4359c661b96b8a2033889e9ad5289d1768d145ef476eeff87603920dcb6d7bbf

Sharing

Copy URL Twitter E-mail

General

Target

4359c661b96b8a2033889e9ad5289d1768d145ef476eeff87603920dcb6d7bbf
Size

455KB
MD5

77d9c16800d8a7d83775ddd0e7a65f4b
SHA1

25fdf3318a79fbf502c9a282cfdecaed60f6f159
SHA256

4359c661b96b8a2033889e9ad5289d1768d145ef476eeff87603920dcb6d7bbf
SHA512

29ccd93815f06c0c8a77d24ee5a63ed6232c12c50ba39a4017a018b2cfa7cf2db6819648991789dd4f11bd140771bdcfade9d53ed33ebf8d9f3ed95a31d1432d
SSDEEP

6144:AJAr1QvrdrlYaCQ5yc1dFJa7hWNWZQqxob62BzV9:AJt7YaCxc1dvacYS

Score

N/A

Malware Config

Signatures

Files

4359c661b96b8a2033889e9ad5289d1768d145ef476eeff87603920dcb6d7bbf
.dll regsvr32 windows x86

161a427d504b2a9717cf0870cf4fc700

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSACleanup
gethostname
gethostbyname
inet_ntoa

comres

COMResModuleInstance

user32

wsprintfW
LoadStringW
DialogBoxParamW
EndDialog
SetDlgItemTextW
CloseWindowStation
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
GetDesktopWindow
GetWindowRect
GetClientRect
MapWindowPoints
SetWindowPos
OpenDesktopW
SetThreadDesktop
GetThreadDesktop
CloseDesktop
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
wsprintfA

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
ReleaseMutex
DebugBreak
RaiseException
CreateFileW
GetWindowsDirectoryW
CreateMutexW
GetLocalTime
WriteFile
SetFilePointer
lstrcatA
lstrcpyA
lstrlenA
InterlockedCompareExchange
GetModuleHandleW
LocalFree
GetSystemInfo
CreateSemaphoreW
Sleep
ReleaseSemaphore
SetLastError
GetComputerNameW
GetCurrentThread
WideCharToMultiByte
GetSystemDirectoryW
SearchPathW
GlobalFree
GlobalAlloc
GlobalMemoryStatusEx
ResetEvent
CreateThread
DuplicateHandle
CreateEventA
InitializeCriticalSection
PostQueuedCompletionStatus
InterlockedExchangeAdd
QueryPerformanceFrequency
CreateIoCompletionPort
InterlockedExchange
FreeLibraryAndExitThread
GetQueuedCompletionStatus
SetThreadPriority
OutputDebugStringA
GetTickCount
lstrcmpA
lstrcmpiW
GetModuleFileNameA
VirtualQueryEx
lstrcpynW
LockResource
LoadResource
FindResourceW
FindClose
DeleteFileW
SetFileAttributesW
FindNextFileW
FindFirstFileW
GetExitCodeProcess
CreateProcessW
ExpandEnvironmentStringsW
CreateDirectoryW
GetThreadContext
IsDebuggerPresent
LoadLibraryExW
GetModuleHandleA
FormatMessageW
GetFileAttributesW
GetModuleFileNameW
GetLastError
DisableThreadLibraryCalls
GetVersionExA
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcatW
lstrcpyW
CreateEventW
WaitForSingleObject
CloseHandle
GetCurrentThreadId
SetEvent
GetUserDefaultLCID
InterlockedDecrement
CompareStringW
lstrcmpW
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LoadLibraryA
QueryPerformanceCounter
GetVersionExW

ole32

StringFromCLSID
CoGetMalloc
CoGetObjectContext
FreePropVariantArray
PropVariantClear
PropVariantCopy
CoUnmarshalInterface
IIDFromString
StringFromIID
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoRevertToSelf
CoImpersonateClient
CoMarshalInterface
CreateStreamOnHGlobal
CoGetInterceptorFromTypeInfo
CoCreateInstance
CoEnableCallCancellation
CoDisableCallCancellation
StringFromGUID2
CoGetObject
CoCreateGuid
CLSIDFromString
CoGetClassObject
CoSetProxyBlanket
CoCancelCall
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx

oleaut32

VARIANT_UserUnmarshal
SysStringLen
VariantCopy
SysFreeString
VariantClear
VariantInit
SysAllocString
LoadTypeLi
SetErrorInfo
CreateErrorInfo
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
VARIANT_UserFree
SysStringByteLen
VARIANT_UserMarshal
VARIANT_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi

advapi32

RegQueryInfoKeyW
SetThreadToken
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegSetValueExW
RegCreateKeyExW
RegisterServiceCtrlHandlerW
RegDeleteValueW
DeleteService
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CreateServiceW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
QueryServiceStatus
SetServiceStatus
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD
MakeSelfRelativeSD
IsValidSecurityDescriptor
OpenThreadToken
OpenProcessToken
GetTokenInformation
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetSecurityDescriptorLength
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegOpenKeyW
AllocateAndInitializeSid
FreeSid
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
CheckTokenMembership
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegUnLoadKeyW
RegLoadKeyW
RegEnumValueW
RegCloseKey

rpcrt4

NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
NdrDllRegisterProxy
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
I_RpcBindingInqTransportType
NdrDllGetClassObject

version

VerQueryValueW

msvcrt

wcscpy
_onexit
__dllonexit
_adjust_fdiv
_initterm
_wstrdate
_wstrtime
_waccess
wcsrchr
__CxxFrameHandler
_vsnprintf
_beginthreadex
_CIexp
_ftol
wcsncmp
_vsnwprintf
wcstoul
wcslen
malloc
_wcsicmp
wcscmp
_wcsnicmp
_except_handler3
_local_unwind2
_itow
wcscat
free
iswctype

ntdll

RtlDelete
RtlSplay
RtlInitializeCriticalSectionAndSpinCount
RtlDeleteCriticalSection
RtlInitializeCriticalSection

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
LCEControlServer
NotifyLogoffUser
NotifyLogonUser
RegisterTheEventServiceAfterSetup
RegisterTheEventServiceDuringSetup
ServiceMain

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 591B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 207KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

161a427d504b2a9717cf0870cf4fc700

Headers

File Characteristics

Imports

ws2_32

comres

user32

kernel32

ole32

oleaut32

advapi32

rpcrt4

version

msvcrt

ntdll

Exports

Exports

Sections

.text Size: 205KB - Virtual size: 205KB

.orpc Size: 1024B - Virtual size: 591B

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 13KB - Virtual size: 13KB

.text Size: 207KB - Virtual size: 208KB

.text
Size: 205KB - Virtual size: 205KB

.orpc
Size: 1024B - Virtual size: 591B

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 13KB - Virtual size: 13KB

.text
Size: 207KB - Virtual size: 208KB