c4937da31da7e95b69e531d4d02b0810b50b0498b70faccfad9486a2d3d69e06

Sharing

Copy URL

Twitter E-mail

General

Target

c4937da31da7e95b69e531d4d02b0810b50b0498b70faccfad9486a2d3d69e06
Size

76KB
MD5

e4b6265cdd28499fac9e4d03d56f7159
SHA1

646b1f9bd30c2ba4404a29286cb26ed147e11b76
SHA256

c4937da31da7e95b69e531d4d02b0810b50b0498b70faccfad9486a2d3d69e06
SHA512

122a140bb3f692295e85895781d4a4ed783a7c43909bf57c3df85d2ae07e499c218092bc2de6418c81c964808d469c3bbfe0551a2348a23729e3029fdbdc5bdd
SSDEEP

768:TQUVkGRs9HtkTOsPX/c6dL3RixvsXVpzseAak+iITMuerzMux0xPAhn9YzLmBxa0:jkGIKOsPXtjaWVpv9ngHz7ZXY8xa

Score

N/A

Malware Config

Signatures

Files

c4937da31da7e95b69e531d4d02b0810b50b0498b70faccfad9486a2d3d69e06
.dll regsvr32 windows x86

d68b7576c4576a554732421e7170cfbb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetTickCount
GetTempPathA
GetModuleFileNameA
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
ExitProcess
Sleep
ExitThread
OpenEventA
CreateThread
lstrcmpiA
MoveFileExA
OpenThread
CreateMutexA
OpenMutexA
DeleteFileA
CopyFileA
GetModuleHandleA
UnmapViewOfFile
FreeLibrary
LoadLibraryA
VirtualFree
ReadFile
GetFileSize
GetTempFileNameA
WriteFile
GetCurrentThread
lstrlenA
GetEnvironmentVariableA
GetFileTime
MapViewOfFile
CreateFileW
CreateFileMappingW
SetFilePointer
SystemTimeToFileTime
MultiByteToWideChar
GetCurrentDirectoryW
LocalFileTimeToFileTime
FindFirstFileW
FindClose
FindNextFileW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetLastError
GetVersion
VirtualQuery
GetProcAddress
VirtualAlloc
VirtualProtect
GetProcessHeap
HeapFree
GetCurrentProcessId
HeapAlloc
TerminateProcess
RtlUnwind
OutputDebugStringA
SetUnhandledExceptionFilter

advapi32

ImpersonateSelf
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteA

wininet

InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
InternetSetOptionA
InternetOpenA
InternetSetStatusCallback
HttpOpenRequestA
InternetConnectA
InternetReadFile

ntdll

wcscmp
wcstoul
wcscpy
strcmp
wcsstr
wcscat
wcslen
strlen
memcmp
ZwQuerySystemInformation
NtQueueApcThread
memcpy
atoi
memset
_vsnprintf

msvcrt

__CxxFrameHandler
_errno
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
free
malloc
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
_callnewh
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
memmove
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit

shlwapi

SHDeleteKeyA

Exports

Exports

DllRegisterServer
DllUnregisterServer
InitHelperDll

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d68b7576c4576a554732421e7170cfbb

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

ntdll

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 6KB

.CRT Size: 4KB - Virtual size: 20B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 6KB

.CRT
Size: 4KB - Virtual size: 20B

.reloc
Size: 8KB - Virtual size: 6KB