a5af13bf671163e60daf9b443a80d9d999008a2f61eb048a5247fe0233c0b321

Sharing

Copy URL Twitter E-mail

General

Target

a5af13bf671163e60daf9b443a80d9d999008a2f61eb048a5247fe0233c0b321
Size

241KB
MD5

9e4d9ecb63d49ba4de06e0a5678c25c0
SHA1

e53b319ac6f804ebbb828cc814dbac37314c39b5
SHA256

a5af13bf671163e60daf9b443a80d9d999008a2f61eb048a5247fe0233c0b321
SHA512

c97fe6ebf8c8a1dd2d60df7c530b49068f023b5ff084c81ebdb9d7628a95f52ff4ee82262bc0721319e282d37f6eaf4d2d165d7285e2c06c083763f6e16a4e3a
SSDEEP

6144:s7Uw+2UqrKX7JbuydkyWg8upWdckfZnqXQTx:Hw+2U4+DwdhAXQT

Score

N/A

Malware Config

Signatures

Files

a5af13bf671163e60daf9b443a80d9d999008a2f61eb048a5247fe0233c0b321
.dll windows x86

a282304e050fcc3bd3779f64a5b9e9e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler3
malloc
wcslen
wcsncmp

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetVersionExA
lstrlenW
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
GetVersionExW
GetProcAddress
Sleep
InterlockedDecrement
InterlockedIncrement
GetFileAttributesW
LoadLibraryW
FreeLibrary
SetFileAttributesW
DeleteFileW
GetModuleFileNameW
CreateEventW
CloseHandle
GetLastError

user32

SetForegroundWindow
LoadStringW
SendMessageW
FindWindowW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

CreateStdDispatch
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
LoadRegTypeLi
VariantClear
VariantInit
VariantCopy
SysFreeString
SysAllocString
VARIANT_UserFree

rpcrt4

CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrClientCall2
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
UuidFromStringW
CStdStubBuffer_CountRefs
CStdStubBuffer_AddRef

shlwapi

StrStrIW
StrCatBuffW
wnsprintfW

ntdll

memset

advapi32

RegFlushKey
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
HideIcons
Reinstall
ShowIcons

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 289B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a282304e050fcc3bd3779f64a5b9e9e1

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ole32

oleaut32

rpcrt4

shlwapi

ntdll

advapi32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 71KB

.orpc Size: 512B - Virtual size: 289B

.data Size: 161KB - Virtual size: 162KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 71KB - Virtual size: 71KB

.orpc
Size: 512B - Virtual size: 289B

.data
Size: 161KB - Virtual size: 162KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB