ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44

Sharing

Copy URL

Twitter E-mail

General

Target

ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44
Size

196KB
MD5

34d575d6fc05c78c65ee332777d19a80
SHA1

d044c36e0ddf8e50b6925bba7445707c7efe9f65
SHA256

ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44
SHA512

0abfb8a1531ed7055e9750d9682b519814de192866990c3ef907180c7c26ad53ea692b627052efe88be5514fe91748364044e9913a9a2955e64bd71238cd4bfd
SSDEEP

3072:QyE5rzmralbxX9bhWYa+7bN7S453slTBfCA75z2hVMwai8K6sG:BavRkYa2bN7S4SlTBqA75zqywUK9G

Score

N/A

Malware Config

Signatures

Files

ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44
.dll regsvr32 windows x86

c3553970d393b3eb3f513c2e9f602b2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memset
strlen
_strnicmp
memcmp
_snprintf
atoi
_itoa
_strcmpi
_chkstk
_allmul
_ultoa
memcpy
_stricmp
_alldiv

msvcrt

strtok

shlwapi

PathFileExistsA

kernel32

RaiseException
InterlockedIncrement
Thread32First
GetModuleHandleA
InterlockedDecrement
CreateToolhelp32Snapshot
GetProcAddress
GetCurrentThreadId
LoadLibraryA
OpenThread
CloseHandle
GetCurrentProcessId
Thread32Next
WaitForSingleObject
CreateThread
GetModuleFileNameA
lstrcatA
lstrcpyA
lstrlenA
InterlockedCompareExchange
ResetEvent
SetEvent
TerminateThread
GetLocalTime
OpenMutexA
Sleep
DuplicateHandle
FlushFileBuffers
GetCurrentThread
LeaveCriticalSection
GetExitCodeThread
VirtualFree
SystemTimeToFileTime
OpenEventA
ReleaseMutex
GetLastError
CreateFileA
GetFileSize
GetCurrentProcess
GetVersionExA
WriteFile
TlsAlloc
EnterCriticalSection
GetFileInformationByHandle
ReadFile
lstrcmpA
GetModuleFileNameW
InitializeCriticalSection
GetSystemTime
WaitForMultipleObjects
ConnectNamedPipe
PeekNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
SetFilePointer
GetVolumeInformationA
GetTempPathA
SetEndOfFile
GetSystemDefaultLangID
GetTickCount
GetWindowsDirectoryA
GetTempFileNameA
DeleteCriticalSection
GetThreadContext
SetThreadContext
VirtualProtect
FlushInstructionCache
VirtualQuery
CreateMutexA
SuspendThread
ResumeThread
SetLastError
CreateProcessA
DeleteFileA
lstrcmpiA
GetSystemDirectoryA
GetFileAttributesA
FreeLibrary
OpenProcess
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
Process32First
Process32Next
ProcessIdToSessionId
CreateRemoteThread
TlsSetValue
CreateEventA
InterlockedExchange
TlsGetValue
CreateDirectoryA
SetFileAttributesA
GetFileAttributesExA
lstrcpynA
ExitProcess
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
SetFilePointerEx
HeapAlloc
WaitNamedPipeA
HeapFree
SetNamedPipeHandleState
FindFirstFileA
HeapDestroy
FindNextFileA
HeapCreate
TransactNamedPipe
RemoveDirectoryA
HeapSetInformation
FindClose
GetFileTime
VirtualAlloc
LocalAlloc

user32

WaitForInputIdle
MsgWaitForMultipleObjects
GetSystemMetrics
PeekMessageA
DispatchMessageA
wsprintfA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegQueryValueExA

ole32

CoUninitialize
CoInitializeEx

Exports

Exports

DllGetClassObject
DllRegisterServer

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3553970d393b3eb3f513c2e9f602b2f

Headers

File Characteristics

Imports

ntdll

msvcrt

shlwapi

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 9KB - Virtual size: 9KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 9KB - Virtual size: 9KB

.reloc
Size: 7KB - Virtual size: 7KB