d231029c5bd960c92126177a9f2affd03114fc69d214b4995d0d5b733f543be3

Sharing

Copy URL

Twitter E-mail

General

Target

d231029c5bd960c92126177a9f2affd03114fc69d214b4995d0d5b733f543be3
Size

92KB
MD5

258aed66069999714b0746970b353f7b
SHA1

8ff7c438b65fe8fb409740d1f406699b8233218c
SHA256

d231029c5bd960c92126177a9f2affd03114fc69d214b4995d0d5b733f543be3
SHA512

dec1060de125e655443c4a0e523ced936748cfa1197128d806740e9e23dec2473455156be3f104c4ccca7469a4493252f9827c9c4cfc4122e2fd7e6f595e6b53
SSDEEP

1536:q6lRnYbmKvvJtP6TP4spcfiLGl0bhc1LfwaagXDC0S0DzgQakXOxjqoYtziBU:qMhOSTP4qLGSbhc1L9NVFakXOxjq5tzi

Score

N/A

Malware Config

Signatures

Files

d231029c5bd960c92126177a9f2affd03114fc69d214b4995d0d5b733f543be3
.dll regsvr32 windows x86

0a56c553b05ae7b5809cdca89865a7f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SleepEx
FindCloseChangeNotification
GetSystemDefaultUILanguage
SetSystemTime
GetFullPathNameW
GetCurrentDirectoryA
ReadDirectoryChangesW
GetUserDefaultLCID
FindFirstVolumeW
FindVolumeClose
LocalUnlock
SetEnvironmentVariableA
lstrlenW
PulseEvent
CancelIo
ReleaseActCtx
GetCalendarInfoW
DosDateTimeToFileTime
TerminateProcess
GetStartupInfoA
DeleteTimerQueue
FindResourceA
MoveFileExA
CreateConsoleScreenBuffer
GetAtomNameA
CreateSemaphoreA
SetConsoleWindowInfo
GetCommandLineW
GetStringTypeW
GetDiskFreeSpaceExW
GetSystemInfo
GetVersionExA
VerLanguageNameW
CallNamedPipeA
OpenMutexW
GetNumberFormatW
GlobalMemoryStatusEx
GetThreadTimes
CreateTimerQueueTimer
EnumResourceLanguagesW
ClearCommError
GetTimeZoneInformation
CreateActCtxW
CopyFileW
EnumUILanguagesW
GetConsoleOutputCP
GetFileAttributesA
SetConsoleTitleA
RemoveDirectoryW
EnumResourceLanguagesA
WriteConsoleA
GetLocaleInfoW
GetLargestConsoleWindowSize
GetVersionExW
DnsHostnameToComputerNameW
GetCommConfig
GetBinaryTypeA
EndUpdateResourceA
GetStringTypeExA
GetVolumeInformationA
SwitchToThread
OpenFile
LoadResource
LockResource
DeviceIoControl
SetCurrentDirectoryW
GetProcessAffinityMask
GetTempFileNameW
ExitProcess
FindAtomW
GetExitCodeProcess
GetFileSizeEx
RtlUnwind
GetShortPathNameW
HeapCompact
TerminateThread
GetShortPathNameA
DuplicateHandle
GetVolumeInformationW
WriteProfileStringA
WriteConsoleInputA
GetUserDefaultUILanguage
ReadConsoleInputW
GetLogicalDriveStringsW
GetCurrentDirectoryW
InterlockedCompareExchange
FindFirstChangeNotificationA
CreateNamedPipeA
CompareFileTime
EnumSystemLocalesA
GetComputerNameW
GetStringTypeA
IsBadCodePtr
WriteFileEx
IsBadStringPtrW
GetHandleInformation
IsBadHugeReadPtr
HeapSize
GetCPInfo
GetAtomNameW
GetCommModemStatus
GetCurrentThreadId
GetSystemTimeAdjustment
FindNextChangeNotification
CreateFileW
HeapReAlloc
SetHandleInformation
InterlockedExchangeAdd
PeekConsoleInputA
GetVolumeNameForVolumeMountPointW
GetCurrencyFormatA
lstrlenA
MoveFileExW
GetFileSize
GetNumberFormatA
SetDefaultCommConfigW
SearchPathA
LeaveCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateProcessA
InitializeCriticalSection
HeapFree
ExpandEnvironmentStringsA
DeleteFileA
GetModuleFileNameA
CopyFileA
WriteFile
GetModuleHandleA
VirtualQuery
GetComputerNameA
MoveFileA
InterlockedDecrement
ReadFile
WaitForSingleObject
InterlockedExchange
CreateMutexA
GetProcessHeap
EnterCriticalSection
VirtualProtect
LoadLibraryA
Sleep
GetCurrentProcessId
GetProcAddress
CloseHandle
CreateFileMappingA
GetTempPathW
GetLastError

ole32

OleTranslateAccelerator
CoWaitForMultipleHandles
CoFreeUnusedLibraries
BindMoniker
CoTaskMemRealloc
OleCreateLinkToFile
CreateAntiMoniker
StgOpenStorage
OleDuplicateData
OleCreateLinkFromData
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
StgOpenStorageEx
OleCreateStaticFromData
OleIsRunning
OleSetContainedObject
CoUnmarshalInterface
CreateOleAdviseHolder
DoDragDrop
FreePropVariantArray
OleCreateFromData
GetRunningObjectTable
CoDisconnectObject
MkParseDisplayName
StgCreateDocfileOnILockBytes
CoSetProxyBlanket
CoDisableCallCancellation

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
SysAllocStringByteLen

shlwapi

PathMakePrettyW
PathParseIconLocationW
StrRetToBufW
StrToIntA
PathFindNextComponentW
SHCreateShellPalette
PathCompactPathW
PathFindFileNameW
PathCommonPrefixW
PathStripPathW
SHRegSetUSValueW
PathRemoveExtensionW
PathRemoveFileSpecW
AssocCreate
PathGetCharTypeW
UrlUnescapeW
PathIsUNCServerW
PathIsDirectoryA
StrFormatByteSizeW
StrToIntW
SHSetValueA
StrCatW
UrlCombineW
StrCmpNIW
StrChrIW
SHSetValueW
wvnsprintfW
wnsprintfW
PathAddExtensionW
PathRemoveBackslashW
SHCreateStreamOnFileW
PathAddBackslashA
PathCompactPathExW
PathFindFileNameA
wnsprintfA
StrCpyNW

advapi32

RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
RegEnumKeyExA
RegSetValueExA
SaferSetLevelInformation
CreateProcessWithLogonW
SaferGetPolicyInformation
RegSetValueW
RegDeleteValueW
RegQueryValueExW
SaferCloseLevel
CloseEventLog
OpenServiceW
RegisterServiceCtrlHandlerA
ElfReportEventW
RegSaveKeyExW
BuildTrusteeWithNameW
ReportEventA
ChangeServiceConfigW
GetUserNameW
ClearEventLogW
NotifyBootConfigStatus
MakeAbsoluteSD
QueryServiceConfig2W
RegisterServiceCtrlHandlerW
CloseServiceHandle
ControlService
ElfRegisterEventSourceW
OpenThreadToken
InitiateSystemShutdownW
RegLoadKeyW
RegSetValueA
CredGetSessionTypes
ImpersonateLoggedOnUser
GetOldestEventLogRecord
DuplicateTokenEx
QueryServiceLockStatusW
ChangeServiceConfigA
GetServiceKeyNameW
RegQueryValueW
GetUserNameA
RegEnumValueA
RegCreateKeyExW
RegSaveKeyA
RegisterServiceCtrlHandlerExA
GetTokenInformation
QueryServiceLockStatusA
CreateServiceA
LogonUserW
IsTokenRestricted
RegDeleteKeyA
ReadEventLogW
CredReadDomainCredentialsW
RegQueryValueExA

shell32

SHBrowseForFolderW
SHBrowseForFolderA
ShellAboutA
ShellAboutW
CommandLineToArgvW
SHPathPrepareForWriteW
SHFormatDrive
SHOpenFolderAndSelectItems
SHAppBarMessage
ExtractIconW
DragQueryFileA
SHGetInstanceExplorer
SHSetLocalizedName
SHAddToRecentDocs
SHGetFolderPathA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a56c553b05ae7b5809cdca89865a7f6

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB