74e72df6b3fe1571cf4c533d03570253e238c58ebf6e52ffbc78814e963faea4

Sharing

Copy URL Twitter E-mail

General

Target

74e72df6b3fe1571cf4c533d03570253e238c58ebf6e52ffbc78814e963faea4
Size

292KB
MD5

fc9b23503e7889d6c389bcea21ed82e0
SHA1

8e2e19b2ab7635960e7ab80b4a6070dd196e7a32
SHA256

74e72df6b3fe1571cf4c533d03570253e238c58ebf6e52ffbc78814e963faea4
SHA512

7712e2e022bd7ee55db6855e9d75e6b52419bff5790d4640a433b5531e4e13453569d7bf99824577bc7b3d3ce313bf8173b2d0d7bf9dd77f44cfcb18a8d8e11a
SSDEEP

6144:iyoieUgl+Pq4WdPxZRciNqThggczHuW6WneNI/iFFswYtP8QA+PvAaO:V1gRBqibzHuWaIEQkZqIaO

Score

N/A

Malware Config

Signatures

Files

74e72df6b3fe1571cf4c533d03570253e238c58ebf6e52ffbc78814e963faea4
.dll regsvr32 windows x86

cfa4c6d3b31763a7a5520f3dde078aa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CreateURLMoniker

kernel32

GetLocaleInfoA
GetThreadLocale
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetLastError
FreeLibrary
GetACP
LoadResource
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
SetLastError
CloseHandle
CreateEventW
SetEvent
ResetEvent
InterlockedCompareExchange
ExitProcess
GetVersionExA
InterlockedExchange
SizeofResource

user32

GetClientRect
IsChild
SetWindowPos
SetFocus
GetFocus
IsWindow
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
KillTimer
DestroyWindow
SetTimer

advapi32

RegCloseKey

ole32

CoTaskMemAlloc
CoCreateInstance
OleRun
CreateBindCtx
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoRegisterMessageFilter
CoInitializeEx
CoTaskMemRealloc

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantInit
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantClear
VariantCopy
VariantChangeType
SafeArrayLock
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
SysAllocString

shlwapi

PathFindExtensionW

xprt5

?Find@TBstr@XPRT@@QBEHGH@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
?GetAt@TBstr@XPRT@@QBEGH@Z
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?Lock@TSpinLock@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
xprt_iswdigit
?GetLength@TBstr@XPRT@@QBEHXZ
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
??0TMessageDigest@XPRT@@QAE@XZ
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
xprt_memcpy
xprt_strlen
_XprtInitialize@8
_XprtUninitialize@0
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
_XprtAtomicDecrement@4
xprt_memset
_XprtMemAlloc@4
xprt_memmove
?IsEmpty@TBstr@XPRT@@QBE_NXZ
xprt_strcmp
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
_XprtAtomicIncrement@4
kSystemEncoding
??0TBstr@XPRT@@QAE@PBDPBG@Z
?GetString@TBstr@XPRT@@QBEPBGXZ
??0TBstr@XPRT@@QAE@PBG@Z
?Add@TPtrArray@XPRT@@QAEHPAX@Z
??1TPtrArray@XPRT@@QAE@XZ
??0TPtrArray@XPRT@@QAE@XZ
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
??0TBstr@XPRT@@QAE@ABV01@@Z
?Copy@TBstr@XPRT@@QBEPAGXZ
_XprtMemFree@4
?Detach@TBstr@XPRT@@QAEPAGXZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
??1TBstr@XPRT@@QAE@XZ
?Compare@TBstr@XPRT@@QBEHPBG@Z
??0TBstr@XPRT@@QAE@XZ

msvcrt

wcslen
free
wcsncpy
_purecall
??3@YAXPAX@Z
_wcsicmp
realloc
??2@YAPAXI@Z
memcmp
malloc
wcscpy
memcpy
_except_handler3
memmove
memset
_snwprintf
strcmp
qsort
__dllonexit
_onexit
_initterm
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EEGetModuleInterop

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cfa4c6d3b31763a7a5520f3dde078aa8

Headers

File Characteristics

Imports

urlmon

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

xprt5

msvcrt

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 12KB - Virtual size: 11KB

.text Size: 156KB - Virtual size: 156KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 156KB - Virtual size: 156KB