7486c01ebbf1eade730cfb65f79bb388fdaa5353a84d86788a5fcace6b15c400

Sharing

Copy URL Twitter E-mail

General

Target

7486c01ebbf1eade730cfb65f79bb388fdaa5353a84d86788a5fcace6b15c400
Size

296KB
MD5

44f47aef903294a92d44e18394c86210
SHA1

99bc3cbebf17edd96214f66dd322ec33bb9ea63d
SHA256

7486c01ebbf1eade730cfb65f79bb388fdaa5353a84d86788a5fcace6b15c400
SHA512

d8ba7ec5a18da2d704cd47092d9e95b31260bfb7e8cd6461e51f959b67ff1f0c6a04ee0213e81ed41884a6af4dd5ac1df73e95e7366f09532395311e165bc9b8
SSDEEP

6144:yyoieUgl+Pq4WdPxZRciNqTLapDxgFhnuuXqEwjZjOqJpVW:F1gRBqPB2uXIjOqJpU

Score

N/A

Malware Config

Signatures

Files

7486c01ebbf1eade730cfb65f79bb388fdaa5353a84d86788a5fcace6b15c400
.dll regsvr32 windows x86

cfa4c6d3b31763a7a5520f3dde078aa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CreateURLMoniker

kernel32

GetLocaleInfoA
GetThreadLocale
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetLastError
FreeLibrary
GetACP
LoadResource
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
SetLastError
CloseHandle
CreateEventW
SetEvent
ResetEvent
InterlockedCompareExchange
ExitProcess
GetVersionExA
InterlockedExchange
SizeofResource

user32

GetClientRect
IsChild
SetWindowPos
SetFocus
GetFocus
IsWindow
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
KillTimer
DestroyWindow
SetTimer

advapi32

RegCloseKey

ole32

CoTaskMemAlloc
CoCreateInstance
OleRun
CreateBindCtx
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoRegisterMessageFilter
CoInitializeEx
CoTaskMemRealloc

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantInit
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantClear
VariantCopy
VariantChangeType
SafeArrayLock
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
SysAllocString

shlwapi

PathFindExtensionW

xprt5

?Find@TBstr@XPRT@@QBEHGH@Z
??1TPtrFromPtrMap@XPRT@@QAE@XZ
?GetAt@TBstr@XPRT@@QBEGH@Z
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?Lock@TSpinLock@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
xprt_iswdigit
?GetLength@TBstr@XPRT@@QBEHXZ
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
??0TMessageDigest@XPRT@@QAE@XZ
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
xprt_memcpy
xprt_strlen
_XprtInitialize@8
_XprtUninitialize@0
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
_XprtCreateThread@8
_XprtGetMilliseconds@0
_XprtDestroyThread@8
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
_XprtAtomicDecrement@4
xprt_memset
_XprtMemAlloc@4
xprt_memmove
?IsEmpty@TBstr@XPRT@@QBE_NXZ
xprt_strcmp
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
_XprtAtomicIncrement@4
kSystemEncoding
??0TBstr@XPRT@@QAE@PBDPBG@Z
?GetString@TBstr@XPRT@@QBEPBGXZ
??0TBstr@XPRT@@QAE@PBG@Z
?Add@TPtrArray@XPRT@@QAEHPAX@Z
??1TPtrArray@XPRT@@QAE@XZ
??0TPtrArray@XPRT@@QAE@XZ
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
??0TBstr@XPRT@@QAE@ABV01@@Z
?Copy@TBstr@XPRT@@QBEPAGXZ
_XprtMemFree@4
?Detach@TBstr@XPRT@@QAEPAGXZ
?Attach@TBstr@XPRT@@QAEXPAG@Z
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
??1TBstr@XPRT@@QAE@XZ
?Compare@TBstr@XPRT@@QBEHPBG@Z
??0TBstr@XPRT@@QAE@XZ

msvcrt

wcslen
free
wcsncpy
_purecall
??3@YAXPAX@Z
_wcsicmp
realloc
??2@YAPAXI@Z
memcmp
malloc
wcscpy
memcpy
_except_handler3
memmove
memset
_snwprintf
strcmp
qsort
__dllonexit
_onexit
_initterm
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EEGetModuleInterop

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cfa4c6d3b31763a7a5520f3dde078aa8

Headers

File Characteristics

Imports

urlmon

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

xprt5

msvcrt

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 12KB - Virtual size: 11KB

.text Size: 160KB - Virtual size: 160KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 160KB - Virtual size: 160KB