b136f1a8df79f29aff66210574849ab953655ca13cc16a9adfc733a1d1c2a3c3

Sharing

Copy URL

Twitter E-mail

General

Target

b136f1a8df79f29aff66210574849ab953655ca13cc16a9adfc733a1d1c2a3c3
Size

132KB
MD5

c9636d04584268df437ef005a7f097de
SHA1

b615bdabb2554a91530a69a27c31d21d3a91bb6c
SHA256

b136f1a8df79f29aff66210574849ab953655ca13cc16a9adfc733a1d1c2a3c3
SHA512

0904710b108328e3208896a4d7664b34369a04e00cee09e9872de7d4738f49dd04b4fc7cef60b5eaba04d4b2d32df05ef01656ac818dd0a966406a4a5b7e6537
SSDEEP

3072:zldKBLG16yz346X6Fsq96g3KXET8o9K4OvQBP0xHEsWlYU1vgmJSbY/0:zLKBLG168346X6Fslg3KXET8o5MG0xHB

Score

N/A

Malware Config

Signatures

Files

b136f1a8df79f29aff66210574849ab953655ca13cc16a9adfc733a1d1c2a3c3
.dll regsvr32 windows x86

6bfdf4767dca4d9fd176cbcef7993909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetQueryOptionA
InternetGetCookieA
InternetQueryDataAvailable
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetSetCookieA

rpcrt4

RpcStringFreeA
UuidToStringA

ws2_32

WSACleanup
gethostname
WSAStartup
gethostbyname

mfc42

ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord825
ord823
ord800
ord2915
ord6877
ord860
ord540
ord2044
ord2107
ord3903
ord1601
ord3663
ord5450
ord5834
ord6394
ord858
ord2841
ord2448
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord5440
ord6383

msvcrt

memcpy
free
strlen
malloc
__CxxFrameHandler
strcpy
strcat
atoi
memset
_mbscmp
strstr
_CxxThrowException
_tzset
_strcmpi
_strupr
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_gcvt
atof
_except_handler3
_purecall
memcmp
wcscmp
calloc
wcslen
wcscpy
wcsstr
memmove
strchr
_onexit
rand
srand
strtok
time
fclose
fopen
mktime
strncpy
_EH_prolog
__dllonexit

kernel32

LocalAlloc
LocalFree
SystemTimeToFileTime
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
CreateFileMappingA
MapViewOfFile
GetFileType
GetFileInformationByHandle
FileTimeToDosDateTime
FileTimeToSystemTime
ExitProcess
FreeLibrary
GetWindowsDirectoryA
GetTempFileNameA
VirtualProtect
WaitForSingleObject
GetLocalTime
GetTimeFormatA
GetDateFormatA
OpenMutexA
WinExec
lstrcpyW
lstrcmpW
GetProcessHeap
HeapAlloc
SetFilePointer
ReadFile
CreateMutexA
GetModuleHandleA
GetTempPathA
Sleep
VirtualAlloc
VirtualFree
FindFirstFileA
FindNextFileA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedDecrement
GetProcAddress
LoadLibraryA
lstrcpyA
lstrlenA
lstrcmpiA
GetVersionExA
DeleteFileA
CloseHandle
GetFileSize
CreateFileA
GetTickCount
GetLocaleInfoA
CreateThread
ExitThread
VirtualLock
GetLastError
WriteFile
GetSystemDirectoryA
lstrcatA
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
IsBadStringPtrA
lstrcpynA
MultiByteToWideChar
ReleaseMutex
DisableThreadLibraryCalls
InitializeCriticalSection
InterlockedIncrement
WideCharToMultiByte

user32

wsprintfW
FindWindowExA
SetWindowTextA
PostThreadMessageA
SetWindowLongA
CallWindowProcA
MessageBoxA
SendMessageA
wsprintfA
GetWindowDC
GetDesktopWindow
GetWindowTextA
GetForegroundWindow
GetMessageA
LoadImageA

gdi32

GetDeviceCaps
CreateDIBSection
SelectObject
BitBlt
CreateCompatibleDC

advapi32

AddAccessAllowedAce
RegOpenKeyExA
CloseServiceHandle
StartServiceA
OpenServiceA
RegDeleteValueA
RegSetValueA
RegQueryInfoKeyA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyA
RegQueryValueExA
GetUserNameA
InitializeSecurityDescriptor
InitializeAcl
LookupAccountNameA
CreateServiceA
SetSecurityDescriptorDacl
SetFileSecurityA
RegSetKeySecurity
OpenSCManagerA
RegCloseKey

shell32

ShellExecuteA

atl

ord32
ord15
ord23
ord31
ord16

oleaut32

SysFreeString
VariantCopyInd
SysAllocString
VariantCopy
VariantInit
VariantClear

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipFree
GdipAlloc
GdipSaveImageToFile
GdipCreateBitmapFromGdiDib
GdipDisposeImage
GdipCloneImage
GdiplusShutdown

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bfdf4767dca4d9fd176cbcef7993909

Headers

File Characteristics

Imports

wininet

rpcrt4

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

atl

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 47KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 47KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 5KB