eda4d42fd16a5a9bb990d001be5050b25f0b7dc6bf9d99856a751003bc26e8db

Sharing

Copy URL Twitter E-mail

General

Target

eda4d42fd16a5a9bb990d001be5050b25f0b7dc6bf9d99856a751003bc26e8db
Size

84KB
MD5

bb5878f805580a3c3fbadadb3ffa3f8a
SHA1

87ae7ff258c14ebd04b395cab1bec116ff2234de
SHA256

eda4d42fd16a5a9bb990d001be5050b25f0b7dc6bf9d99856a751003bc26e8db
SHA512

1758c637f1fab69271c9f264d3949a0d66f50401b31829088bbddb5fda62e2b2b54955c4bace3ebb8012a679978099fe653535605f76826f39df1266280a4007
SSDEEP

1536:cks4c2WIdTfNuPu+v/xYWO6Kwo8gXhllz0KwvZusF7PA3kr:cks4czGf4N5rOvwo8gXhlgvQ+7Y

Score

N/A

Malware Config

Signatures

Files

eda4d42fd16a5a9bb990d001be5050b25f0b7dc6bf9d99856a751003bc26e8db
.dll regsvr32 windows x86

f4249e3ffc386d95a0d95a8e3a1ef4d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
UnmapViewOfFile
InterlockedIncrement
MoveFileA
CopyFileA
CreateFileA
LocalFree
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualQuery
EnterCriticalSection
GetModuleHandleA
GetProcAddress
Sleep
LoadLibraryA
CreateDirectoryA
CloseHandle
GetComputerNameA
GetModuleFileNameA
MapViewOfFile
WaitForSingleObject
CreateProcessA
CreateThread
InterlockedDecrement
VirtualProtect
CreateMutexA
HeapFree
HeapAlloc
SetEnvironmentVariableA
GetFileType
MoveFileExA
WaitNamedPipeA
LoadResource
SetVolumeLabelW
FindNextFileW
IsProcessorFeaturePresent
FindCloseChangeNotification
CallNamedPipeA
WinExec
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
SetConsoleCursorPosition
FileTimeToSystemTime
CreateSemaphoreA
ConnectNamedPipe
SetEnvironmentVariableW
GetModuleHandleExW
FindClose
FillConsoleOutputAttribute
GetCalendarInfoW
EnumResourceLanguagesA
GetFileSize
GetModuleFileNameW
OpenJobObjectW
GetComputerNameW
ExitProcess
GetShortPathNameW
FindVolumeMountPointClose
FormatMessageA
SetHandleCount
FindResourceA
CreateNamedPipeW
GetLargestConsoleWindowSize
FindFirstVolumeW
GetProfileStringW
OpenProcess
HeapDestroy
lstrlenA
WaitForMultipleObjects
IsValidLocale
GetDiskFreeSpaceA
GetDiskFreeSpaceW
OpenFile
HeapCreate
GlobalFlags
OpenSemaphoreA
GetFileInformationByHandle
HeapCompact
FindAtomA
GetProcessVersion
WriteConsoleW
GlobalFindAtomA
CreateDirectoryW
GetThreadLocale
FindAtomW
GetVolumeNameForVolumeMountPointW
AllocConsole
GetDateFormatA
MoveFileExW
GetTempFileNameA
GetFileAttributesExA
GetNumberOfConsoleInputEvents
SetLocalTime
SetSystemTime
SetCurrentDirectoryA
SetConsoleScreenBufferSize
GetCurrentProcess
BindIoCompletionCallback
OpenEventA
GetSystemWindowsDirectoryA
SetFileTime
GetThreadTimes
GetComputerNameExW
LocalFileTimeToFileTime
GetLogicalDriveStringsA
ResetEvent
FindNextFileA
FindFirstVolumeMountPointW
IsValidCodePage
CreateIoCompletionPort
ReleaseActCtx
SetFilePointerEx
AssignProcessToJobObject
WriteProfileStringW
QueueUserAPC
GetSystemInfo
GetConsoleOutputCP
GetVolumePathNameW
ReadFileEx
VerifyVersionInfoW
GetStartupInfoA
GetTimeZoneInformation
IsDBCSLeadByteEx
lstrcatA
CreateNamedPipeA
OpenThread
TerminateJobObject
AddAtomA
FillConsoleOutputCharacterW
GetCommTimeouts
GetStringTypeW
SetVolumeMountPointW
GetConsoleScreenBufferInfo
FlushFileBuffers
GlobalDeleteAtom
TryEnterCriticalSection
FindResourceW
CreateRemoteThread
SetConsoleActiveScreenBuffer
SetTimeZoneInformation
FindVolumeClose
ExpandEnvironmentStringsW
GetVolumeInformationW
QueueUserWorkItem

shlwapi

PathCanonicalizeW
SHCreateStreamOnFileW
StrToIntExW
StrTrimW
PathRemoveBackslashW
StrCmpIW
PathIsDirectoryA
AssocQueryStringW
wnsprintfW
PathIsUNCServerShareW
UrlIsW
SHRegSetUSValueW
PathRemoveFileSpecW
StrCatW
StrFormatKBSizeW
PathSkipRootW
PathRemoveBlanksW
PathIsNetworkPathW
StrStrW
SHSetValueA
SHStrDupW
StrChrIW
PathParseIconLocationW
PathCompactPathExW
PathGetArgsW
SHRegGetBoolUSValueW
PathAppendA
UrlGetPartW
StrRetToBufW
SHDeleteKeyA
SHCreateShellPalette
UrlUnescapeW

shell32

ShellExecuteExA
SHAddToRecentDocs
ExtractIconExA
SHPathPrepareForWriteW
SHBrowseForFolderW
SHBindToParent
DragQueryFileW
SHGetPathFromIDListA
SHFileOperationW
SHOpenFolderAndSelectItems
SHGetFolderPathA
DragFinish

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4249e3ffc386d95a0d95a8e3a1ef4d9

Headers

File Characteristics

Imports

kernel32

shlwapi

shell32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB