517c08392e9d7413f3573410128ff49a9d3c31c98a713ea018f143b05c639bd8

Sharing

Copy URL Twitter E-mail

General

Target

517c08392e9d7413f3573410128ff49a9d3c31c98a713ea018f143b05c639bd8
Size

204KB
MD5

2cd6f9d6c1c846de68b1a25270587ba0
SHA1

2905b29829f163f7239341d68690ba8c4f26fbcf
SHA256

517c08392e9d7413f3573410128ff49a9d3c31c98a713ea018f143b05c639bd8
SHA512

d8a6256c0c21a5905a351d888dbef28427b63959f3b077da3a4cf31442fa10e7c2d1fc830d51ed392aa3bcdde0b8f6b09d0314f284dcbd011733f759d11641b1
SSDEEP

3072:QLTwjC9I9cQ086F6k0QOljePeqiOFYSEtt9JpG6a7T8iWc4XrK3NcB1bQM8BKZL:QYIRhWQOljeP90ttLM6an8isBOM8BKt

Score

N/A

Malware Config

Signatures

Files

517c08392e9d7413f3573410128ff49a9d3c31c98a713ea018f143b05c639bd8
.dll regsvr32 windows x86

0cef3cc4e55ef6a49e8268fd572ac729

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiOpenClassRegKey

mfc80

ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4232
ord1402
ord3946
ord1617
ord1620
ord5915
ord6725
ord1545
ord2086
ord3171
ord4234
ord1547
ord2089
ord4098
ord1483
ord1931
ord591
ord3195
ord4244
ord620
ord784
ord310
ord354
ord3182
ord4262
ord5203
ord1401
ord5912
ord6724
ord1551
ord1670
ord1671
ord2020
ord4890
ord5182
ord1790
ord1774
ord1892
ord1794
ord4035
ord2164
ord6236
ord4580
ord4735
ord5833
ord4104
ord3641
ord1793
ord3552
ord718
ord592
ord4720
ord5211
ord4213
ord4190
ord4844
ord4867
ord4797
ord5070
ord5072
ord5071
ord6747
ord6067
ord2322
ord5895
ord3397
ord6754
ord1185
ord6752
ord1084
ord3172
ord1548
ord1636
ord2370
ord516
ord1885
ord758
ord3878
ord1564
ord416
ord567
ord3403
ord5308
ord3667
ord2169
ord4736
ord4617
ord2036
ord2372
ord314
ord3553
ord980
ord3668
ord721
ord4272
ord1521
ord4280
ord5212
ord1582
ord4583
ord1327
ord526
ord3683
ord566
ord3333
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord1177
ord6278
ord4014
ord4038
ord757
ord1187
ord1191
ord266
ord3830
ord1049
ord2248
ord1917
ord265
ord3312
ord1588
ord1646
ord1875
ord5969
ord1175
ord1201
ord1120
ord1167
ord371
ord1098
ord1208
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord1206
ord1092
ord1037
ord315
ord765
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord2991
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3164
ord572
ord4212
ord587
ord736
ord605
ord2271
ord762
ord304
ord876
ord578
ord5529
ord2902
ord911
ord764
ord1209
ord1066
ord3801
ord581

msvcr80

_lock
__dllonexit
_encode_pointer
_unlock
_except_handler4_common
_recalloc
_resetstkoflw
wcsncpy_s
memcpy_s
free
malloc
strcat_s
_onexit
memcmp
_stricmp
strlen
wcslen
wcscpy_s
memset
strcmp
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
strtok_s
strcpy_s
__CxxFrameHandler3
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_mbsnbcpy_s
__clean_type_info_names_internal

kernel32

FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
GetFullPathNameA
lstrcmpiA
RaiseException
lstrcatA
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
LoadLibraryExA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree
LocalAlloc
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
CloseHandle
CreateSemaphoreA
GetCurrentProcessId
WaitForSingleObject
GetCurrentThreadId
ReleaseSemaphore
InterlockedExchange
LeaveCriticalSection

user32

GetSystemMetrics
SetForegroundWindow
FindWindowA
CharNextA
SendMessageA
EnableWindow
UnregisterClassA

gdi32

GetBkColor

advapi32

SetSecurityDescriptorDacl
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
InitializeSecurityDescriptor

shell32

SHGetFileInfoA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString

msvcp80

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0cef3cc4e55ef6a49e8268fd572ac729

Headers

File Characteristics

Imports

setupapi

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp80

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 20KB - Virtual size: 18KB

.reloc Size: 8KB - Virtual size: 7KB

.text Size: 100KB - Virtual size: 100KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 20KB - Virtual size: 18KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 100KB