904af6822f93bae8df2f3787b7dcf91546f9266c3d077eda18aef3bcf58a631b

Sharing

Copy URL Twitter E-mail

General

Target

904af6822f93bae8df2f3787b7dcf91546f9266c3d077eda18aef3bcf58a631b
Size

243KB
MD5

93d3f6ba9e19d467a1962d0b48c04d95
SHA1

bef72962232ab7e71a66e31dcc865e3f65b7b389
SHA256

904af6822f93bae8df2f3787b7dcf91546f9266c3d077eda18aef3bcf58a631b
SHA512

ac6fb4a9b3468580a2c19e4b7e5a49aab9a0c0ad00dda82ea6766dc66439205e478821aebe21ecb8e5598be01f4ef4815e52f3af06b465501f5a6c9ccde0e272
SSDEEP

3072:WOJQTKW+k4nbT3Ow+YEjKfR/YTYC5b5aSg/nZCYXKrmljqBG8AP6a4QBNYwz7mb5:JfWd4KYEjcC5bmEY6Sljj8AP6aBbKY3

Score

N/A

Malware Config

Signatures

Files

904af6822f93bae8df2f3787b7dcf91546f9266c3d077eda18aef3bcf58a631b
.dll regsvr32 windows x86

9cf9af1bd95bfbe1cb6a9d6c7e09331d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcstol
wcschr
_wcsicmp
realloc
free
malloc
??3@YAXPAX@Z
_wtoi
_purecall
memset
_vsnwprintf
memcpy
??2@YAPAXI@Z
bsearch
_ltow
memmove
_unlock
__dllonexit
_lock
_onexit
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_wcsnicmp

ntdll

RtlUnwind

kernel32

LocalAlloc
CreateActCtxW
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ActivateActCtx
DeactivateActCtx
InitializeCriticalSectionAndSpinCount
SetLastError
FindResourceExW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SearchPathW
ReleaseActCtx
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetProcAddress
LoadLibraryW
MulDiv
GlobalLock
GlobalUnlock
WriteFile
GetSystemTimeAsFileTime
LocalFree
GetDiskFreeSpaceA
GetLastError
InterlockedIncrement
InterlockedDecrement
SystemTimeToFileTime
MultiByteToWideChar
CompareStringW
LoadLibraryExA
SearchPathA
GetFullPathNameA
GetModuleFileNameA
LoadLibraryA
FileTimeToSystemTime
GetVersionExW
lstrlenW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
HeapDestroy
DisableThreadLibraryCalls
FreeLibrary
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingW
CreateFileW
GetModuleHandleW
GlobalFree
GlobalAlloc
CompareFileTime

advapi32

GetUserNameW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW

shlwapi

PathAddBackslashW
SHRegGetValueW
StrCmpNIW
ord176
ord158
ord2
StrCpyW
StrCmpIW
StrCpyNW
StrCatW
ord156
wnsprintfW
PathAppendA
PathCombineA
PathFindFileNameW
StrDupW
SHGetValueW
StrCmpW
ord418
ord437

ole32

CoTaskMemFree
CreateBindCtx
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal

oleaut32

LoadTypeLi
SysFreeString
VariantClear
VariantInit
SysAllocString
SysStringLen
SafeArrayCreateVector
SysAllocStringLen
VariantChangeTypeEx
VariantCopy
LoadRegTypeLi
SetErrorInfo
VarI4FromStr
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate

gdi32

DeleteDC
EndDoc
GetDeviceCaps
CreateICW
AbortDoc
StartDocW
CreateDCW
EndPage
SetViewportOrgEx
StartPage

user32

GetDesktopWindow
CharNextW
MessageBoxW
LoadStringW

urlmon

CoInternetParseUrl
CoInternetCreateSecurityManager
FaultInIEFeature
GetComponentIDFromCLSSPEC
CoInternetCombineUrlEx
CreateUri
RegisterBindStatusCallback
CreateURLMoniker

wininet

ReadUrlCacheEntryStream
InternetCrackUrlW
InternetGetConnectedStateExW
InternetQueryOptionW
CreateUrlCacheContainerA
FindCloseUrlCache
FindNextUrlCacheEntryW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
RetrieveUrlCacheEntryStreamW
InternetCombineUrlW
UnlockUrlCacheEntryStream
GetUrlCacheEntryInfoW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW

shell32

ord155
ord25
SHGetDesktopFolder
ord152
SHGetFolderPathA

winspool.drv

ClosePrinter
DocumentPropertiesW
GetPrinterW
OpenPrinterW
DeviceCapabilitiesW

iertutil

ord32

Exports

Exports

DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cf9af1bd95bfbe1cb6a9d6c7e09331d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

shlwapi

ole32

oleaut32

gdi32

user32

urlmon

wininet

shell32

winspool.drv

iertutil

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 125KB

.data Size: 61KB - Virtual size: 61KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 125KB - Virtual size: 125KB

.data
Size: 61KB - Virtual size: 61KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 7KB - Virtual size: 6KB