f0278046c64d22363f4263e7aec93973e7bdd4db196777c99ea4feec1eab27e1

Sharing

Copy URL Twitter E-mail

General

Target

f0278046c64d22363f4263e7aec93973e7bdd4db196777c99ea4feec1eab27e1
Size

48KB
MD5

656a2d096d8330a9dd2c53d4b9ab9580
SHA1

ab2ac5969de6707a26dda1c026c6b9fdcfaee687
SHA256

f0278046c64d22363f4263e7aec93973e7bdd4db196777c99ea4feec1eab27e1
SHA512

e81b9b06947ac38224a3ae952c11734b85aa5abe30a9a25eeee790aa235bd722b6e11cc93c27b58ee61093498b943b63a767979fd96131fb54bb084eb1b272cc
SSDEEP

768:KZ3y7fYI7Z8p6NCehmtYc4SkTkB2KpUBHC2i3M/21Kzy6gmMLu/mtgT8Ak16sQTt:uQdukhmOVKUeMwMy6gmMLsmeT8Am61Di

Score

N/A

Malware Config

Signatures

Files

f0278046c64d22363f4263e7aec93973e7bdd4db196777c99ea4feec1eab27e1
.dll regsvr32 windows x86

ff4acc287333d893acb9288108535b8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GetProcAddress
WideCharToMultiByte
Process32Next
Process32First
MoveFileA
SetFileAttributesA
WritePrivateProfileStringA
CreateDirectoryA
CloseHandle
FindNextFileA
GetPrivateProfileStringA
FindFirstFileA
GetCommandLineW
ExitProcess
GetExitCodeProcess
WaitForSingleObject
Sleep
CreateThread
GetCurrentProcessId
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
HeapDestroy
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetModuleFileNameA
DeleteFileA
CreateProcessA
RemoveDirectoryA
LocalFree

advapi32

SetEntriesInAclA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
GetNamedSecurityInfoA

shell32

SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoInitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi
SysFreeString

msvcrt

ftell
_strlwr
_stricmp
_adjust_fdiv
malloc
_initterm
free
strncmp
strncpy
strchr
atoi
_wcslwr
wcsstr
strstr
strcmp
memcmp
strcat
strcpy
memset
_access
sprintf
strlen
??3@YAXPAX@Z
fclose
fread
??2@YAPAXI@Z
_strupr
fseek
fopen
strrchr
memcpy
_purecall

shlwapi

SHSetValueA
SHDeleteKeyA
SHDeleteValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetObjectType
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff4acc287333d893acb9288108535b8f

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

idata Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

idata
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 2KB