46e83e1215f15154cde67b54325aaa20af3d1ebea5692f5c75643361
SHA512

717e290d4000032582723c857fa45c77e1b7b824fbc77a1155da44c03e6d565ec914818e677fa1cdf65b03b28b6a986adb37d6654479de73331df2e42632e8fd
SSDEEP

3072:PCnapABw3XFFsiap4ecuicpeobdFCztherbP6O/mgkj6eXyOsQC1Chxw/A5xlZj7:PCnatToSVO/mgNeEk4gxlZjiWll

Score

N/A

Malware Config

Signatures

Files

89acb0ce46e83e1215f15154cde67b54325aaa20af3d1ebea5692f5c75643361
.dll regsvr32 windows x86

8d1971725de79b76e812c321dff2b898

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriority
GetCurrentThread
TerminateThread
DuplicateHandle
IsBadReadPtr
VirtualProtect
VirtualAlloc
IsBadCodePtr
VirtualFree
Thread32Next
Thread32First
CreateToolhelp32Snapshot
HeapFree
HeapAlloc
GetProcessHeap
SetLastError
OpenThread
CreateThread
ResetEvent
CreateEventW
SetEvent
SetThreadPriority
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FreeLibraryAndExitThread
LoadLibraryW
GetProcAddress
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
ProcessIdToSessionId
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
GetModuleHandleW
LoadLibraryExW
FreeLibrary
lstrcmpiW
GetLastError
DisableThreadLibraryCalls
UnmapViewOfFile
InterlockedExchangeAdd
GetComputerNameW
LocalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleFileNameW
InterlockedExchange
DeleteCriticalSection
LocalFileTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
WaitForSingleObject
IsValidCodePage
GetOEMCP
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetCommandLineA
RtlUnwind
CloseHandle
CreateMutexW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsDebuggerPresent
FlushFileBuffers
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetConsoleMode
GetConsoleCP
lstrcpynW
WriteFile
CreateFileW
DeleteFileW
ReadFile
GetFileSize
GetTempFileNameW
CreateMutexA
lstrcpynA
lstrlenA
GetTickCount
WideCharToMultiByte
GetSystemTime
GlobalUnlock
GlobalLock
GlobalSize
GetTempPathW
CreateSemaphoreW
CreateDirectoryW
lstrcatW
lstrcpyW
GetSystemTimeAsFileTime
ReleaseSemaphore
Sleep
GetTimeZoneInformation
SetFilePointer
GlobalAlloc
GlobalFree
GlobalReAlloc
CreateFileA
GetSystemDefaultLangID
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA

user32

CharLowerBuffW
UnregisterClassA
GetDesktopWindow
CharLowerW
SetTimer
KillTimer
PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjects
FindWindowExW
GetParent
GetClassNameW
IsWindow
CharNextW
DispatchMessageW

advapi32

AdjustTokenPrivileges
OpenProcessToken
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
SetNamedSecurityInfoW
ConvertStringSidToSidW
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptDeriveKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCreateKeyW
RegSetValueExW
RegCloseKey
LookupPrivilegeValueW

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoUnmarshalInterface
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID
CoMarshalInterThreadInterfaceInStream

oleaut32

VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCmp
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SysAllocString

shlwapi

PathStripPathW
SHCreateStreamOnFileW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSCloseServer
WTSQuerySessionInformationW
WTSOpenServerW
WTSFreeMemory

netapi32

NetWkstaUserEnum
NetApiBufferFree

oleacc

AccessibleChildren
AccessibleObjectFromWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d1971725de79b76e812c321dff2b898

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

wtsapi32

netapi32

oleacc

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 20KB - Virtual size: 18KB